Merge "Fix race condition when changing passwords"

2015-11-18 23:17:10 +00:00 · 2015-11-18 23:17:10 +00:00 · 9b2e885dd1
commit 9b2e885dd1
parent bf57df1c4f a2c4ebc4fa
2 changed files with 20 additions and 0 deletions
--- a/tempest/api/identity/v2/test_users.py
+++ b/tempest/api/identity/v2/test_users.py
@ -14,6 +14,7 @@
 #    under the License.

 import copy
+import time

 from tempest_lib.common.utils import data_utils
 from tempest_lib import exceptions
@ -54,6 +55,15 @@ class IdentityUsersTest(base.BaseIdentityV2Test):
            new_pass=old_pass,
            old_pass=new_pass)

+        # TODO(lbragstad): Sleeping after the response status has been checked
+        # and the body loaded as JSON allows requests to fail-fast. The sleep
+        # is necessary because keystone will err on the side of security and
+        # invalidate tokens within a small margin of error (within the same
+        # wall clock second) after a revocation event is issued (such as a
+        # password change). Remove this once keystone and Fernet support
+        # sub-second precision.
+        time.sleep(1)
+
        # user updates own password
        resp = self.non_admin_client.update_user_own_password(
            user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access']
--- a/tempest/api/identity/v3/test_users.py
+++ b/tempest/api/identity/v3/test_users.py
@ -14,6 +14,7 @@
 #    under the License.

 import copy
+import time

 from tempest_lib.common.utils import data_utils
 from tempest_lib import exceptions
@ -53,6 +54,15 @@ class IdentityV3UsersTest(base.BaseIdentityV3Test):
            password=old_pass,
            original_password=new_pass)

+        # TODO(lbragstad): Sleeping after the response status has been checked
+        # and the body loaded as JSON allows requests to fail-fast. The sleep
+        # is necessary because keystone will err on the side of security and
+        # invalidate tokens within a small margin of error (within the same
+        # wall clock second) after a revocation event is issued (such as a
+        # password change). Remove this once keystone and Fernet support
+        # sub-second precision.
+        time.sleep(1)
+
        # user updates own password
        self.non_admin_client.update_user_password(
            user_id=user_id, password=new_pass, original_password=old_pass)