f2a210e3fe
In some rare cases, an empty key file can get created within the fernet key repository. When keystone tries to load the keys from disk, it will fail with an invalid fernet key ValueError. This change adds a check for empty files with a valid numerical name within the key repository when rotating keys and loading keys. If an empty file exists, it will be ignored when loading keys, reported in the logs, and overwritten with a valid key upon rotation. Change-Id: Ic19dd02d38e8f6a05c8951ec3dd13659aab98259 Closes-Bug: 1728907
11 lines
509 B
YAML
11 lines
509 B
YAML
---
|
|
fixes:
|
|
- |
|
|
[`bug 1728907 <https://bugs.launchpad.net/keystone/+bug/1728907>`_]
|
|
In some rare cases, an empty key file can get created within the fernet
|
|
key repository. When keystone tries to load the keys from disk, it will
|
|
fail with an invalid fernet key ValueError. Keystone now handles empty
|
|
key files when loading and rotating keys. If an empty file exists, it
|
|
will be ignored when loaded, reported as a warning in the log, and
|
|
overwritten with a valid key upon rotation.
|