OpenStack Identity (keystone)

Avoid encoding of project id in fernet tokens

Registered by Jose Castro Leon

The proposal is to allow an operator to disable the encoding of the project_id in fernet via a configuration setting. In this way operators that have project ids in a different uuid format than the hex format, can opt-out for the try/catch conversion with uuid resulting in a valid encoding/decoding of this information inside the fernet token. The configuration setting will be disabled by default, not modifying the default behavior.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
Jose Castro Leon
Direction:
Needs approval
Assignee:
None
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
Lance Bragstad

Related branches

Sprints

Whiteboard

(stevemar) please create a bug instead

Gerrit topic: https://review.openstack.org/#q,topic:bp/disable-uuid-encoding,n,z

Addressed by: https://review.openstack.org/399596
    Avoid encoding of project id in fernet tokens

(lbragstad) 19-02-12: Marking as obsolete based on the comments and discussion in a related bug report [0]. If you feel there is still valuable discussion to be had around this topic, please don't hesitate to propose a specification to the openstack/keystone-specs repository or reclassify the linked bug report. If/when we come to agreement on an approach, we can open a blueprint to track the work, if necessary. This reduces duplication between Launchpad and specs.openstack.org.

[0] https://bugs.launchpad.net/keystone/+bug/1642988

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.