Update comments for keystone precision and fernet
Keystone is moving to drop microsecond precision across the board
for consistency. This updates the comments to reflect that the sleep
is not a bug and expected.
Change-Id: I8beaeb4a94f0de1ad5d89df9ec77a1ae1b08a9d1
Closes-Bug: #1517697
Closes-Bug: #1513538
diff --git a/tempest/api/identity/admin/v3/test_users.py b/tempest/api/identity/admin/v3/test_users.py
index e26624a..2644f29 100644
--- a/tempest/api/identity/admin/v3/test_users.py
+++ b/tempest/api/identity/admin/v3/test_users.py
@@ -79,13 +79,9 @@
self.users_client.update_user_password(
user['id'], password=new_password,
original_password=original_password)
- # TODO(lbragstad): Sleeping after the response status has been checked
- # and the body loaded as JSON allows requests to fail-fast. The sleep
- # is necessary because keystone will err on the side of security and
- # invalidate tokens within a small margin of error (within the same
- # wall clock second) after a revocation event is issued (such as a
- # password change). Remove this once keystone and Fernet support
- # sub-second precision, see bug 1517697 for more details.
+ # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
+ # Keystone should only be precise to the second. Sleep to ensure
+ # we are passing the second boundry.
time.sleep(1)
resp = self.token.auth(user_id=user['id'],
password=new_password).response
diff --git a/tempest/api/identity/v2/test_users.py b/tempest/api/identity/v2/test_users.py
index ce4ee69..f9e2f88 100644
--- a/tempest/api/identity/v2/test_users.py
+++ b/tempest/api/identity/v2/test_users.py
@@ -55,13 +55,9 @@
# user updates own password
self.non_admin_users_client.update_user_own_password(
user_id, password=new_pass, original_password=old_pass)
- # TODO(lbragstad): Sleeping after the response status has been checked
- # and the body loaded as JSON allows requests to fail-fast. The sleep
- # is necessary because keystone will err on the side of security and
- # invalidate tokens within a small margin of error (within the same
- # wall clock second) after a revocation event is issued (such as a
- # password change). Remove this once keystone and Fernet support
- # sub-second precision.
+ # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
+ # Keystone should only be precise to the second. Sleep to ensure
+ # we are passing the second boundry.
time.sleep(1)
# check authorization with new password
diff --git a/tempest/api/identity/v3/test_users.py b/tempest/api/identity/v3/test_users.py
index ab48c07..3814e20 100644
--- a/tempest/api/identity/v3/test_users.py
+++ b/tempest/api/identity/v3/test_users.py
@@ -58,13 +58,9 @@
self.non_admin_users_client.update_user_password(
user_id, password=new_pass, original_password=old_pass)
- # TODO(lbragstad): Sleeping after the response status has been checked
- # and the body loaded as JSON allows requests to fail-fast. The sleep
- # is necessary because keystone will err on the side of security and
- # invalidate tokens within a small margin of error (within the same
- # wall clock second) after a revocation event is issued (such as a
- # password change). Remove this once keystone and Fernet support
- # sub-second precision.
+ # NOTE(morganfainberg): Fernet tokens are not subsecond aware and
+ # Keystone should only be precise to the second. Sleep to ensure
+ # we are passing the second boundry.
time.sleep(1)
# check authorization with new password