[openstack-dev] [Openstack] [Barbican] Keystone PKI token too much long
Dolph Mathews
dolph.mathews at gmail.com
Thu Jul 31 14:29:00 UTC 2014
Yes, it's a change in default client-side behavior (the client can
explicitly request ?nocatalog). The default server-side behavior is to
continue returning catalogs in requests unless the client requests
otherwise. Before the client adopts the new default, we need
well-established support in auth_token for fetching catalogs when a service
expects one, but auth_token finds it to be missing from PKI tokens.
On Thu, Jul 31, 2014 at 6:59 AM, Russell Bryant <rbryant at redhat.com> wrote:
> On 07/30/2014 10:57 AM, Dolph Mathews wrote:
> > We recently merged an implementation for GET /v3/catalog which finally
> > enables POST /v3/auth/tokens?nocatalog to be a reasonable default
> > behavior, at the cost of an extra HTTP call from remote service back to
> > keystone where necessary.
>
> Is that really a safe default change to make? It looks like v3 has
> already been marked as stable, and this would be a non
> backwards-compatible change to the API.
>
> --
> Russell Bryant
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140731/c2302f30/attachment.html>
More information about the OpenStack-dev
mailing list