keystone/bug-1642457-4533f9810a8cd927.yaml at 18711961afb022058dcf9adf9a06b0ea535cd7c7 - keystone - OpenDev: Free Software Needs Free Tools

openstack/keystone

johnlinp 5b7c9a66f0 Handle disk write failure when doing Fernet key rotation

_create_new_key() is broke down into 2 parts:

1. _create_tmp_new_key()
2. _become_valid_new_key()

This can avoid empty Fernet keys when the write to the
staged key fails. The _become_valid_new_key() is called
only after a successful call to _create_tmp_new_key().

Change-Id: Iaf33e2b291f13b9eb9464ef345a8664a634121ff
Closes-Bug: #1642457
Signed-off-by: John Lin <johnlinp@gmail.com>

2016-12-26 10:17:01 +08:00

8 lines

266 B

YAML

Raw Blame History

 ---
 fixes:
   - |
     [`bug 1642457 <https://bugs.launchpad.net/keystone/+bug/1642457>`_]
     Handle disk write and IO failures when rotating keys for Fernet tokens.
     Rather than creating empty keys, properly catch and log errors when
     unable to write to disk.