yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1294862] Re: Token expiration time with memcache->kvs->dogpile is wrong

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dolph Mathews <1294862@xxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Mar 2014 12:10:41 -0000
Reply-to: Bug 1294862 <1294862@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Actually appears to be the offending code in 0.3.2, which has since been
fixed:

  https://github.com/openstack/python-
keystoneclient/blob/0.3.2/keystoneclient/middleware/auth_token.py#L1022-L1025

** Changed in: keystone
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1294862

Title:
  Token expiration time with memcache->kvs->dogpile is wrong

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  There seems to be a bug somewhere when creating the expiration field
  for tokens when using the new memcached->kvs->dogpile->memcached
  storage for tokens.

  Aystems are UTC+1 (HW clock, TZ Europe/Oslo), and "[token] expiration
  = 3600" in configuration, wich is the default.

  No requests to any API services (except keystone) worked, all systems
  reported that token is expired.

  Put in some debugging, and it seems the expiration is set to UTC +
  conf.token.expiration, wich in my case actually is the same time as
  now().

  Setting expiration to a higher value than 3600 makes the token valid.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1294862/+subscriptions

References

[Bug 1294862] [NEW] Token expiration time with memcache->kvs->dogpile is wrong
From: Dag Stenstad, 2014-03-19