Do not support toggling key_manglers in cache layer

Due to needing to pass the PKI token (complete id) to the backend, the cache layer needs to ensure that the cache-key is always shortened down to a reasonable length. Disabling the key_mangler should only have ever been done in limited debug configurations. Real deployments would be unable to reliably run without the key mangler (due to cache-key length on most systems being exceeded by the Token calls). This change of ID being passed around is for supporting non-persistent tokens. DocImpact: configuration.rst updated to reflect the change in configuration options for keystone cache layer. bp: non-persistent-tokens Change-Id: Ia4eb3df7ccffa58ee867120f698e24d926f0ec9e
2014-06-27 14:28:38 -07:00 · 2014-06-27 14:28:38 -07:00 · 19e1db785d
parent 50be156554
commit 19e1db785d
4 changed files with 6 additions and 24 deletions
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@ -296,10 +296,6 @@ behavior is that subsystem caching is enabled, but the global toggle is set to d
    back end and in the format of ``<argument name>:<argument value>``.
    e.g.: ``backend_argument = host:localhost``
 * ``proxies`` - comma delimited list of `ProxyBackends`_ e.g. ``my.example.Proxy, my.example.Proxy2``
-* ``use_key_mangler`` - Use a key-mangling function (sha1) to ensure fixed length cache-keys.
-    This is toggle-able for debugging purposes, it is highly recommended to always
-    leave this set to True.  If the cache backend provides a key-mangler, this
-    option has no effect.

 Current keystone systems that have caching capabilities:
    * ``token``
--- a/etc/keystone.conf.sample
+++ b/etc/keystone.conf.sample
@ -143,7 +143,7 @@
 #allowed_rpc_exception_modules=oslo.messaging.exceptions,nova.exception,cinder.exception,exceptions

 # Qpid broker hostname. (string value)
-#qpid_hostname=keystone
+#qpid_hostname=localhost

 # Qpid broker port. (integer value)
 #qpid_port=5672
@ -200,7 +200,7 @@

 # The RabbitMQ broker address where a single node is used.
 # (string value)
-#rabbit_host=keystone
+#rabbit_host=localhost

 # The RabbitMQ broker port where a single node is used.
 # (integer value)
@ -550,12 +550,6 @@
 # dogpile.cache.memory backend. (string value)
 #backend=keystone.common.cache.noop

-# Use a key-mangling function (sha1) to ensure fixed length
-# cache-keys. This is toggle-able for debugging purposes, it
-# is highly recommended to always leave this set to true.
-# (boolean value)
-#use_key_mangler=true
-
 # Arguments supplied to the backend module. Specify this
 # option once per argument to be passed to the dogpile.cache
 # backend. Example format: "<argname>:<value>". (multi valued)
@ -826,7 +820,7 @@
 #

 # URL for connecting to the LDAP server. (string value)
-#url=ldap://keystone
+#url=ldap://localhost

 # User BindDN to query the LDAP server. (string value)
 #user=<None>
@ -1294,7 +1288,7 @@

 # SSL certificate subject (auto generated certificate).
 # (string value)
-#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=keystone
+#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost


 [stats]
--- a/keystone/common/cache/core.py
+++ b/keystone/common/cache/core.py
@ -134,12 +134,9 @@ def configure_cache_region(region):
        # key_mangler, we should respect that key_mangler function.  If a
        # key_mangler is not defined by the backend, use the sha1_mangle_key
        # mangler provided by dogpile.cache. This ensures we always use a fixed
-        # size cache-key.  This is toggle-able for debug purposes; if disabled
-        # this could cause issues with certain backends (such as memcached) and
-        # its limited key-size.
+        # size cache-key.
        if region.key_mangler is None:
-            if CONF.cache.use_key_mangler:
-                region.key_mangler = util.sha1_mangle_key
+            region.key_mangler = util.sha1_mangle_key

        for class_path in CONF.cache.proxies:
            # NOTE(morganfainberg): if we have any proxy wrappers, we should
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@ -268,11 +268,6 @@ FILE_OPTIONS = {
                        'deployments.  Small workloads (single process) '
                        'like devstack can use the dogpile.cache.memory '
                        'backend.'),
-        cfg.BoolOpt('use_key_mangler', default=True,
-                    help='Use a key-mangling function (sha1) to ensure '
-                         'fixed length cache-keys. This is toggle-able for '
-                         'debugging purposes, it is highly recommended to '
-                         'always leave this set to true.'),
        cfg.MultiStrOpt('backend_argument', default=[],
                        help='Arguments supplied to the backend module. '
                             'Specify this option once per argument to be '