[openstack-dev] [Openstack] [Barbican] Keystone PKI token too much long

Morgan Fainberg morgan.fainberg at gmail.com
Thu Jul 31 14:26:55 UTC 2014


On Thursday, July 31, 2014, Russell Bryant <rbryant at redhat.com> wrote:

> On 07/30/2014 10:57 AM, Dolph Mathews wrote:
> > We recently merged an implementation for GET /v3/catalog which finally
> > enables POST /v3/auth/tokens?nocatalog to be a reasonable default
> > behavior, at the cost of an extra HTTP call from remote service back to
> > keystone where necessary.
>
> Is that really a safe default change to make?  It looks like v3 has
> already been marked as stable, and this would be a non
> backwards-compatible change to the API.
>
>
This default could be made in keystone client, and the catalog could be
fetched separately (session object can handle it). It would mean new
clients would get the same data without a massive token size, but old
clients would still be compatible. API remains compatible and stable.

Cheers,
Morgan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140731/9e846bde/attachment.html>


More information about the OpenStack-dev mailing list