TokenNotFound not raised in testsuite because of timezone issues

Bug #983800 reported by Ionuț Arțăriși on 2012-04-17
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Low
Mark McLoughlin
Essex
Undecided
Ionuț Arțăriși
keystone (Ubuntu)
Undecided
Unassigned
Precise
Undecided
Unassigned

Bug Description

We were getting a few failing tests because of this timezone issue. The TokenNotFound error is being raised (in keystone/token/backends/[kvs|memcached|sql] by checking datetime.utcnow(), but the tests used datetime.now()

=====================================================================
FAIL: test_expired_token (tests.test_backend_kvs.KvsToken)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/var/lib/openstack-keystone-test/tests/test_backend.py", line 333, in test_expired_token
self.token_api.get_token, token_id)
AssertionError: TokenNotFound not raised

======================================================================
FAIL: test_expired_token (tests.test_backend_memcache.MemcacheToken)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/var/lib/openstack-keystone-test/tests/test_backend.py", line 333, in test_expired_token
self.token_api.get_token, token_id)
AssertionError: TokenNotFound not raised

======================================================================
FAIL: test_expired_token (tests.test_backend_sql.SqlToken)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/var/lib/openstack-keystone-test/tests/test_backend.py", line 333, in test_expired_token
self.token_api.get_token, token_id)
AssertionError: TokenNotFound not raised

Changed in keystone:
assignee: nobody → Ionuț Arțăriși (iartarisi)
status: New → In Progress
Ionuț Arțăriși (mapleoin) wrote :

Can we get this in essex?

Dolph Mathews (dolph) wrote :

I like the proposed fix ( https://review.openstack.org/#/c/6596/ ), but I don't think it's necessary to backport to stable. I'm guessing most packagers would skip the patch anyway.

Changed in keystone:
importance: Undecided → Low
Changed in keystone:
assignee: Ionuț Arțăriși (iartarisi) → Mark McLoughlin (markmc)
Ionuț Arțăriși (mapleoin) wrote :

I think it would be really helpful to get this and other small and unobtrusive patches to the test modules like these backported.

We're following stable/essex right now in our CI setup. I think we're not the only ones doing this. There is an incentive to get our fixes upstream so we don't have to maintain them ourselves. If we had to create a separate repository based on stable/essex to contain the backports we need from master, that incentive would go away.

Reviewed: https://review.openstack.org/6403
Committed: http://github.com/openstack/keystone/commit/4cd2945740d37119be57f35e41afe3f2ab999114
Submitter: Jenkins
Branch: master

commit 4cd2945740d37119be57f35e41afe3f2ab999114
Author: Mark McLoughlin <email address hidden>
Date: Tue Apr 10 13:35:30 2012 +0100

    Fix expired token tests

    Fixes bug #983800

    The expiration timestamps are expressed in UTC time, so ensure:

     1) The timestamp of the token created by the test is UTC time (i.e.
        utcnow() vs now())

     2) The expiration check in the dummy memcache client properly
        accounts for UTC (i.e. utctimetuple() vs timetuple())

    Change-Id: Ie7356456f79ab5a8070a79771bb7d210b1cedd47

Changed in keystone:
status: In Progress → Fix Committed
Mark McLoughlin (markmc) wrote :

I think this makes sense on essex

Downstream distributors often run the unit tests as part of their build process, so we should accept fixes like this for the tests

Mark McLoughlin (markmc) wrote :

Oh, in case it's not clear - Ionut is a downstream distributor and it sounds like they're running the tests during their builds

tags: added: essex-backport
Joseph Heck (heckj) on 2012-05-20
Changed in keystone:
milestone: none → folsom-1
Thierry Carrez (ttx) on 2012-05-23
Changed in keystone:
status: Fix Committed → Fix Released

Reviewed: https://review.openstack.org/7481
Committed: http://github.com/openstack/keystone/commit/f70505ced12ae7319dedaf75bedb964c7469c6dd
Submitter: Jenkins
Branch: stable/essex

commit f70505ced12ae7319dedaf75bedb964c7469c6dd
Author: Mark McLoughlin <email address hidden>
Date: Tue Apr 10 13:35:30 2012 +0100

    Fix expired token tests

    Fixes bug #983800

    The expiration timestamps are expressed in UTC time, so ensure:

     1) The timestamp of the token created by the test is UTC time (i.e.
        utcnow() vs now())

     2) The expiration check in the dummy memcache client properly
        accounts for UTC (i.e. utctimetuple() vs timetuple())

    Change-Id: Ie7356456f79ab5a8070a79771bb7d210b1cedd47

Dave Walker (davewalker) on 2012-08-24
Changed in keystone (Ubuntu):
status: New → Fix Released
Changed in keystone (Ubuntu Precise):
status: New → Confirmed

Please find the attached test log from the Ubuntu Server Team's CI infrastructure. As part of the verification process for this bug, Keystone has been deployed and configured across multiple nodes using precise-proposed as an installation source. After successful bring-up and configuration of the cluster, a number of exercises and smoke tests have be invoked to ensure the updated package did not introduce any regressions. A number of test iterations were carried out to catch any possible transient errors.

Please Note the list of installed packages at the top and bottom of the report.

For records of upstream test coverage of this update, please see the Jenkins links in the comments of the relevant upstream code-review(s):

Trunk review: https://review.openstack.org/6403
Stable review: https://review.openstack.org/7481

As per the provisional Micro Release Exception granted to this package by the Technical Board, we hope this contributes toward verification of this update.

Adam Gandelman (gandelman-a) wrote :

Test coverage log.

tags: added: verification-done

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package keystone - 2012.1+stable~20120824-a16a0ab9-0ubuntu2

---------------
keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2) precise-proposed; urgency=low

  * New upstream release (LP: #1041120):
    - debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch:
      Dropped.
  * Resynchronize with stable/essex:
    - authenticate in ldap backend doesn't return a list of roles
      (LP: #1035428)
    - LDAP should not check username on "sn" field (LP: #997700)
    - Admin API doesn't valid token. (LP: #1006815, #1006822)
    - Memcache token backend eventually stops working. (LP: #1012381)
    - EC2 credentials not migrated from legacy (diablo) database. (LP: #1016056)
    - Deleting tenants or users does not cleanup metadata. (LP: #973243)
    - Deleting tenants does not cleanup its user associations. (LP: #974199)
    - TokenNotFound not raised in testsuite beacuse of timezone issues. (LP: #983800)
    - Token authentication for a user in a disabled tenant does not raise
      Unauthorized error. (LP: #988920)
    - export_legacy_catalog doesn't convert url names correctly. (LP: #994936)
    - Following a password compromise and subsequent password change,
      tokens remain valid. (LP: #996595)
    - Tokens remain valid after a user account is disabled. (LP: #997194)
 -- Adam Gandelman <email address hidden> Fri, 24 Aug 2012 03:34:59 -0400

Changed in keystone (Ubuntu Precise):
status: Confirmed → Fix Released
Thierry Carrez (ttx) on 2012-09-27
Changed in keystone:
milestone: folsom-1 → 2012.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers