Oslogin cache doesn't prevent requests to metadata

[AlexMokin]

When cache is enabled i still see request sent to metadata service

Example of nsswitch.conf

passwd:            compat cache_oslogin oslogin
group:             compat cache_oslogin oslogin

#hosts networks etc

Surprisingly if i disable module with non-cached oslogin altogether it works with cache as expected Example of nsswitch.conf

passwd:            compat cache_oslogin
group:             compat cache_oslogin

#hosts networks etc

I was able to reproduce this on Ubuntu Xenial and Focal. It looks like even though cache returns proper results nss still inovkes next module.

[illfelder]

The cache does not prevent all requests to the metadata server; cache misses still query the metadata server. This is intended behavior that ensure new users are immediately available on a running VM.

[AlexMokin]

The cache does not prevent all requests to the metadata server; cache misses still query the metadata server. This is intended behavior that ensure new users are immediately available on a running VM.

Sorry, i think it wasn't clear from a message. It sends request even if the user's in cache. I checked that user is in a cache file and also tried to remove oslogin module (leaving only cache_oslogin in the list of modules) and in this case i get the response from cache and no requests are send. But as soon as i add oslogin module to the list the request for user is being send despite of a user being cached.

[vorakl]

When cache is enabled i still see request sent to metadata service

Could you please show your troubleshooting process? How can we reproduce it and see the same? ;)

I checked that user is in a cache file and also tried to remove oslogin module (leaving only cache_oslogin in the list of modules)

Have you tried to remove a user from cache having only cache_oslogin module? Just curious.

It looks like even though cache returns proper results nss still inovkes next module.

Does this behavior break something in your workflow?