Bug #12761
closed
Keystone Fernet tokens break auth
Added by Ian Unruh over 8 years ago.
Updated over 8 years ago.
Description
When using Fernet tokens in Keystone (as opposed to UUID or PKI), RGW does not handle them correctly due to the timestamp being presented from the API in a slightly different way.
Here is the logs from RGW: https://gist.github.com/ianunruh/427489668620e3fbeae1
If I switch to UUID or PKIZ, then the request works just fine. I'm using the latest release from the Hammer Apt repository for Ubuntu Trusty.
Looks like rgw's parser expects milliseconds precision only and fails when seconds tells microseconds as well
- Status changed from New to In Progress
- Assignee set to Abhishek Lekshmanan
- Status changed from In Progress to Fix Under Review
- Status changed from Fix Under Review to Pending Backport
- Target version set to v0.94.4
- Backport set to hammer
Since affected version is hammer, I'm marking this for hammer backport. It is upto the leads to decide if the backport is necessary or not.
- Target version deleted (
v0.94.4)
Hi, I wanted to note that I am also seeing this on my firefly (.80.10) cluster after trying to enable fernet tokens on my openstack install.
2015-10-09 13:12:36.551481 7f7a9dfd3700 0 Keystone token parse error: access: token: Failed to parse ISO8601 expiration date from Keystone response.
Any chance we could see a backport to firefly on this fix as well?
- Status changed from Pending Backport to Resolved
Also available in: Atom
PDF