Reviewed: https://review.openstack.org/231191 Committed: https://git.openstack.org/cgit/openstack/tempest/commit/?id=a2c4ebc4fac75c0889489e4bed5a0aa89f8193f1 Submitter: Jenkins Branch: master
commit a2c4ebc4fac75c0889489e4bed5a0aa89f8193f1 Author: Lance Bragstad <[email protected]> Date: Mon Oct 5 20:34:39 2015 +0000 Fix race condition when changing passwords This patch makes it so that there is a one second wait when changing a password with Keystone. This is done because when we lose sub-second precision with Fernet tokens there is the possibility of a token being issued and revoked within the same second. Keystone will err on the side of security and return a 404 NotFound when validating a token that was issued in the same second as a revocation event. For example, it is possible for a revocation event to happen at .000001, but it will be stored in MySQL as .000000 because of sub-second truncation. A token can be created at .000002, but the creation time of that token, according to Fernet, will be .000000, because Fernet tokens don't have sub-second precision. When that token is validated, it will appear invalid even though it was created *after* the revocation event. Change-Id: Ied83448de8af1b0da9afdfe6ce9431438215bfe0 Closes-Bug: 1473567 ** Changed in: tempest Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1473567 Title: Fernet tokens fail tempest runs Status in OpenStack Identity (keystone): In Progress Status in tempest: Fix Released Bug description: It seems testing an OpenStack instance that was deployed with Fernet tokens fails on some of the tempest tests. In my case these tests failed: http://paste.openstack.org/show/363017/ bknudson also found similar in a test patch: https://review.openstack.org/#/c/195780 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1473567/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
