Remove cache invalidation when using expired token10.2.0stable/2023.1

This can create a race condition for long running services that reuse
their token (eg. Kubernetes Cinder CSI plugin) in this case for
example:

1 [user] Asks nova to attach a volume to a server
2 ...the user's token expires
3 [user] Asks cinder if the volume has been attached
4 [nova] Asks cinder to attach the volume

In step 3 the token is marked as invalid in the cache and step 4 fails
even if allow_expired is true

Closes-Bug: #1987355
Change-Id: Ice8e34440a5fe1baa370646ed70b5e085c4af70e

1 files changed, 0 insertions, 6 deletions

diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index 0feed6f..ddb2ddc 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -245,7 +245,6 @@ from keystonemiddleware.i18n import _
 
 
 _LOG = logging.getLogger(__name__)
-_CACHE_INVALID_INDICATOR = 'invalid'
 oslo_cache.configure(cfg.CONF)
 
 AUTH_TOKEN_OPTS = [
@@ -736,10 +735,6 @@ class AuthProtocol(BaseAuthProtocol):
             cached = self._token_cache.get(token)
 
             if cached:
-                if cached == _CACHE_INVALID_INDICATOR:
-                    self.log.debug('Cached token is marked unauthorized')
-                    raise ksm_exceptions.InvalidToken()
-
                 # NOTE(jamielennox): Cached values used to be stored as a tuple
                 # of data and expiry time. They no longer are but we have to
                 # allow some time to transition the old format so if it's a
@@ -769,7 +764,6 @@ class AuthProtocol(BaseAuthProtocol):
                 'The Keystone service is temporarily unavailable.')
         except ksm_exceptions.InvalidToken:
             self.log.debug('Token validation failure.', exc_info=True)
-            self._token_cache.set(token, _CACHE_INVALID_INDICATOR)
             self.log.warning('Authorization failed for token')
             raise
         except ksa_exceptions.EndpointNotFound: