yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1998268] Re: Fernet uid/gid logic issue

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1998268@xxxxxxxxxxxxxxxxxx>
Date: Fri, 20 Sep 2024 16:43:16 -0000
Reply-to: Bug 1998268 <1998268@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/keystone/+/866096
Committed: https://opendev.org/openstack/keystone/commit/1cf7d94d6eb27aff92d3a612ee05efcc19e08917
Submitter: "Zuul (22348)"
Branch:    master

commit 1cf7d94d6eb27aff92d3a612ee05efcc19e08917
Author: Sam Morrison <sorrison@xxxxxxxxx>
Date:   Wed Nov 30 12:16:40 2022 +1100

    Fix logic of fernet creation when running as root
    
    Running `keystone-manage fernet_rotate
    --keystone-user root --keystone-group keystone`
    
    Will cause group to be root not keystone due to
    checking the uid (0) against false, as opposed to None.
    
    Closes-Bug: #1998268
    
    Change-Id: Ib20550bf698f4fab381b48571ff8d096a2ae3335


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1998268

Title:
  Fernet uid/gid logic issue

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Running

  keystone-manage fernet_rotate --keystone-user root --keystone-group
  keystone

  Will not work as expected due to some wrong logic when uid is set to 0
  due to 0 == False

  The new 0 key will have ownership of root:root, not root:keystone

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1998268/+subscriptions

References

[Bug 1998268] [NEW] Fernet uid/gid logic issue
From: Sam Morrison, 2022-11-30