diff options
author | Jorge Merlino <jorge.merlino@canonical.com> | 2022-10-05 14:41:06 -0300 |
---|---|---|
committer | Jorge Merlino <jorge.merlino@canonical.com> | 2022-12-21 16:56:26 +0000 |
commit | f602fa718d12e4ab15ab134256fa835db2a1b7ee (patch) | |
tree | 57ad6920d14e492f4173a3c343a76ecc6690bfd6 /keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py | |
parent | 46778cd00035fb2d0ac335be80e592af26a00f5e (diff) | |
download | keystonemiddleware-stable/zed.tar.gz |
Remove cache invalidation when using expired tokenstable/zed
This can create a race condition for long running services that reuse
their token (eg. Kubernetes Cinder CSI plugin) in this case for
example:
1 [user] Asks nova to attach a volume to a server
2 ...the user's token expires
3 [user] Asks cinder if the volume has been attached
4 [nova] Asks cinder to attach the volume
In step 3 the token is marked as invalid in the cache and step 4 fails
even if allow_expired is true
Closes-Bug: #1987355
Change-Id: Ice8e34440a5fe1baa370646ed70b5e085c4af70e
(cherry picked from commit e05466c5f439cd05482f109e6eb97a50ba156698)
Diffstat (limited to 'keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py')
-rw-r--r-- | keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py index 1abe322..564cdc5 100644 --- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py +++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py @@ -595,25 +595,6 @@ class CommonAuthTokenMiddlewareTest(object): token = 'invalid-token' self.call_middleware(headers={'X-Auth-Token': token}, expected_status=401) - self.assertEqual(auth_token._CACHE_INVALID_INDICATOR, - self._get_cached_token(token)) - - def test_memcache_hit_invalid_token(self): - token = 'invalid-token' - invalid_uri = '%s/v3/tokens/invalid-token' % BASE_URI - self.requests_mock.get(invalid_uri, status_code=404) - - # Call once to cache token's invalid state; verify it cached as such - self.call_middleware(headers={'X-Auth-Token': token}, - expected_status=401) - self.assertEqual(auth_token._CACHE_INVALID_INDICATOR, - self._get_cached_token(token)) - - # Call again for a cache hit; verify it detected as cached and invalid - self.call_middleware(headers={'X-Auth-Token': token}, - expected_status=401) - self.assertIn('Cached token is marked unauthorized', - self.logger.output) def test_memcache_set_expired(self, extra_conf={}, extra_environ={}): token_cache_time = 10 |