During some upgrade testing I was doing locally, I noticed an issue
where `keystone-manage bootstrap` isn't completely idempotent. This
is because `bootstrap` has the ability to recover lost admin accounts
by reseting the admin user's enabled status and updating their
password, regardless of it being different. This creates a revocation
event and causes admin tokens to be invalid after bootstrap is run
for a second time, making it not as idempotent as we'd like.
This commit introduces a test that exposes this behavior.
Reviewed: https:/ /review. openstack. org/408694 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=2dae4129401 05c64c4ea1ed77e 6a45793faa0efa
Committed: https:/
Submitter: Jenkins
Branch: master
commit 2dae412940105c6 4c4ea1ed77e6a45 793faa0efa
Author: Lance Bragstad <email address hidden>
Date: Thu Dec 8 15:53:51 2016 +0000
Expose idempotency issue with bootstrap
During some upgrade testing I was doing locally, I noticed an issue
where `keystone-manage bootstrap` isn't completely idempotent. This
is because `bootstrap` has the ability to recover lost admin accounts
by reseting the admin user's enabled status and updating their
password, regardless of it being different. This creates a revocation
event and causes admin tokens to be invalid after bootstrap is run
for a second time, making it not as idempotent as we'd like.
This commit introduces a test that exposes this behavior.
Change-Id: I627255b2b5d6ec 401af2c07c40189 30fea206e4a
Partial-Bug: 1647800