yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1221087] Re: Memcached token backend should work with any timezone

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Morgan Fainberg <morgan.fainberg@xxxxxxxxx>
Date: Wed, 04 Jun 2014 23:36:22 -0000
Reply-to: Bug 1221087 <1221087@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Grizzly is EOL, wont fix the grizzly branch at this point. Havana and
beyond have this fix.

** Changed in: keystone/grizzly
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1221087

Title:
  Memcached token backend should work with any timezone

Status in OpenStack Identity (Keystone):
  Fix Released
Status in Keystone grizzly series:
  Won't Fix

Bug description:
  In configuration document, it looks like following configuration are
  required with memcache token backend.

  - Memcached server's timezone is set to UTC.
  - Timezone of both Memcached and Keystone server should be same.
  So Keystone server's timezone is  also set to UTC.

  http://docs.openstack.org/developer/keystone/configuration.html
  #memcached-and-system-time

  I guess this limitation is caused by incorrect expiration time is set
  when tokens are generated.

  backends/memcache.py call utils.unixtime() and it calls time.mktime().
  time.mktime() return localtime, not UTC, so its value depends on time zone.

  In my tests, if keystone server runs with UTC + N (N>=1), token
  authorization failed.

  # run keystone server with UTC+1
  > env TZ='UTC-1' tools/with_venv.sh bin/keystone-all
  # get token
  > env TZ=UTC tools/with_venv.sh keystone .. token-get
  +-----------+----------------------------------+
  |  Property |              Value               |
  +-----------+----------------------------------+
  |  expires  |       2013-09-05T08:38:14Z       |
  |     id    | fecd5f9e1c1842f0a60d86a07584fca4 |
  | tenant_id | 7b1abdb5213a4962bcaf04a7e0881a91 |
  |  user_id  | 03a2d2e23ff94bfa908856d2c1081110 |
  +-----------+----------------------------------+
  # use token
  > env TZ=UTC curl -H "X-Auth-Token:$TOKEN"  http://localhost:5000/v2.0/tenants
  {"error": {"message": "Could not find token, fecd5f9e1c1842f0a60d86a07584fca4.", "code": 401, "title": "Unauthorized"}}

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1221087/+subscriptions