libcloud-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tomaz Muraus (JIRA)" <>
Subject [jira] [Commented] (LIBCLOUD-428) OpenStack provider does not check if auth token has expired before trying to use it
Date Wed, 13 Nov 2013 13:01:23 GMT


Tomaz Muraus commented on LIBCLOUD-428:

[~micolous] Sorry for the delay, been swamped with work lately.

It's possible that I'm missing something or misunderstanding something (please correct me
if I'm wrong), but I think it should still be possible use the approach I have suggested.

"auth_url" attribute is currently inferred / set in one of two different ways:

1. Inside the OpenStackAuthConnection using ex_force_auth_url constructor kwarg
2. Using "auth_url" class attribute on the Connection class

If OpenStackAuthConnection is instantiated at the end of OpenStackBaseConnection constructor,
it doesn't matter which approach is used because "auth_url" attribute will already be available
by then.

I'm also not sure about the CloudFilesConnection example. In this case, auth_url attribute
is set as a class attribute so it's already available in the constructor.

> OpenStack provider does not check if auth token has expired before trying to use it
> -----------------------------------------------------------------------------------
>                 Key: LIBCLOUD-428
>                 URL:
>             Project: Libcloud
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 0.13.2
>         Environment: Linux Python 2.7
>            Reporter: Michael Farrell
> The OpenStack provider (and by extension, the Rackspace provider) does not check to see
if the authentication token has expired before attempting to use it.
> In {{libcloud/common/}} at {{OpenStackBaseConnection._populate_hosts_and_request_paths}},
the library checks that a token exists, and creates it if it does not.
> The issue is that it does not check if the token has expired, despite having this information
in {{self.auth_token_expires}}.
> So a long-running Python process will eventually fail because the token will expire,
and the API will return {{HTTP 401 Unauthorized}}.
> I've written a hacky workaround to this, by copying {{OpenStackAuthConnection._is_token_valid}}
into {{OpenStackBaseConnection}}, then replacing the {{_populate_hosts_and_requests_paths}}
auth token check with a call to {{_is_token_valid}}.
> This is shown in this commit:
> There's probably a better way to implement it without duplicating this function, but
I don't know enough of the codebase to make this change.  I'm also unsure if other drivers
also have this problem that are not based on OpenStack.

This message was sent by Atlassian JIRA

View raw message