Respect cached tokens issued before upgrade

Right after keystone is upgraded from Zed to 2023.1 attempt to use previously cached tokens fails with AttributeError, as tokens do not have oauth2_thumbprint attribute yet. Thus, services misbehave until cache is exipred or flushed. In order to prevent this from happening, we use safe getattr() instead of just assuming that attribute is there. Change-Id: I911fec106178ebf37e004767cf8d0bdc8f001297 Closes-Bug: #2029134 (cherry picked from commit 0970481a50)
2023-08-15 19:38:15 +02:00 · 2023-08-15 19:38:15 +02:00 · 50495ae263
parent bf2673b7dc
commit 50495ae263
1 changed files with 5 additions and 1 deletions
--- a/keystone/common/render_token.py
+++ b/keystone/common/render_token.py
@ -142,7 +142,11 @@ def render_token_response_from_model(token, include_catalog=True):
            token_reference['token'][key]['access_rules'] = (
                token.application_credential['access_rules']
            )
-    if token.oauth2_thumbprint:
+    # NOTE(noonedeadpunk): We are using getattr as previously cached tokens
+    #                      won't have the attribute and keystone will fail
+    #                      with AttributeError for TTL of the cache.
+    token_oauth2_thumbprint = getattr(token, 'oauth2_thumbprint', None)
+    if token_oauth2_thumbprint:
        token_reference['token']['oauth2_credential'] = {
            'x5t#S256': token.oauth2_thumbprint
        }