keystone/releasenotes/notes/bug-1885753-51df25f3ff1d9ae8.yaml
Lance Bragstad ceae3566e8 Retry update_user when sqlalchemy raises StaleDataErrors
Keystone's update_user() method in the SQL driver processes a lot of
information about how to update users. This includes evaluating password
logic and authentication attempts for PSI-DSS. This logic is evaluated
after keystone pulls the user record from SQL and before it exits the
context manager, which performs the write.

When multiple clients are all updating the same user reference, it's
more likely they will see an HTTP 500 because of race conditions exiting
the context manager. The HTTP 500 is due to stale data when updating
password expiration for old passwords, which happens when setting a new
password for a user.

This commit attempts to handle that case more gracefully than throwing a
500 by detecting StaleDataErrors from sqlalchemy and retrying.  The
identity sql backend will retry the request for clients that have
stale data change from underneath them.

Change-Id: I75590c20e90170ed862f46f0de7d61c7810b5c90
Closes-Bug: 1885753
2021-03-29 16:21:47 +00:00

7 lines
239 B
YAML

---
fixes:
- |
[`bug 1885753 <https://bugs.launchpad.net/keystone/+bug/1885753>`_]
Keystone's SQL identity backend now retries update user requests to safely
handle stale data when two clients update a user at the same time.