X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/b73985d8a0c9173aec57f6a81fe540b2813a5bff..9aff8a3624b463d3fd4d9302c4d41c7558df4a13:/services/fuse/tests/test_token_expiry.py

diff --git a/services/fuse/tests/test_token_expiry.py b/services/fuse/tests/test_token_expiry.py
index 415f9bbc48..9756b2efe3 100644
--- a/services/fuse/tests/test_token_expiry.py
+++ b/services/fuse/tests/test_token_expiry.py
@@ -1,3 +1,7 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 import apiclient
 import arvados
 import arvados_fuse
@@ -35,6 +39,11 @@ class TokenExpiryTest(IntegrationTest):
     @mock.patch('arvados.keep.KeepClient.get')
     @IntegrationTest.mount(argv=['--mount-by-id', 'zzz'])
     def test_refresh_old_manifest(self, mocked_get, mocked_time, mocked_open):
+        # This test (and associated behavior) is still not strong
+        # enough. We should ensure old tokens are never used even if
+        # blobSignatureTtl seconds elapse between open() and
+        # read(). See https://dev.arvados.org/issues/10008
+
         mocked_get.return_value = 'fake data'
         mocked_time.side_effect = self.fake_time
         mocked_open.side_effect = self.fake_open