keystoneauth

betamax fixture needs a custom serializer

Bug #1570384 reported by Yolanda Robla
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
keystoneauth
Fix Released
Wishlist
Yolanda Robla

Bug Description

We cannot rely on native recorded fixtures with betamax, because of two reasons:
- betamax is recording cloud usernames and passwords. If we run this into real clouds, that's a security problem. We need to replace those by dummy users and passwords
- when keytone tokens are generated, they are recorded with a fixed expiration time. That means, that tests are passing until the token expire, but after that, tests are no longer valid because the recorded token is in the past.

So need to create a custom serializer. The serializer can be inherited from PrettyJSONSerializer, and has to update fixtures with 2 things:
- mask user and password for clouds
- set a token expiration date in the long future

Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

This is definitely something we expected to expand on as betamax was used.

Changed in keystoneauth:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystoneauth (master)

Fix proposed to branch: master
Review: https://review.openstack.org/305937

Changed in keystoneauth:
assignee: nobody → Yolanda Robla (yolanda.robla)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystoneauth (master)

Change abandoned by yolanda.robla (<email address hidden>) on branch: master
Review: https://review.openstack.org/305937
Reason: I will create a custom hook instead

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystoneauth (master)

Fix proposed to branch: master
Review: https://review.openstack.org/311133

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystoneauth (master)

Reviewed: https://review.openstack.org/311133
Committed: https://git.openstack.org/cgit/openstack/keystoneauth/commit/?id=aae4612534afc6469997afb0443fa2e9d87411e8
Submitter: Jenkins
Branch: master

commit aae4612534afc6469997afb0443fa2e9d87411e8
Author: Yolanda Robla <email address hidden>
Date: Fri Apr 29 16:46:28 2016 +0200

    Use betamax hooks to mask fixture results

    We cannot rely on native recorded fixtures with betamax,
    because of two reasons: - betamax is recording cloud usernames
    and passwords. If we run this into real clouds, that's a security
    problem. We need to replace those by dummy users and passwords -
    when keystone tokens are generated, they are recorded with a fixed
    expiration time. That means, that tests are passing until the token
    expire, but after that, tests are no longer valid because the
    recorded token is in the past.

    So need to use pre_record hook to alter the recorded results.
    The hook has to update fixtures with 2 things: - mask user,
    password and tenant for clouds - set a token expiration date in
    the long future.

    Change-Id: I5d959ee9386fb0321e9d39c73792155acd6b4851
    Closes-Bug: 1570384

Changed in keystoneauth:
status: In Progress → Fix Released
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/keystoneauth 2.8.0

This issue was fixed in the openstack/keystoneauth 2.8.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.