Conversation
- get_config_identity_hash: replace DefaultHasher with SHA-256 over a field-tagged canonical string. DefaultHasher is unstable across Rust releases (orphans cache files on a toolchain bump) and skipping None fields let differently-shaped identities collide on the same cache file, letting the wildcard scope matcher return another user's token - change auth hash type u64 -> String throughout State/session/ openstack_async to carry the new hash - apply a 60s validity margin when selecting a cached token for use (get_scope_auth, find_scope_authz, find_valid_auth), keeping None for persistence-time filtering; avoids handing out a token that expires before the request completes - deterministic scope priority (unscoped > project > domain > system) replacing HashMap-order-dependent token selection - GC cache/lock files older than 7 days on first State::new() per process; gated with Once to avoid repeated directory scans when State::new() runs more than once per process - fix unlocked first-read race: load_auth_state now creates the lock file if missing instead of skipping the lock silently - prefix on-disk cache payload with a format-version byte so a schema change is logged distinctly from corruption - drop Windows readonly attribute on cache files: it added no real confidentiality and broke the next write via NamedTempFile::persist/ File::create Signed-off-by: Artem Goncharov <artem.goncharov@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
field-tagged canonical string. DefaultHasher is unstable across Rust
releases (orphans cache files on a toolchain bump) and skipping None
fields let differently-shaped identities collide on the same cache
file, letting the wildcard scope matcher return another user's token
openstack_async to carry the new hash
(get_scope_auth, find_scope_authz, find_valid_auth), keeping None for
persistence-time filtering; avoids handing out a token that expires
before the request completes
replacing HashMap-order-dependent token selection
process; gated with Once to avoid repeated directory scans when
State::new() runs more than once per process
file if missing instead of skipping the lock silently
change is logged distinctly from corruption
confidentiality and broke the next write via NamedTempFile::persist/
File::create
Signed-off-by: Artem Goncharov artem.goncharov@gmail.com