Unify keystone and keystonemiddleware cache
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystonemiddleware |
New
|
Undecided
|
Unassigned |
Bug Description
Now both keystone and keystonemiddleware generate unique cache entry.
So:
- keystone issued token, wrote it to memcache with key `bd3f7bd71ac64f
- keystonemiddleware go to memcache and tries to find with `python -c "import hashlib; print('get tokens/
- keystonemiddleware didn't find it, goes to keystone to get token info
- keystonemiddleware write it's own cache entry
We have nearly duplicate steps here. Newly issued token usually be used in next request from user.
And some clients (for ex. openstack CLI) issues token on every run (i.e. user request).
I think it may be insecure to reuse same memcache entry, but add a step in keystone to create an entry especially for keystonemiddleware may be a way here.
Did I miss something? I've tested on Ocata but I didn't find changes in master for that.
If I'm on the right track - I may try to implement it.