Memcached token backend should work with any timezone
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Fix Released
|
Medium
|
You Yamagata | ||
| Grizzly |
Won't Fix
|
Medium
|
David Geng | ||
Bug Description
In configuration document, it looks like following configuration are required with memcache token backend.
- Memcached server's timezone is set to UTC.
- Timezone of both Memcached and Keystone server should be same.
So Keystone server's timezone is also set to UTC.
http://
I guess this limitation is caused by incorrect expiration time is set when tokens are generated.
backends/
time.mktime() return localtime, not UTC, so its value depends on time zone.
In my tests, if keystone server runs with UTC + N (N>=1), token authorization failed.
# run keystone server with UTC+1
> env TZ='UTC-1' tools/with_venv.sh bin/keystone-all
# get token
> env TZ=UTC tools/with_venv.sh keystone .. token-get
+------
| Property | Value |
+------
| expires | 2013-09-
| id | fecd5f9e1c1842f
| tenant_id | 7b1abdb5213a496
| user_id | 03a2d2e23ff94bf
+------
# use token
> env TZ=UTC curl -H "X-Auth-
{"error": {"message": "Could not find token, fecd5f9e1c1842f
| Changed in keystone: | |
| assignee: | nobody → You Yamagata (y-yamagata) |
| Dolph Mathews (dolph) wrote | #1 |
| Changed in keystone: | |
| importance: | Undecided → Medium |
| status: | New → In Progress |
| Changed in keystone: | |
| milestone: | none → havana-rc1 |
| status: | In Progress → Fix Committed |
| Changed in keystone: | |
| status: | Fix Committed → Fix Released |
| Changed in keystone: | |
| milestone: | havana-rc1 → 2013.2 |
| Alan Pevec (apevec) wrote | #3 |
| Morgan Fainberg (mdrnstm) wrote | #4 |
https:/