← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1459790] [NEW] With fernet tokens, validate token loses the ms on 'expires' value

 

Public bug reported:

With fernet tokens, the expires ms value is 0 when the token is
validated.  So the 'expires' on the post token and the get token are
different; this is not the case with uuid tokens.

$ curl -s \
 -H "Content-Type: application/json" \
 -d '{ "auth":{ "tenantName":"testTenantName", "passwordCredentials":{ "username":"testUserName", "password":"password" }}}' \
-X POST $KEYSTONE_ENDPOINT:5000/v2.0/tokens | python -mjson.tool

post token portion of the response contains 'expires' with a ms value :

        "token": {
            "audit_ids": [
                "eZtfF60tR7y5oAuL4LSr4w"
            ],
            "expires": "2015-05-28T20:50:56.015102Z",
            "id": "gAAAAABVZ2OQu3OunvR6FKklDdNWj95Aq-ju_sIhB9o0KRin2SpLRUa0C3H_XiV_RWN409Ma-Q7lIkA_S6mY3bnxgboJZ_qxUiTdzUscG5y_fSCUW5sQqmB2AI1rlmMetvTl6AnnRKzVHVlJlDKQNHuk0MzHM3IVr4-ysJ2AHBtmDfkdpRZCrFo%3D",
            "issued_at": "2015-05-28T18:50:56.015211Z",
            "tenant": {
                "description": "Test tenant ...",
                "enabled": true,
                "id": "1c6e0d2ac4bf4cd5bc7666d86b28aee0",
                "name": "testTenantName",
                "parent_id": null
            }
        },

If this token is validated, the expires ms now show as 000000Z

$ curl -s \
 -H "Content-Type: application/json" \
 -H "X-Auth-Token: $ADMIN_TOKEN" \
-X GET   $KEYSTONE_ENDPOINT:35357/v2.0/tokens/$USER_TOKEN | python -mjson.tool

get token portion of the response contains 'expires' with ms = 000000Z

],
        "token": {
            "audit_ids": [
                "lZwaM7oaShCZGQt0A9FaKA"
            ],
            "expires": "2015-05-28T20:27:24.000000Z",
            "id": "gAAAAABVZ14MKoaOBq4WBHaF1fqEKrN_nTrYYhwi8xrAisWmyJ52DJOrVlyxAoUuL_tfrGhslYVffRTosF5FqQVYlNq6hqU-qGzhueC4xVJZL8oitv0PfOdGfLgAWM1pciuiIdDLnWb-6oNrgZ9l1lHqn1kyuO0JVmS_YJfYI4YOt0o7ZfJhzFQ=",
            "issued_at": "2015-05-28T18:27:24.000000Z",
            "tenant": {
                "description": "Test tenant ...",
                "enabled": true,
                "id": "1c6e0d2ac4bf4cd5bc7666d86b28aee0",
                "name": "testTenantName",
                "parent_id": null
            }
        },

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1459790

Title:
  With fernet tokens, validate token loses the ms on 'expires' value

Status in OpenStack Identity (Keystone):
  New

Bug description:
  With fernet tokens, the expires ms value is 0 when the token is
  validated.  So the 'expires' on the post token and the get token are
  different; this is not the case with uuid tokens.

  $ curl -s \
   -H "Content-Type: application/json" \
   -d '{ "auth":{ "tenantName":"testTenantName", "passwordCredentials":{ "username":"testUserName", "password":"password" }}}' \
  -X POST $KEYSTONE_ENDPOINT:5000/v2.0/tokens | python -mjson.tool

  post token portion of the response contains 'expires' with a ms value
  :

          "token": {
              "audit_ids": [
                  "eZtfF60tR7y5oAuL4LSr4w"
              ],
              "expires": "2015-05-28T20:50:56.015102Z",
              "id": "gAAAAABVZ2OQu3OunvR6FKklDdNWj95Aq-ju_sIhB9o0KRin2SpLRUa0C3H_XiV_RWN409Ma-Q7lIkA_S6mY3bnxgboJZ_qxUiTdzUscG5y_fSCUW5sQqmB2AI1rlmMetvTl6AnnRKzVHVlJlDKQNHuk0MzHM3IVr4-ysJ2AHBtmDfkdpRZCrFo%3D",
              "issued_at": "2015-05-28T18:50:56.015211Z",
              "tenant": {
                  "description": "Test tenant ...",
                  "enabled": true,
                  "id": "1c6e0d2ac4bf4cd5bc7666d86b28aee0",
                  "name": "testTenantName",
                  "parent_id": null
              }
          },

  If this token is validated, the expires ms now show as 000000Z

  $ curl -s \
   -H "Content-Type: application/json" \
   -H "X-Auth-Token: $ADMIN_TOKEN" \
  -X GET   $KEYSTONE_ENDPOINT:35357/v2.0/tokens/$USER_TOKEN | python -mjson.tool

  get token portion of the response contains 'expires' with ms = 000000Z

  ],
          "token": {
              "audit_ids": [
                  "lZwaM7oaShCZGQt0A9FaKA"
              ],
              "expires": "2015-05-28T20:27:24.000000Z",
              "id": "gAAAAABVZ14MKoaOBq4WBHaF1fqEKrN_nTrYYhwi8xrAisWmyJ52DJOrVlyxAoUuL_tfrGhslYVffRTosF5FqQVYlNq6hqU-qGzhueC4xVJZL8oitv0PfOdGfLgAWM1pciuiIdDLnWb-6oNrgZ9l1lHqn1kyuO0JVmS_YJfYI4YOt0o7ZfJhzFQ=",
              "issued_at": "2015-05-28T18:27:24.000000Z",
              "tenant": {
                  "description": "Test tenant ...",
                  "enabled": true,
                  "id": "1c6e0d2ac4bf4cd5bc7666d86b28aee0",
                  "name": "testTenantName",
                  "parent_id": null
              }
          },

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1459790/+subscriptions


Follow ups

References