Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / tempest / f602644ce81356867470cf05432252f474bfedec^! / .
commitf602644ce81356867470cf05432252f474bfedec[log] [tgz]
authorLance Bragstad <lbragstad@gmail.com>Wed Nov 25 15:29:50 2015 +0000
committerLance Bragstad <lbragstad@gmail.com>Wed Nov 25 15:46:31 2015 +0000
tree35507a9a6debfc405cc244f1e4cbd8c04be460cd
parentd97c374caa821ec4e653cf32eb8fa8d211fc1517 [diff]
Fix race condition when changing passwords for admin tests

In a previous fix, Ied83448de8af1b0da9afdfe6ce9431438215bfe0, we applied a
sleep in order to mitigate a race condition in keystone with Fernet tokens.
This change moves that same concept to the tempest.api.identity.admin.v3 tests
so those pass with Fernet as well.

This change also separates the token from the v2 update user password response
in test_user_update_own_password() for the same reason. By isolating the token
from the update user call, we ensure we don't hit the same issue with the v2
update user password tests.

Change-Id: I34b7b7c34fa34551c0fdf9bdeb1ffaa432c10adc
Closes-Bug: 1473567
Related-Bug: 1517697

diff --git a/tempest/api/identity/admin/v3/test_users.py b/tempest/api/identity/admin/v3/test_users.py
index b56c9e6..60abde7 100644
--- a/tempest/api/identity/admin/v3/test_users.py
+++ b/tempest/api/identity/admin/v3/test_users.py

@@ -13,6 +13,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import time
+
 from tempest.api.identity import base
 from tempest.common.utils import data_utils
 from tempest import test
@@ -76,6 +78,14 @@
         new_password = data_utils.rand_name('pass1')
         self.client.update_user_password(user['id'], new_password,
                                          original_password)
+        # TODO(lbragstad): Sleeping after the response status has been checked
+        # and the body loaded as JSON allows requests to fail-fast. The sleep
+        # is necessary because keystone will err on the side of security and
+        # invalidate tokens within a small margin of error (within the same
+        # wall clock second) after a revocation event is issued (such as a
+        # password change). Remove this once keystone and Fernet support
+        # sub-second precision, see bug 1517697 for more details.
+        time.sleep(1)
         resp = self.token.auth(user_id=user['id'],
                                password=new_password).response
         subject_token = resp['x-subject-token']

diff --git a/tempest/api/identity/v2/test_users.py b/tempest/api/identity/v2/test_users.py
index 03c6621..5f2a8c4 100644
--- a/tempest/api/identity/v2/test_users.py
+++ b/tempest/api/identity/v2/test_users.py

@@ -56,8 +56,8 @@
             old_pass=new_pass)
 
         # user updates own password
-        resp = self.non_admin_client.update_user_own_password(
-            user_id=user_id, new_pass=new_pass, old_pass=old_pass)['access']
+        self.non_admin_client.update_user_own_password(
+            user_id=user_id, new_pass=new_pass, old_pass=old_pass)
 
         # TODO(lbragstad): Sleeping after the response status has been checked
         # and the body loaded as JSON allows requests to fail-fast. The sleep
@@ -68,8 +68,6 @@
         # sub-second precision.
         time.sleep(1)
 
-        # check authorization with new token
-        self.non_admin_token_client.auth_token(resp['token']['id'])
         # check authorization with new password
         self.non_admin_token_client.auth(self.username,
                                          new_pass,