Project

General

Profile

Feature #9493

Ability to disable keystone revocation polling when using UUID keystone provider

Added by Kyle Bader almost 3 years ago. Updated about 1 month ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
-
Start date:
09/16/2014
Due date:
% Done:

0%

Source:
other
Tags:
Backport:
jewel, kraken
Reviewed:
User Impact:
Affected Versions:
Release:
Needs Doc:
No

Description

When using a UUID keystone provider revocation is handled by deleting the token from the persistence backend (ie. no revocation lists). If rgw is using keystone authentication rgw_keystone_revocation_interval can be set to an arbitrary period, but it does not seem to have a means of disabling revocation entirely. Ideally there should be another tunable, or rgw_keystone_revocation_interval should allow being set to 0 or -1 to disable revocation polling.

https://bugzilla.redhat.com/show_bug.cgi?id=1142424


Related issues

Related to rgw - Feature #19499: rgw: implement support for OS-REVOKE extension of OpenStack Identity API v3 New 04/05/2017
Copied to rgw - Backport #19777: kraken: rgw: implement support for OS-REVOKE extension of OpenStack Identity API v3 Resolved
Copied to rgw - Backport #19772: jewel: rgw: swift: disable revocation thread under certain circumstances Resolved

History

#1 Updated by Yehuda Sadeh almost 3 years ago

  • Tracker changed from Bug to Feature

#2 Updated by Marcus Watts 4 months ago

I've created a pull request that addresses this: https://github.com/ceph/ceph/pull/14501

#3 Updated by Marcus Watts 4 months ago

  • Status changed from New to Pending Backport
  • Assignee changed from Yehuda Sadeh to Marcus Watts
  • Target version set to v10.2.8

#4 Updated by Marcus Watts 4 months ago

Jewel backport is in this PR
https://github.com/ceph/ceph/pull/14789

#5 Updated by Nathan Cutler 4 months ago

  • Related to Feature #19499: rgw: implement support for OS-REVOKE extension of OpenStack Identity API v3 added

#6 Updated by Nathan Cutler 4 months ago

  • Status changed from Pending Backport to Resolved

The PR is already being backported at #19499 - we don't need to flag it twice.

#7 Updated by Nathan Cutler about 1 month ago

  • Copied to Backport #19777: kraken: rgw: implement support for OS-REVOKE extension of OpenStack Identity API v3 added

#8 Updated by Nathan Cutler about 1 month ago

  • Copied to Backport #19772: jewel: rgw: swift: disable revocation thread under certain circumstances added

#9 Updated by Nathan Cutler about 1 month ago

  • Status changed from Resolved to Pending Backport
  • Target version deleted (v10.2.8)

#10 Updated by Nathan Cutler about 1 month ago

  • Backport set to jewel, kraken

#11 Updated by Nathan Cutler about 1 month ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF