Actions
Bug #64094
openkeystone admin token is not invalidated on http 401 response
% Done:
0%
Source:
Tags:
keystone backport_processed
Backport:
quincy reef squid
Regression:
No
Severity:
3 - minor
Reviewed:
Description
when a client uses the Swift API and send us a keystone token we need to validate it, if it's not in our cache we
get a admin token that we can use to validet the client token with by doing a API call to keystone
if keystone responds with a http 401 it means our admin token is invalid but we never invalidate it so
we can end up in a state where all client requests is rejected due to an invalid admin token.
this can happen when for example changing the password on the keystone user, any token already issued would
go invalid but rgw would still try to use it since it's cached and not expired yet.
Actions