Description of problem: tokens are not cached How reproducible: always Steps to Reproduce: 1. Configure rgw with keystone server for authentication 2. Send a request that will be authenticated through keystone 3. Send another request with the same token Actual results: Second request is going through keystone Expected results: Second request should not go through keystone Additional info: Fixed upstream
need qa_ack
Yehuda, does this affect 1.3.x.? If so, please duplicate.
(In reply to Federico Lucifredi from comment #5) > Yehuda, does this affect 1.3.x.? If so, please duplicate. I've confirmed that the fix for this issue is present in the v0.94.2 upstream release. So it will be present in 1.3 as we complete bz 1238415.
On openstack node: # curl -s -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "41e61b09743240c3"}}}' -H 'Content-type: application/json' http://localhost:5000/v2.0/tokens {"access": {"token": {"issued_at": "2015-08-21T13:43:49.825813", "expires": "2015-08-21T14:43:49Z", "id": "fdf906e2e73b4d3e81338fcea29eb25a", "tenant": {"description": "admin tenant", "enabled": true, "id": "710178720b894cd8bfb46ef19282c25d", "name": "admin"} # curl -X PUT -i -H "X-Auth-Token: fdf906e2e73b4d3e81338fcea29eb25a" -L "http://10.8.128.101/swift/v1/some_container" HTTP/1.1 201 Date: Fri, 21 Aug 2015 13:50:54 GMT Server: Apache/2.4.6 (Red Hat Enterprise Linux) Accept-Ranges: bytes Content-Length: 0 Connection: close Content-Type: text/plain; charset=utf-8 [root@hp-ms-01-c42 ceph(keystone_admin)]# curl -X GET -i -H "X-Auth-Token: fdf906e2e73b4d3e81338fcea29eb25a" -L "http://10.8.128.101/swift/v1" HTTP/1.1 200 Date: Fri, 21 Aug 2015 13:51:57 GMT Server: Apache/2.4.6 (Red Hat Enterprise Linux) Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked Content-Type: text/plain; charset=utf-8 some_container So unless you generate a new keystone id to send swift request to rgw, it re-uses the same token without having to validate each time. From /var/log/radosgw/client.radosgw.gateway.log on rgw node: 2015-08-21 09:50:54.162479 7f0c99ffb700 1 ====== req done req=0x7f0c9400b7c0 http_status=201 ====== 2015-08-21 09:51:57.149322 7f0c99ffb700 1 ====== starting new request req=0x7f0c940102e0 ===== 2015-08-21 09:51:57.151693 7f0c99ffb700 1 ====== req done req=0x7f0c940102e0 http_status=200 ====== 2015-08-21 09:52:47.438037 7f0c817da700 1 ====== starting new request req=0x7f0c9400dd50 ===== 2015-08-21 09:52:47.476553 7f0c817da700 0 validated token: admin:admin expires: 1440168749 2015-08-21 09:52:47.477925 7f0c817da700 1 ====== req done req=0x7f0c9400dd50 http_status=200 ======
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1703.html