OpenStack Identity (keystone)

TokenNotFound not raised in testsuite because of timezone issues

Bug #983800 reported by Ionuț Arțăriși on 2012-04-17

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
OpenStack Identity (keystone)	Fix Released	Low	Mark McLoughlin	OpenStack Identity (keystone) 2012.2 "folsom"
Essex	Fix Released	Undecided	Ionuț Arțăriși	OpenStack Identity (keystone) 2012.1.1
keystone (Ubuntu)	Fix Released	Undecided	Unassigned
Precise	Fix Released	Undecided	Unassigned

Bug Description

We were getting a few failing tests because of this timezone issue. The TokenNotFound error is being raised (in keystone/token/backends/[kvs|memcached|sql] by checking datetime.utcnow(), but the tests used datetime.now()

=====================================================================
FAIL: test_expired_token (tests.test_backend_kvs.KvsToken)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/var/lib/openstack-keystone-test/tests/test_backend.py", line 333, in test_expired_token
self.token_api.get_token, token_id)
AssertionError: TokenNotFound not raised

======================================================================
FAIL: test_expired_token (tests.test_backend_memcache.MemcacheToken)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/var/lib/openstack-keystone-test/tests/test_backend.py", line 333, in test_expired_token
self.token_api.get_token, token_id)
AssertionError: TokenNotFound not raised

======================================================================
FAIL: test_expired_token (tests.test_backend_sql.SqlToken)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/var/lib/openstack-keystone-test/tests/test_backend.py", line 333, in test_expired_token
self.token_api.get_token, token_id)
AssertionError: TokenNotFound not raised

Tags:

Related branches

lp:~openstack-ubuntu-testing/keystone/precise-essex-proposed

Merged into lp:~ubuntu-server-dev/keystone/essex at revision 100

Ubuntu Server Developers: Pending requested 2012-03-16

lp:ubuntu/precise-proposed/keystone

OpenStack Infra (hudson-openstack) on 2012-04-17

Changed in keystone:
assignee:	nobody → Ionuț Arțăriși (iartarisi)
status:	New → In Progress

Revision history for this message

Ionuț Arțăriși (mapleoin) wrote on 2012-04-17:

Can we get this in essex?

Revision history for this message

Dolph Mathews (dolph) wrote on 2012-04-23:

I like the proposed fix ( https://review.openstack.org/#/c/6596/ ), but I don't think it's necessary to backport to stable. I'm guessing most packagers would skip the patch anyway.

Changed in keystone:
importance:	Undecided → Low

OpenStack Infra (hudson-openstack) on 2012-04-23

Changed in keystone:
assignee:	Ionuț Arțăriși (iartarisi) → Mark McLoughlin (markmc)

Revision history for this message

Ionuț Arțăriși (mapleoin) wrote on 2012-04-24:

I think it would be really helpful to get this and other small and unobtrusive patches to the test modules like these backported.

We're following stable/essex right now in our CI setup. I think we're not the only ones doing this. There is an incentive to get our fixes upstream so we don't have to maintain them ourselves. If we had to create a separate repository based on stable/essex to contain the backports we need from master, that incentive would go away.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-04-25: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/6403
Committed: http://github.com/openstack/keystone/commit/4cd2945740d37119be57f35e41afe3f2ab999114
Submitter: Jenkins
Branch: master

commit 4cd2945740d37119be57f35e41afe3f2ab999114
Author: Mark McLoughlin <email address hidden>
Date: Tue Apr 10 13:35:30 2012 +0100

Fix expired token tests

Fixes bug #983800

The expiration timestamps are expressed in UTC time, so ensure:

1) The timestamp of the token created by the test is UTC time (i.e.
utcnow() vs now())

2) The expiration check in the dummy memcache client properly
accounts for UTC (i.e. utctimetuple() vs timetuple())

Change-Id: Ie7356456f79ab5a8070a79771bb7d210b1cedd47

Changed in keystone:
status:	In Progress → Fix Committed

Revision history for this message

Mark McLoughlin (markmc) wrote on 2012-05-03:

I think this makes sense on essex

Downstream distributors often run the unit tests as part of their build process, so we should accept fixes like this for the tests

Revision history for this message

Mark McLoughlin (markmc) wrote on 2012-05-03:

Oh, in case it's not clear - Ionut is a downstream distributor and it sounds like they're running the tests during their builds

Ionuț Arțăriși (mapleoin) on 2012-05-10

tags:

added: essex-backport

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-05-16: Fix proposed to keystone (stable/essex)

Fix proposed to branch: stable/essex
Review: https://review.openstack.org/7481

Joseph Heck (heckj) on 2012-05-20

Changed in keystone:
milestone:	none → folsom-1

Thierry Carrez (ttx) on 2012-05-23

Changed in keystone:
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-06-14: Fix merged to keystone (stable/essex)

Reviewed: https://review.openstack.org/7481
Committed: http://github.com/openstack/keystone/commit/f70505ced12ae7319dedaf75bedb964c7469c6dd
Submitter: Jenkins
Branch: stable/essex

commit f70505ced12ae7319dedaf75bedb964c7469c6dd
Author: Mark McLoughlin <email address hidden>
Date: Tue Apr 10 13:35:30 2012 +0100

Fix expired token tests

Fixes bug #983800

The expiration timestamps are expressed in UTC time, so ensure:

1) The timestamp of the token created by the test is UTC time (i.e.
utcnow() vs now())

2) The expiration check in the dummy memcache client properly
accounts for UTC (i.e. utctimetuple() vs timetuple())

Change-Id: Ie7356456f79ab5a8070a79771bb7d210b1cedd47

Dave Walker (davewalker) on 2012-08-24

Changed in keystone (Ubuntu):
status:	New → Fix Released
Changed in keystone (Ubuntu Precise):
status:	New → Confirmed

Revision history for this message

Adam Gandelman (gandelman-a) wrote on 2012-08-30: Verification report.

Please find the attached test log from the Ubuntu Server Team's CI infrastructure. As part of the verification process for this bug, Keystone has been deployed and configured across multiple nodes using precise-proposed as an installation source. After successful bring-up and configuration of the cluster, a number of exercises and smoke tests have be invoked to ensure the updated package did not introduce any regressions. A number of test iterations were carried out to catch any possible transient errors.

Please Note the list of installed packages at the top and bottom of the report.

For records of upstream test coverage of this update, please see the Jenkins links in the comments of the relevant upstream code-review(s):

Trunk review: https://review.openstack.org/6403
Stable review: https://review.openstack.org/7481

As per the provisional Micro Release Exception granted to this package by the Technical Board, we hope this contributes toward verification of this update.

Revision history for this message

Adam Gandelman (gandelman-a) wrote on 2012-08-30:

#10

2012.1+stable~20120824-a16a0ab9-0ubuntu2.log Edit (82.0 KiB, text/plain)

Test coverage log.

tags:

added: verification-done

Revision history for this message

Clint Byrum (clint-fewbar) wrote on 2012-09-03: Update Released

#11

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-09-03:

#12

This bug was fixed in the package keystone - 2012.1+stable~20120824-a16a0ab9-0ubuntu2

---------------
keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2) precise-proposed; urgency=low

  * New upstream release (LP: #1041120):
    - debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch:
      Dropped.
  * Resynchronize with stable/essex:
    - authenticate in ldap backend doesn't return a list of roles
      (LP: #1035428)
    - LDAP should not check username on "sn" field (LP: #997700)
    - Admin API doesn't valid token. (LP: #1006815, #1006822)
    - Memcache token backend eventually stops working. (LP: #1012381)
    - EC2 credentials not migrated from legacy (diablo) database. (LP: #1016056)
    - Deleting tenants or users does not cleanup metadata. (LP: #973243)
    - Deleting tenants does not cleanup its user associations. (LP: #974199)
    - TokenNotFound not raised in testsuite beacuse of timezone issues. (LP: #983800)
    - Token authentication for a user in a disabled tenant does not raise
      Unauthorized error. (LP: #988920)
    - export_legacy_catalog doesn't convert url names correctly. (LP: #994936)
    - Following a password compromise and subsequent password change,
      tokens remain valid. (LP: #996595)
    - Tokens remain valid after a user account is disabled. (LP: #997194)
-- Adam Gandelman <email address hidden> Fri, 24 Aug 2012 03:34:59 -0400