openstack
/
keystone
Code Issues Proposed changes
OpenStack Identity (Keystone)
13,991 Commits 9 Branches 40 Tags 231 MiB
Python 99.5%
Shell 0.5%
Go to file
Lance Bragstad f36034c8a6 Retry update_user when sqlalchemy raises StaleDataErrors 
Keystone's update_user() method in the SQL driver processes a lot of
information about how to update users. This includes evaluating password
logic and authentication attempts for PSI-DSS. This logic is evaluated
after keystone pulls the user record from SQL and before it exits the
context manager, which performs the write.

When multiple clients are all updating the same user reference, it's
more likely they will see an HTTP 500 because of race conditions exiting
the context manager. The HTTP 500 is due to stale data when updating
password expiration for old passwords, which happens when setting a new
password for a user.

This commit attempts to handle that case more gracefully than throwing a
500 by detecting StaleDataErrors from sqlalchemy and retrying.  The
identity sql backend will retry the request for clients that have
stale data change from underneath them.

Conflicts:
      keystone/tests/unit/test_backend_sql.py due to import order
      differences between train and ussuri. Also adjust the expected log
      message since the method path is different compared to older
      releases, which have the driver name in them (e.g., Identity).

Change-Id: I75590c20e90170ed862f46f0de7d61c7810b5c90
Closes-Bug: 1885753
(cherry picked from commit ceae3566e8)
(cherry picked from commit f47e635b80)
(cherry picked from commit 5b7d4c80d4)
(cherry picked from commit 07d3a3d3ff)
(cherry picked from commit d4f48fc4e5)
(cherry picked from commit 328cf33aab)
 		2021-03-31 12:33:43 +00:00
api-ref/source trivial: fix broken link in trust API reference 2019-03-13 19:45:49 +00:00
config-generator Move policy generator config to config-generator/ 2017-04-21 21:47:32 +00:00
devstack Add voting k2k tests 2020-02-05 11:04:26 -08:00
doc Stop explicitly requiring pycodestyle 2020-05-18 08:06:05 -05:00
etc DRY: Remove redundant policies from policy.v3cloudsample.json 2019-04-02 19:41:36 +00:00
examples/pki Remove support for PKI and PKIz tokens 2016-11-01 22:05:01 +00:00
httpd Remove admin interface in sample Apache file 2018-03-24 12:56:02 +01:00
keystone Retry update_user when sqlalchemy raises StaleDataErrors 2021-03-31 12:33:43 +00:00
keystone_tempest_plugin Remove the local tempest plugin 2017-06-06 11:48:37 +00:00
playbooks/legacy/keystone-dsvm-grenade-multinode OpenDev Migration Patch 2019-04-19 19:30:50 +00:00
rally-jobs fix rally docs url 2018-05-21 16:24:51 +08:00
releasenotes Retry update_user when sqlalchemy raises StaleDataErrors 2021-03-31 12:33:43 +00:00
tools changed port in tools/sample_data.sh 2018-11-15 20:45:59 +05:30
.coveragerc Change ignore-errors to ignore_errors 2015-09-21 14:27:58 +00:00
.gitignore Tell reno to ignore the kilo branch 2020-02-21 18:56:11 +00:00
.gitreview OpenDev Migration Patch 2019-04-19 19:30:50 +00:00
.mailmap update mailmap with gyee's new email 2015-11-03 16:12:01 -08:00
.stestr.conf Migrate to stestr 2017-09-22 11:07:09 -05:00
.zuul.yaml Temporarily disable k2k tests on train and stein 2020-05-09 17:23:28 -07:00
CONTRIBUTING.rst Use https for docs.openstack.org references 2017-01-30 16:05:08 -08:00
HACKING.rst Merge "Update links in keystone" 2017-10-06 16:10:56 +00:00
LICENSE Added Apache 2.0 License information. 2012-02-15 17:48:33 -08:00
README.rst Add release notes link to README 2018-06-12 15:30:45 +08:00
babel.cfg setting up babel for i18n work 2012-06-21 18:03:09 -07:00
bindep.txt Fix bindep for SUSE 2019-02-14 16:50:33 +01:00
lower-constraints.txt Update amqp and PyMySQL lower constraints 2020-10-05 08:36:55 -05:00
reno.yaml Tell reno to ignore the kilo branch 2020-02-21 18:56:11 +00:00
requirements.txt Add PyJWT as a requirement 2019-01-31 19:42:09 +00:00
setup.cfg Stop explicitly requiring pycodestyle 2020-05-18 08:06:05 -05:00
setup.py Updated from global requirements 2017-03-06 01:10:37 +00:00
test-requirements.txt Stop explicitly requiring pycodestyle 2020-05-18 08:06:05 -05:00
tox.ini Constraint dependencies for docs build 2020-02-19 20:23:23 -05:00

README.rst

Team and repository tags

image

OpenStack Keystone

Keystone provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. It is most commonly deployed as an HTTP interface to existing identity systems, such as LDAP.

Developer documentation, the source of which is in doc/source/, is published at:

https://docs.openstack.org/keystone/latest

The API reference and documentation are available at:

https://developer.openstack.org/api-ref/identity

The canonical client library is available at:

https://git.openstack.org/cgit/openstack/python-keystoneclient

Documentation for cloud administrators is available at:

https://docs.openstack.org/

The source of documentation for cloud administrators is available at:

https://git.openstack.org/cgit/openstack/openstack-manuals

Information about our team meeting is available at:

https://wiki.openstack.org/wiki/Meetings/KeystoneMeeting

Release notes is available at:

https://docs.openstack.org/releasenotes/keystone

Bugs and feature requests are tracked on Launchpad at:

https://bugs.launchpad.net/keystone

Future design work is tracked at:

https://specs.openstack.org/openstack/keystone-specs

Contributors are encouraged to join IRC (#openstack-keystone on freenode):

https://wiki.openstack.org/wiki/IRC

For information on contributing to Keystone, see CONTRIBUTING.rst.