Fix an issue with double fernet key rotation

When the token and receipt directories don't match perfectly (e.g. trailing slash vs not), we would get double key rotation. Use os.path to make sure we are indeed checking for the same path. Change-Id: I34c5e4891773bcd6a799f3dbfa7174718030c4e4
2018-11-05 22:29:58 +13:00 · 2018-11-05 22:29:58 +13:00 · 7fa62c823a
parent 1bc9f3356d
commit 7fa62c823a
1 changed files with 4 additions and 4 deletions
--- a/keystone/cmd/cli.py
+++ b/keystone/cmd/cli.py
@ -409,8 +409,8 @@ class FernetSetup(BasePermissionsSetup):
            futils.initialize_key_repository(
                keystone_user_id, keystone_group_id)

-        if (CONF.fernet_tokens.key_repository !=
-                CONF.fernet_receipts.key_repository):
+        if (os.path.abspath(CONF.fernet_tokens.key_repository) !=
+                os.path.abspath(CONF.fernet_receipts.key_repository)):
            futils = fernet_utils.FernetUtils(
                CONF.fernet_receipts.key_repository,
                CONF.fernet_receipts.max_active_keys,
@ -468,8 +468,8 @@ class FernetRotate(BasePermissionsSetup):
        if futils.validate_key_repository(requires_write=True):
            futils.rotate_keys(keystone_user_id, keystone_group_id)

-        if (CONF.fernet_tokens.key_repository !=
-                CONF.fernet_receipts.key_repository):
+        if (os.path.abspath(CONF.fernet_tokens.key_repository) !=
+                os.path.abspath(CONF.fernet_receipts.key_repository)):
            futils = fernet_utils.FernetUtils(
                CONF.fernet_receipts.key_repository,
                CONF.fernet_receipts.max_active_keys,