yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #52929
[Bug 1597077] [NEW] Mitaka token 'expires' padding differs between POST and GET/HEAD
Public bug reported:
We are using fernet tokens and found that with Mitaka the 'expires'
values returned by the token POST and token GET/HEAD differ when one
would expect these to be the same.
POST /v2.0/tokens
Response:
{"access": {
"token": {
"issued_at": "2016-06-28T18:48:56.000000Z",
"expires": "2016-06-28T20:48:56Z",
"id": "gAAAAABXcsaYGn-YFLOkLMfgq0JeBePL9s4WxiYbgSOyrAC83nUJhJh4c3xMTi_ZhaXkWH1S5BmvsvJwj90I_bKgiJlv5fQf7-wCdyPtTd7O_TcAleIBj7uOhcFhC1au7Fx9qnAkdg6DBIX_EiQLaC_ylB87nl05nQ",
"audit_ids": ["OGGd2bYeTQOi-ZHZ5vYqVw"]
},
"serviceCatalog": [],
"user": {
"username": "account1",
"roles_links": [],
"id": "af4012992a154f158201f0590013bc32",
"roles": [],
"name": "account1"
},
"metadata": {
"is_admin": 0,
"roles": []
}
}}
GET /v2.0/tokens/gAAAAABXcsaYGn-
YFLOkLMfgq0JeBePL9s4WxiYbgSOyrAC83nUJhJh4c3xMTi_ZhaXkWH1S5BmvsvJwj90I_bKgiJlv5fQf7-wCdyPtTd7O_TcAleIBj7uOhcFhC1au7Fx9qnAkdg6DBIX_EiQLaC_ylB87nl05nQ
Response:
{"access": {
"token": {
"issued_at": "2016-06-28T18:48:56.000000Z",
"expires": "2016-06-28T20:48:56.000000Z",
"id": "gAAAAABXcsaYGn-YFLOkLMfgq0JeBePL9s4WxiYbgSOyrAC83nUJhJh4c3xMTi_ZhaXkWH1S5BmvsvJwj90I_bKgiJlv5fQf7-wCdyPtTd7O_TcAleIBj7uOhcFhC1au7Fx9qnAkdg6DBIX_EiQLaC_ylB87nl05nQ",
"audit_ids": ["OGGd2bYeTQOi-ZHZ5vYqVw"]
},
"serviceCatalog": [],
"user": {
"username": "account1",
"roles_links": [],
"id": "af4012992a154f158201f0590013bc32",
"roles": [],
"name": "account1"
},
"metadata": {
"is_admin": 0,
"roles": []
}
}}
The POST response:"expires": "2016-06-28T20:48:56Z",
The GET response: "expires": "2016-06-28T20:48:56.000000Z",
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1597077
Title:
Mitaka token 'expires' padding differs between POST and GET/HEAD
Status in OpenStack Identity (keystone):
New
Bug description:
We are using fernet tokens and found that with Mitaka the 'expires'
values returned by the token POST and token GET/HEAD differ when one
would expect these to be the same.
POST /v2.0/tokens
Response:
{"access": {
"token": {
"issued_at": "2016-06-28T18:48:56.000000Z",
"expires": "2016-06-28T20:48:56Z",
"id": "gAAAAABXcsaYGn-YFLOkLMfgq0JeBePL9s4WxiYbgSOyrAC83nUJhJh4c3xMTi_ZhaXkWH1S5BmvsvJwj90I_bKgiJlv5fQf7-wCdyPtTd7O_TcAleIBj7uOhcFhC1au7Fx9qnAkdg6DBIX_EiQLaC_ylB87nl05nQ",
"audit_ids": ["OGGd2bYeTQOi-ZHZ5vYqVw"]
},
"serviceCatalog": [],
"user": {
"username": "account1",
"roles_links": [],
"id": "af4012992a154f158201f0590013bc32",
"roles": [],
"name": "account1"
},
"metadata": {
"is_admin": 0,
"roles": []
}
}}
GET /v2.0/tokens/gAAAAABXcsaYGn-
YFLOkLMfgq0JeBePL9s4WxiYbgSOyrAC83nUJhJh4c3xMTi_ZhaXkWH1S5BmvsvJwj90I_bKgiJlv5fQf7-wCdyPtTd7O_TcAleIBj7uOhcFhC1au7Fx9qnAkdg6DBIX_EiQLaC_ylB87nl05nQ
Response:
{"access": {
"token": {
"issued_at": "2016-06-28T18:48:56.000000Z",
"expires": "2016-06-28T20:48:56.000000Z",
"id": "gAAAAABXcsaYGn-YFLOkLMfgq0JeBePL9s4WxiYbgSOyrAC83nUJhJh4c3xMTi_ZhaXkWH1S5BmvsvJwj90I_bKgiJlv5fQf7-wCdyPtTd7O_TcAleIBj7uOhcFhC1au7Fx9qnAkdg6DBIX_EiQLaC_ylB87nl05nQ",
"audit_ids": ["OGGd2bYeTQOi-ZHZ5vYqVw"]
},
"serviceCatalog": [],
"user": {
"username": "account1",
"roles_links": [],
"id": "af4012992a154f158201f0590013bc32",
"roles": [],
"name": "account1"
},
"metadata": {
"is_admin": 0,
"roles": []
}
}}
The POST response:"expires": "2016-06-28T20:48:56Z",
The GET response: "expires": "2016-06-28T20:48:56.000000Z",
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1597077/+subscriptions
Follow ups
