Page MenuHomePhabricator
Create Task
Maniphest T92014

Keystone tokens truncated when wikitech stores them
Closed, ResolvedPublic
Actions

Description

In nova/OpenStackNovaUser.php, I can see that saveToken() is trying to save a long token, but when we retrieve it in loadToken() we only get 256 bytes.

This means that save/load token are totally broken, which is no doubt contributing to that awful log-out-and-in-again issue on wikitech.

Details

SubjectRepoBranchLines +/-
Revert "Set keystone tokens to last 30 days."mediawiki/extensions/OpenStackManagermaster+3 -3
Support 2048 byte Keystone tokensmediawiki/extensions/OpenStackManagermaster+4 -1
Customize query in gerrit

Related Objects

Event Timeline

Andrew created this task.Mar 9 2015, 9:16 PM
Andrew claimed this task.
Andrew raised the priority of this task from to High.
Andrew updated the task description. (Show Details)
Andrew added projects: Cloud-Services, wikitech.wikimedia.org.
Andrew subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 9 2015, 9:16 PM
Andrew added a comment.Mar 9 2015, 9:20 PM

The code that writes is here: https://github.com/wikimedia/mediawiki-extensions-OpenStackManager/blob/master/nova/OpenStackNovaUser.php#L105

Probably the db field is not big enough. Sean, can you verify that that field is limited to 256 chars and increase it's size to 2048? (I've verified that my current failure case is a 985-char string but I can't guarantee that's the max token size.)

Andrew reassigned this task from Andrew to Springle.Mar 9 2015, 9:21 PM
Andrew set Security to None.
Andrew updated the task description. (Show Details)Mar 9 2015, 9:32 PM
Springle added a comment.Mar 9 2015, 10:53 PM

I've altered openstack_tokens.token to varbinary(2048). Presumably we also need to patch the extension?

https://git.wikimedia.org/blob/mediawiki%2Fextensions%2FOpenStackManager/355fb81f011b5611fd1fc2bf8c849901bbd2b4df/schema-changes%2Ftokens.sql

gerritbot subscribed.Mar 9 2015, 10:56 PM

Change 195472 had a related patch set uploaded (by Andrew Bogott):
Support 2048 byte Keystone tokens

https://gerrit.wikimedia.org/r/195472

gerritbot added a project: Patch-For-Review.Mar 9 2015, 10:56 PM
Andrew added a comment.Mar 9 2015, 10:57 PM

Probably -- is that as simple as this?

https://gerrit.wikimedia.org/r/#/c/195472/

gerritbot added a comment.Mar 10 2015, 7:03 PM

Change 195472 merged by jenkins-bot:
Support 2048 byte Keystone tokens

https://gerrit.wikimedia.org/r/195472

Andrew mentioned this in rEOST96a47025731b: Support 2048 byte Keystone tokens.Mar 10 2015, 7:04 PM
gerritbot added a comment.Mar 10 2015, 7:11 PM

Change 195629 had a related patch set uploaded (by Andrew Bogott):
Revert "Set keystone tokens to last 30 days."

https://gerrit.wikimedia.org/r/195629

gerritbot added a comment.Mar 10 2015, 7:18 PM

Change 195629 merged by jenkins-bot:
Revert "Set keystone tokens to last 30 days."

https://gerrit.wikimedia.org/r/195629

Andrew mentioned this in rEOST8fb84fe8e07d: Revert "Set keystone tokens to last 30 days.".Mar 10 2015, 7:18 PM
Diffusion mentioned this in rMEXT6ec49bba53dc: Updated mediawiki/extensions Project: mediawiki/extensions/OpenStackManager….Mar 11 2015, 6:28 AM
Diffusion mentioned this in rMEXT41d5cac79267: Updated mediawiki/extensions Project: mediawiki/extensions/OpenStackManager….
Krenair subscribed.Mar 21 2015, 3:49 AM

Did this work?

Krenair removed a project: Patch-For-Review.Mar 21 2015, 3:50 AM
Krenair added a comment.Aug 18 2015, 2:23 AM

Bump.

Krenair reassigned this task from Springle to Andrew.Aug 28 2015, 4:26 AM
Krenair added a subscriber: Springle.
Andrew closed this task as Resolved.Aug 31 2015, 1:27 PM

Pretty sure it worked, or at least helped.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits