Merge "Respect delay_auth_decision when Keystone is unavailable"5.3.0

author: Zuul <zuul@review.openstack.org> 2018-10-05 11:36:19 +0000
committer: Gerrit Code Review <review@openstack.org> 2018-10-05 11:36:19 +0000
commit: fc51082ef43e316bbfa65c16dd6483af1f2092e7 (patch)
tree: d8256b55011237701b189a06bb3041e1dadd5540 /releasenotes
parent: 5e9fa2af0e733ac231bcc5b16e4632d56e617fe2 (diff)
parent: da5932affc253a8b50ba753c6f9fabde68410501 (diff)
download: keystonemiddleware-fc51082ef43e316bbfa65c16dd6483af1f2092e7.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/releasenotes/notes/delay_auth_instead_of_503-f9b46bf4fbc11455.yaml b/releasenotes/notes/delay_auth_instead_of_503-f9b46bf4fbc11455.yaml
new file mode 100644
index 0000000..11ce28a
--- /dev/null
+++ b/releasenotes/notes/delay_auth_instead_of_503-f9b46bf4fbc11455.yaml
@@ -0,0 +1,9 @@
+---
+fixes:
+  - |
+    When ``delay_auth_decision`` is enabled and a Keystone failure prevents
+    a final decision about whether a token is valid or invalid, it will be
+    marked invalid and the application will be responsible for a final auth
+    decision. This is similar to what happens when a token is confirmed *not*
+    valid. This allows a Keystone outage to only affect Keystone users in a
+    multi-auth system.
author	Zuul <zuul@review.openstack.org>	2018-10-05 11:36:19 +0000
committer	Gerrit Code Review <review@openstack.org>	2018-10-05 11:36:19 +0000
commit	fc51082ef43e316bbfa65c16dd6483af1f2092e7 (patch)
tree	d8256b55011237701b189a06bb3041e1dadd5540 /releasenotes
parent	5e9fa2af0e733ac231bcc5b16e4632d56e617fe2 (diff)
parent	da5932affc253a8b50ba753c6f9fabde68410501 (diff)
download	keystonemiddleware-fc51082ef43e316bbfa65c16dd6483af1f2092e7.tar.gz