diff options
author | Jamie Lennox <jamielennox@redhat.com> | 2015-09-09 22:38:04 +1000 |
---|---|---|
committer | Jamie Lennox <jamielennox@redhat.com> | 2015-09-10 10:18:36 +1000 |
commit | 556c1a6633931207370106478fa2d155fbffb126 (patch) | |
tree | 86c8d8bcc3f43220856f434c994a41a781c02856 /doc/source | |
parent | 28138b588224c6b0503620ac2e24bd37dad25370 (diff) | |
download | python-keystoneclient-556c1a6633931207370106478fa2d155fbffb126.tar.gz |
Identity plugin thread safety
A common case is for Nova (or other service) to create a service
authentication plugin from a configuration file and then have many
greenlet threads that want to reuse that authentication. If a token
expires then many threads all try and fetch a new token to use and can
step over each other.
I was hoping for a way to put a lock in so that all plugins were thread
safe however fixing it for identity plugins solves almost all real world
situations and anyone doing non-identity plugins will have to manage
threads themselves.
Change-Id: Ib6487de7de638abc69660c851bd048a8ec177109
Closes-Bug: #1493835
Diffstat (limited to 'doc/source')
-rw-r--r-- | doc/source/authentication-plugins.rst | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/source/authentication-plugins.rst b/doc/source/authentication-plugins.rst index 5afc0bc..89384a5 100644 --- a/doc/source/authentication-plugins.rst +++ b/doc/source/authentication-plugins.rst @@ -235,3 +235,10 @@ can be retrieved. The most simple example of a plugin is the :py:class:`keystoneclient.auth.token_endpoint.Token` plugin. + +When writing a plugin you should ensure that any fetch operation is thread +safe. A common pattern is for a service to hold a single service authentication +plugin globally and re-use that between all threads. This means that when a +token expires there may be multiple threads that all try to fetch a new plugin +at the same time. It is the responsibility of the plugin to ensure that this +case is handled in a way that still results in correct reauthentication. |