Memcached token backend should work with any timezone

Bug #1221087 reported by You Yamagata on 2013-09-05
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
You Yamagata
David Geng

Bug Description

In configuration document, it looks like following configuration are required with memcache token backend.

- Memcached server's timezone is set to UTC.
- Timezone of both Memcached and Keystone server should be same.
So Keystone server's timezone is also set to UTC.

I guess this limitation is caused by incorrect expiration time is set when tokens are generated.

backends/ call utils.unixtime() and it calls time.mktime().
time.mktime() return localtime, not UTC, so its value depends on time zone.

In my tests, if keystone server runs with UTC + N (N>=1), token authorization failed.

# run keystone server with UTC+1
> env TZ='UTC-1' tools/ bin/keystone-all
# get token
> env TZ=UTC tools/ keystone .. token-get
| Property | Value |
| expires | 2013-09-05T08:38:14Z |
| id | fecd5f9e1c1842f0a60d86a07584fca4 |
| tenant_id | 7b1abdb5213a4962bcaf04a7e0881a91 |
| user_id | 03a2d2e23ff94bfa908856d2c1081110 |
# use token
> env TZ=UTC curl -H "X-Auth-Token:$TOKEN" http://localhost:5000/v2.0/tenants
{"error": {"message": "Could not find token, fecd5f9e1c1842f0a60d86a07584fca4.", "code": 401, "title": "Unauthorized"}}

Changed in keystone:
assignee: nobody → You Yamagata (y-yamagata)
Dolph Mathews (dolph) wrote :
Changed in keystone:
importance: Undecided → Medium
status: New → In Progress
Dolph Mathews (dolph) on 2013-09-06
Changed in keystone:
milestone: none → havana-rc1
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-10-02
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-rc1 → 2013.2
Alan Pevec (apevec) wrote :

Proposed for stable/grizzly

Morgan Fainberg (mdrnstm) wrote :

Grizzly is EOL, wont fix the grizzly branch at this point. Havana and beyond have this fix.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers