Update Keyring password info before sending out notification
Need update password before send out notification. Otherwise, any process which monitors the "updated" notification will still get old password from Keyring. Partial-Bug: 1853017 Change-Id: Id1c94fedca41abe96c7b38880bf325d4a25a95eb Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
This commit is contained in:
parent
9765445751
commit
d1294d7e67
@ -5,9 +5,9 @@ Subject: [PATCH 1/1] Rebasing Keyring integration
|
|||||||
|
|
||||||
---
|
---
|
||||||
keystone/exception.py | 6 ++++++
|
keystone/exception.py | 6 ++++++
|
||||||
keystone/identity/core.py | 50 +++++++++++++++++++++++++++++++++++++++++++++++
|
keystone/identity/core.py | 54 +++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
requirements.txt | 1 +
|
requirements.txt | 1 +
|
||||||
3 files changed, 57 insertions(+)
|
3 files changed, 61 insertions(+)
|
||||||
|
|
||||||
diff --git a/keystone/exception.py b/keystone/exception.py
|
diff --git a/keystone/exception.py b/keystone/exception.py
|
||||||
index b85878b..56601ce 100644
|
index b85878b..56601ce 100644
|
||||||
@ -73,21 +73,25 @@ index ed43e76..da7e7ba 100644
|
|||||||
@domains_configured
|
@domains_configured
|
||||||
@exception_translated('user')
|
@exception_translated('user')
|
||||||
def update_user(self, user_id, user_ref, initiator=None):
|
def update_user(self, user_id, user_ref, initiator=None):
|
||||||
@@ -1113,6 +1135,13 @@ class Manager(manager.Manager):
|
@@ -1099,6 +1121,17 @@ class Manager(manager.Manager):
|
||||||
)
|
|
||||||
notifications.invalidate_token_cache_notification(reason)
|
ref = driver.update_user(entity_id, user)
|
||||||
|
|
||||||
+ # Certain local Keystone users are stored in Keystone as opposed
|
+ # Certain local Keystone users are stored in Keystone as opposed
|
||||||
+ # to the default SQL Identity backend, such as the admin user.
|
+ # to the default SQL Identity backend, such as the admin user.
|
||||||
+ # When its password is updated, we need to update Keyring as well
|
+ # When its password is updated, we need to update Keyring as well
|
||||||
+ # as certain services retrieve this user context from Keyring and
|
+ # as certain services retrieve this user context from Keyring and
|
||||||
+ # will get auth failures
|
+ # will get auth failures
|
||||||
|
+ # Need update password before send out notification. Otherwise,
|
||||||
|
+ # any process monitor the notification will still get old password
|
||||||
|
+ # from Keyring.
|
||||||
+ if ('password' in user) and ('name' in ref):
|
+ if ('password' in user) and ('name' in ref):
|
||||||
+ self._update_keyring_password(ref, user['password'])
|
+ self._update_keyring_password(ref, user['password'])
|
||||||
return self._set_domain_id_and_mapping(
|
+
|
||||||
ref, domain_id, driver, mapping.EntityType.USER)
|
notifications.Audit.updated(self._USER, user_id, initiator)
|
||||||
|
|
||||||
@@ -1128,6 +1157,7 @@ class Manager(manager.Manager):
|
enabled_change = ((user.get('enabled') is False) and
|
||||||
|
@@ -1128,6 +1161,7 @@ class Manager(manager.Manager):
|
||||||
hints.add_filter('user_id', user_id)
|
hints.add_filter('user_id', user_id)
|
||||||
fed_users = PROVIDERS.shadow_users_api.list_federated_users_info(hints)
|
fed_users = PROVIDERS.shadow_users_api.list_federated_users_info(hints)
|
||||||
|
|
||||||
@ -95,7 +99,7 @@ index ed43e76..da7e7ba 100644
|
|||||||
driver.delete_user(entity_id)
|
driver.delete_user(entity_id)
|
||||||
PROVIDERS.assignment_api.delete_user_assignments(user_id)
|
PROVIDERS.assignment_api.delete_user_assignments(user_id)
|
||||||
self.get_user.invalidate(self, user_id)
|
self.get_user.invalidate(self, user_id)
|
||||||
@@ -1141,6 +1171,18 @@ class Manager(manager.Manager):
|
@@ -1141,6 +1175,18 @@ class Manager(manager.Manager):
|
||||||
|
|
||||||
PROVIDERS.credential_api.delete_credentials_for_user(user_id)
|
PROVIDERS.credential_api.delete_credentials_for_user(user_id)
|
||||||
PROVIDERS.id_mapping_api.delete_id_mapping(user_id)
|
PROVIDERS.id_mapping_api.delete_id_mapping(user_id)
|
||||||
@ -114,7 +118,7 @@ index ed43e76..da7e7ba 100644
|
|||||||
notifications.Audit.deleted(self._USER, user_id, initiator)
|
notifications.Audit.deleted(self._USER, user_id, initiator)
|
||||||
|
|
||||||
# Invalidate user role assignments cache region, as it may be caching
|
# Invalidate user role assignments cache region, as it may be caching
|
||||||
@@ -1390,6 +1432,14 @@ class Manager(manager.Manager):
|
@@ -1390,6 +1436,14 @@ class Manager(manager.Manager):
|
||||||
notifications.Audit.updated(self._USER, user_id, initiator)
|
notifications.Audit.updated(self._USER, user_id, initiator)
|
||||||
self._persist_revocation_event_for_user(user_id)
|
self._persist_revocation_event_for_user(user_id)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user