openstack
/
keystone
Code Issues Proposed changes
keystone/keystone/common
History
Adam Young 75abc21ecf Replace revoke tree with linear search 
The RevokeTree was built out of an attempt to optimize the search for
a match between a candidate token and the list of revocation events.
The performance proved to be poor, mostly due to the cost of creating
and checking hash values.

The RevokeTree code is also so complex that most of the team could not
understand it or troubleshoot it.  There are some subtle bugs due to
race conditions with revocation events, and it is impossible to track
them down due to the code complexity.

This change replaces the tree based search with a linear search through
the list of revocation events.  A failure-to-match will pass through
the entire list.  A revoked token should match on O(n/2) comparisons.

With the past year of Fernet tokens in deployment, the feedback is that
the number of revocation events is small, and they only are kept for
the lifetime of the tokens (usually 1-8 hours) so the linear search is
not expected to slow down token validations in live deployments.

Future work will also reduce the number of revocation events.

Change-Id: Ib6a686494e897840b09d134ecf1ca50ce712f281
 		2016-05-24 13:11:30 -04:00
..
cache Replace revoke tree with linear search 2016-05-24 13:11:30 -04:00
kvs Deprecate keystone.common.kvs 2016-05-12 23:30:15 -07:00
ldap Isolate common ldap code to the identity backend 2016-05-21 20:57:09 -07:00
sql Drop the (unused) domain table 2016-05-13 18:10:38 +01:00
validation Improve error message for schema validation 2016-03-29 17:00:30 -07:00
__init__.py establish basic structure 2012-01-18 20:06:27 -08:00
authorization.py Add is_domain in token response 2016-05-11 21:32:39 +00:00
clean.py move clean.py into keystone/common 2015-07-18 23:32:08 -07:00
config.py Merge "add missing deprecation reason for eventlet option" 2016-04-20 02:02:52 +00:00
controller.py update deprecation warning for falling back to default domain 2016-04-19 14:15:05 +00:00
dependency.py Fix D401 PEP8 violation. 2016-04-14 20:08:52 +00:00
driver_hints.py Fix D401 PEP8 violation. 2016-04-14 20:08:52 +00:00
extension.py Fix D202: No blank lines after function docstring (PEP257) 2015-10-28 07:25:04 +00:00
json_home.py Fix D202: No blank lines after function docstring (PEP257) 2015-10-28 07:25:04 +00:00
manager.py Add in TRACE logging for the manager 2016-02-02 08:46:57 -08:00
openssl.py Remove support for generating ssl certs 2016-04-19 08:58:36 -03:00
profiler.py replace logging with oslo.log 2016-05-10 08:42:49 +08:00
request.py Add new line in keystone/common/request.py 2016-05-20 10:12:07 +00:00
router.py Implement HEAD method for all v3 GET actions 2016-03-22 10:27:53 -07:00
tokenless_auth.py Replace unicode with six.text_type 2016-01-08 23:06:47 +00:00
utils.py Merge "Move the catalog abstract base class and common code out of core" 2016-05-07 05:53:15 +00:00
wsgi.py Replace context building with a request object 2016-05-19 23:14:50 +10:00