diff options
| author | Guang Yee <guang.yee@hp.com> | 2013-02-27 22:53:23 -0800 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2013-03-05 19:34:57 +0000 |
| commit | ab6e5529513af656db512b888fed9b320391afbd (patch) | |
| tree | 216e798a79e2549ccd3ee8028903805016f11844 /keystone/auth | |
| parent | a8992277cd7dcde27deb7d3863370fd6bc9fd5ae (diff) | |
| download | keystone-ab6e5529513af656db512b888fed9b320391afbd.tar.gz keystone-ab6e5529513af656db512b888fed9b320391afbd.tar.xz keystone-ab6e5529513af656db512b888fed9b320391afbd.zip | |
bug 1134802: fix inconsistent format for expires_at and issued_at
Notice we have to use fraction of second precision to prevent PKI token ID
overlap.
Change-Id: Icfc192c08ab5b4db02547ef6f077fa7f32210835
Diffstat (limited to 'keystone/auth')
| -rw-r--r-- | keystone/auth/methods/token.py | 6 | ||||
| -rw-r--r-- | keystone/auth/token_factory.py | 29 |
2 files changed, 20 insertions, 15 deletions
diff --git a/keystone/auth/methods/token.py b/keystone/auth/methods/token.py index 05c5385d..10e99cfb 100644 --- a/keystone/auth/methods/token.py +++ b/keystone/auth/methods/token.py @@ -40,8 +40,10 @@ class Token(auth.AuthMethodHandler): token_ref = self.token_api.get_token(context, token_id) user_context.setdefault( 'user_id', token_ref['token_data']['token']['user']['id']) - user_context.setdefault( - 'expires', token_ref['token_data']['token']['expires']) + # to support Grizzly-3 to Grizzly-RC1 transition + expires_at = token_ref['token_data']['token'].get( + 'expires_at', token_ref['token_data']['token'].get('expires')) + user_context.setdefault('expires_at', expires_at) user_context['extras'].update( token_ref['token_data']['token']['extras']) user_context['method_names'].extend( diff --git a/keystone/auth/token_factory.py b/keystone/auth/token_factory.py index 4b1bf637..d6dc68f9 100644 --- a/keystone/auth/token_factory.py +++ b/keystone/auth/token_factory.py @@ -129,10 +129,10 @@ class TokenDataHelper(object): def _populate_token(self, token_data, expires=None): if not expires: expires = token_module.default_expire_time() - if not isinstance(expires, unicode): - expires = timeutils.isotime(expires) - token_data['expires'] = expires - token_data['issued_at'] = timeutils.strtime() + if not isinstance(expires, basestring): + expires = timeutils.isotime(expires, subsecond=True) + token_data['expires_at'] = expires + token_data['issued_at'] = timeutils.isotime(subsecond=True) def get_token_data(self, user_id, method_names, extras, domain_id=None, project_id=None, expires=None): @@ -168,7 +168,10 @@ def recreate_token_data(context, token_data=None, expires=None, project_id = (token_data['project']['id'] if 'project' in token_data else None) if not new_expires: - new_expires = token_data['expires'] + # support Grizzly-3 to Grizzly-RC1 transition + # tokens issued in G3 has 'expires' instead of 'expires_at' + new_expires = token_data.get('expires_at', + token_data.get('expires')) user_id = token_data['user']['id'] methods = token_data['methods'] extras = token_data['extras'] @@ -189,13 +192,13 @@ def create_token(context, auth_context, auth_info): (domain_id, project_id) = auth_info.get_scope() method_names = list(set(auth_info.get_method_names() + auth_context.get('method_names', []))) - token_data = token_data_helper.get_token_data(auth_context['user_id'], - method_names, - auth_context['extras'], - domain_id, - project_id, - auth_context.get('expires', - None)) + token_data = token_data_helper.get_token_data( + auth_context['user_id'], + method_names, + auth_context['extras'], + domain_id, + project_id, + auth_context.get('expires_at', None)) if CONF.signing.token_format == 'UUID': token_id = uuid.uuid4().hex elif CONF.signing.token_format == 'PKI': @@ -209,7 +212,7 @@ def create_token(context, auth_context, auth_info): CONF.signing.token_format) token_api = token_module.Manager() try: - expiry = token_data['token']['expires'] + expiry = token_data['token']['expires_at'] if isinstance(expiry, basestring): expiry = timeutils.parse_isotime(expiry) role_ids = [] |