Merge "Deprecate in-process cache"

2016-01-23 01:57:41 +00:00 · 2016-01-23 01:57:41 +00:00 · accc77ca66
commit accc77ca66
parent 9b566b40d4 f1aa4866c1
2 changed files with 31 additions and 3 deletions
--- a/keystonemiddleware/auth_token/_cache.py
+++ b/keystonemiddleware/auth_token/_cache.py
@ -19,7 +19,7 @@ import six
 from keystonemiddleware.auth_token import _exceptions as exc
 from keystonemiddleware.auth_token import _memcache_crypt as memcache_crypt
 from keystonemiddleware.auth_token import _memcache_pool as memcache_pool
-from keystonemiddleware.i18n import _, _LE
+from keystonemiddleware.i18n import _, _LE, _LW
 from keystonemiddleware.openstack.common import memorycache


@ -54,8 +54,18 @@ class _EnvCachePool(object):
 class _CachePool(list):
    """A lazy pool of cache references."""

-    def __init__(self, memcached_servers):
+    def __init__(self, memcached_servers, log):
        self._memcached_servers = memcached_servers
+        if not self._memcached_servers:
+            log.warning(_LW(
+                "Using the in-process token cache is deprecated as of the "
+                "4.2.0 release and may be removed in the 5.0.0 release or "
+                "the 'O' development cycle. The in-process cache causes "
+                "inconsistent results and high memory usage. When the feature "
+                "is removed the auth_token middleware will not cache tokens "
+                "by default which may result in performance issues. It is "
+                "recommended to use  memcache for the auth_token token cache "
+                "by setting the memcached_servers option."))

    @contextlib.contextmanager
    def reserve(self):
@ -125,7 +135,7 @@ class TokenCache(object):
                                       **self._memcache_pool_options)

        else:
-            return _CachePool(self._memcached_servers)
+            return _CachePool(self._memcached_servers, self._LOG)

    def initialize(self, env):
        if self._initialized:
--- a/releasenotes/notes/deprecate-caching-tokens-in-process-a412b0f1dea84cb9.yaml
+++ b/releasenotes/notes/deprecate-caching-tokens-in-process-a412b0f1dea84cb9.yaml
@ -0,0 +1,18 @@
+---
+deprecations:
+  - >
+    With the release of 4.2.0 of keystonemiddleware we no longer recommend
+    using the in-process token cache. In-process caching may result in
+    inconsistent validation, poor UX and race conditions.
+
+    It is recommended that the `memcached_servers` option is set in the
+    `keystone_authtoken` configuration section of the various services (e.g.
+    nova, glance, ...) with the endpoint of running memcached server(s).
+
+    When the feature is removed, not setting the `memcached_servers`
+    option will cause keystone to validate tokens more frequently, increasing
+    load. In production, use of caching is highly recommended.
+
+    This feature is deprecated as of 4.2.0 and is targeted for removal in
+    keystonemiddleware 5.0.0 or in the `O` development cycle, whichever is
+    later.