yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1531233] Re: improve oauth skew to base off uptime

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: James Falcon <1531233@xxxxxxxxxxxxxxxxxx>
Date: Wed, 10 May 2023 10:20:19 -0000
Reply-to: Bug 1531233 <1531233@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Tracked in Github Issues as https://github.com/canonical/cloud-
init/issues/2607

** Bug watch added: github.com/canonical/cloud-init/issues #2607
https://github.com/canonical/cloud-init/issues/2607

** Changed in: cloud-init
Status: Confirmed => Expired

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1531233

Title:
improve oauth skew to base off uptime

Status in cloud-init:
Expired
Status in curtin:
Confirmed

Bug description:
when doing oauth, each request needs to include a timestamp that matches a window of the host's clock.
So, if our local clock is broken we need to adjust it. Cloud-init and curtin handle this by adding a 'skew', and recently store that skew in a dictionary for later reference. The issue though is that currently we store the skew off the current local time. This works fine until the local time is updated, and then it would result in us having a *bad* offset where using none would work.

During boot, ntp or systemd-network-timed might update the clock, so
we have to be aware of that.

My plan for a fix is to use uptime as an always increasing/stable
clock.

To address the fact that a clock could be wildly inaccurate, we can
discard the stored skew if it is older than 10 minutes or some
reasonably large value.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1531233/+subscriptions

References

[Bug 1531233] [NEW] improve oauth skew to base off uptime
From: Scott Moser, 2016-01-05