apiserver: fetch identity public key lazily #7793

Merged
merged 1 commit into from Aug 29, 2017

Conversation

Projects
None yet
4 participants
Owner

rogpeppe commented Aug 25, 2017

If the identity server isn't available the first time
a remote user tries to log in, we don't want all
remote user logins to fail forever (or until the
API agent is restarted), so we don't try to
fetch the public key immediately, instead
relying on httpbakery.PublicKeyRing to do it
for us when needed.

To QA, bootstrap a controller with identity-url set to a
host that's not running a discharge server. Try to log
in to it as an external user; verify that this fails.
Then start up the discharge server and verify that
it's possible to log in.

Fixes https://bugs.launchpad.net/juju/+bug/1713048

apiserver: fetch identity public key lazily
If the identity server isn't available the first time
a remote user tries to log in, we don't want all
remote user logins to fail forever (or until the
API agent is restarted), so we don't try to
fetch the public key immediately, instead
relying on httpbakery.PublicKeyRing to do it
for us when needed.

Fixes https://bugs.launchpad.net/juju/+bug/1713048

axw approved these changes Aug 29, 2017

Owner

rogpeppe commented Aug 29, 2017

$$merge$$

Contributor

jujubot commented Aug 29, 2017

Status: merge request accepted. Url: http://ci.jujucharms.com/job/github-merge-juju

Contributor

jujubot commented Aug 29, 2017

Build failed: Tests failed
build url: http://ci.jujucharms.com/job/github-merge-juju/192

Owner

rogpeppe commented Aug 29, 2017

$$merge$$

Contributor

jujubot commented Aug 29, 2017

Status: merge request accepted. Url: http://ci.jujucharms.com/job/github-merge-juju

@jujubot jujubot merged commit f49c4d4 into juju:develop Aug 29, 2017

1 check passed

continuous-integration/jenkins/pr-merge This commit looks good
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment