Public bug reported:

Master, devstack (installed today). 
1. Enable fernet tokens in Keystone
2. Add the following lib to glance/common/ folder:
http://paste.openstack.org/show/481480/
3. Replace upload method in glance/api/v2/image_data.py with the following:
http://paste.openstack.org/show/481489/
NOTE: it is just example of the code to demonstrate that fernet tokens can't 
work well with trusts.
4. Restart glance
5. Try to upload any image.
You will get the following error when deleting the trust: 
http://paste.openstack.org/show/481493/
When you try to upload big image that requires more than hour (or reduce token 
expiration)
you will get the following: http://paste.openstack.org/show/481492/
Apparently, refreshed token rejected by keystone-middleware.

I faced with the issue when implementing trusts for Glance but it seems that 
Heat and other services have the same troubles.
UUID tokens works as expected.

** Affects: keystone
     Importance: Undecided
         Status: New

** Summary changed:

- Cannot delete trust when using fernet tokens
+ Cannot use trusts with fernet tokens

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1524849

Title:
  Cannot use trusts with fernet tokens

Status in OpenStack Identity (keystone):
  New

Bug description:
  Master, devstack (installed today). 
  1. Enable fernet tokens in Keystone
  2. Add the following lib to glance/common/ folder:
  http://paste.openstack.org/show/481480/
  3. Replace upload method in glance/api/v2/image_data.py with the following:
  http://paste.openstack.org/show/481489/
  NOTE: it is just example of the code to demonstrate that fernet tokens can't 
work well with trusts.
  4. Restart glance
  5. Try to upload any image.
  You will get the following error when deleting the trust: 
http://paste.openstack.org/show/481493/
  When you try to upload big image that requires more than hour (or reduce 
token expiration)
  you will get the following: http://paste.openstack.org/show/481492/
  Apparently, refreshed token rejected by keystone-middleware.

  I faced with the issue when implementing trusts for Glance but it seems that 
Heat and other services have the same troubles.
  UUID tokens works as expected.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1524849/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to