Uploaded image for project: 'Libcloud'
  1. Libcloud
  2. LIBCLOUD-428

OpenStack provider does not check if auth token has expired before trying to use it

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.13.2
    • Fix Version/s: 0.14.0-beta3
    • Component/s: Core
    • Labels:
      None
    • Environment:

      Linux Python 2.7

      Description

      The OpenStack provider (and by extension, the Rackspace provider) does not check to see if the authentication token has expired before attempting to use it.

      In libcloud/common/openstack.py at OpenStackBaseConnection._populate_hosts_and_request_paths, the library checks that a token exists, and creates it if it does not.

      The issue is that it does not check if the token has expired, despite having this information in self.auth_token_expires.

      So a long-running Python process will eventually fail because the token will expire, and the API will return HTTP 401 Unauthorized.

      I've written a hacky workaround to this, by copying OpenStackAuthConnection._is_token_valid into OpenStackBaseConnection, then replacing the _populate_hosts_and_requests_paths auth token check with a call to _is_token_valid.

      This is shown in this commit: https://github.com/Caramel/libcloud/commit/317a039

      There's probably a better way to implement it without duplicating this function, but I don't know enough of the codebase to make this change. I'm also unsure if other drivers also have this problem that are not based on OpenStack.

        Attachments

          Activity

            People

            • Assignee:
              kami Tomaz Muraus
              Reporter:
              micolous Michael Farrell
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: