← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1459790] Re: With fernet tokens, validate token loses the ms on 'expires' value

 

** Changed in: keystone/kilo
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1459790

Title:
  With fernet tokens, validate token loses the ms on 'expires' value

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) kilo series:
  Fix Released

Bug description:
  With fernet tokens, the expires ms value is 0 when the token is
  validated.  So the 'expires' on the post token and the get token are
  different; this is not the case with uuid tokens.

  $ curl -s \
   -H "Content-Type: application/json" \
   -d '{ "auth":{ "tenantName":"testTenantName", "passwordCredentials":{ "username":"testUserName", "password":"password" }}}' \
  -X POST $KEYSTONE_ENDPOINT:5000/v2.0/tokens | python -mjson.tool

  post token portion of the response contains 'expires' with a ms value
  :

          "token": {
              "audit_ids": [
                  "eZtfF60tR7y5oAuL4LSr4w"
              ],
              "expires": "2015-05-28T20:50:56.015102Z",
              "id": "gAAAAABVZ2OQu3OunvR6FKklDdNWj95Aq-ju_sIhB9o0KRin2SpLRUa0C3H_XiV_RWN409Ma-Q7lIkA_S6mY3bnxgboJZ_qxUiTdzUscG5y_fSCUW5sQqmB2AI1rlmMetvTl6AnnRKzVHVlJlDKQNHuk0MzHM3IVr4-ysJ2AHBtmDfkdpRZCrFo%3D",
              "issued_at": "2015-05-28T18:50:56.015211Z",
              "tenant": {
                  "description": "Test tenant ...",
                  "enabled": true,
                  "id": "1c6e0d2ac4bf4cd5bc7666d86b28aee0",
                  "name": "testTenantName",
                  "parent_id": null
              }
          },

  If this token is validated, the expires ms now show as 000000Z

  $ curl -s \
   -H "Content-Type: application/json" \
   -H "X-Auth-Token: $ADMIN_TOKEN" \
  -X GET   $KEYSTONE_ENDPOINT:35357/v2.0/tokens/$USER_TOKEN | python -mjson.tool

  get token portion of the response contains 'expires' with ms = 000000Z

  ],
          "token": {
              "audit_ids": [
                  "lZwaM7oaShCZGQt0A9FaKA"
              ],
              "expires": "2015-05-28T20:27:24.000000Z",
              "id": "gAAAAABVZ14MKoaOBq4WBHaF1fqEKrN_nTrYYhwi8xrAisWmyJ52DJOrVlyxAoUuL_tfrGhslYVffRTosF5FqQVYlNq6hqU-qGzhueC4xVJZL8oitv0PfOdGfLgAWM1pciuiIdDLnWb-6oNrgZ9l1lHqn1kyuO0JVmS_YJfYI4YOt0o7ZfJhzFQ=",
              "issued_at": "2015-05-28T18:27:24.000000Z",
              "tenant": {
                  "description": "Test tenant ...",
                  "enabled": true,
                  "id": "1c6e0d2ac4bf4cd5bc7666d86b28aee0",
                  "name": "testTenantName",
                  "parent_id": null
              }
          },

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1459790/+subscriptions


References