5b7c9a66f0
_create_new_key() is broke down into 2 parts: 1. _create_tmp_new_key() 2. _become_valid_new_key() This can avoid empty Fernet keys when the write to the staged key fails. The _become_valid_new_key() is called only after a successful call to _create_tmp_new_key(). Change-Id: Iaf33e2b291f13b9eb9464ef345a8664a634121ff Closes-Bug: #1642457 Signed-off-by: John Lin <johnlinp@gmail.com>
8 lines
266 B
YAML
8 lines
266 B
YAML
---
|
|
fixes:
|
|
- |
|
|
[`bug 1642457 <https://bugs.launchpad.net/keystone/+bug/1642457>`_]
|
|
Handle disk write and IO failures when rotating keys for Fernet tokens.
|
|
Rather than creating empty keys, properly catch and log errors when
|
|
unable to write to disk.
|