OpenStack Identity (keystone)

kvs assignment updates user password

Bug #1265887 reported by Morgan Fainberg
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Low
Morgan Fainberg
OpenStack Identity (keystone) 2014.1 "icehouse"

Bug Description

When updates to Grants are performed, the KVS assignment backend will cause a password update for the user to the current hash of the user's password.

This is because the .get_user method on identity_api includes the password element which is just fed back into .update_user here:
http://git.openstack.org/cgit/openstack/keystone/tree/keystone/assignment/backends/kvs.py?id=ce5fcb13c5fec5de3eeab58453713a061e40168a#n261

This should have little impact in the grand scheme because KVS is not suitable for anything except testing.

Morgan Fainberg (mdrnstm)
Changed in keystone:
importance: Undecided → Low
assignee: nobody → Morgan Fainberg (mdrnstm)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/64890

Changed in keystone:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/64890
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=331b4ca3310c6df0795c2e5d1b55809d17bc0768
Submitter: Jenkins
Branch: master

commit 331b4ca3310c6df0795c2e5d1b55809d17bc0768
Author: Morgan Fainberg <email address hidden>
Date: Fri Jan 3 11:11:26 2014 -0800

    Do not update password when updating grants in Assignment KVS

    Assignment KVS backend no longer performs an update that causes
    the user's password to be updated when updating grants. This
    potentially would have caused any/all grant updates to set the
    user's password to the current password hash, effectively making
    it impossible to login with the user. The longer-term fix
    should ensure that the backend does not need to update the user
    itself from the driver level.

    Change-Id: I74ffc643020fa077c39a0cf16847e397a0c24139
    Closes-bug: #1265887

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
milestone: none → icehouse-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: icehouse-2 → 2014.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.