Open fdobrovolny opened 8 months ago
MatusJenca2
commented
7 months ago I'd like to discuss if this is really necessary. Keystonemiddleware encrypts tokens according to this doc. If the encryption takes place before the data is sent to memcache, there's no need to use TLS, because the data is already encrypted.
fdobrovolny
commented
7 months ago I think it would be worth it as to limit the number of services user need to run as if we port everything else to Redis it might not be needed to keep memcache around. And this seems to be quite quick fix I think it would be worth it. Also a note even data stored in Redis would have to be encrypted.
@berendt @artificial-intelligence would do you guys think?
MatusJenca2
commented
7 months ago As it's being required I will briefly sum up progress on this issue:
MatusJenca2
commented
7 months ago Also a note even data stored in Redis would have to be encrypted.
From the code it seems that the data are encrypted by the middleware itself, so no changes are needed for redis. I am writing unit tests and can verify it soon.
MatusJenca2
commented
7 months ago As for recent Redis news we may close this issue Edit: resuming work on this as per yesterdays IaaS call
MatusJenca2
commented
6 months ago
Epic #462
As an SCS Developer, I want to use Redis instead of memcache to cache auth tokens.
https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/_cache.py
Definition of Ready:
Definition of Done: