Co-authored-by: Adam Young <ayoung@redhat.com>
Token revocations are captured in the backends,
During upgrade, all previous tickets are defaulted to valid.
Revocation list returned as a signed document and can be fetched in an admin context via HTTP
Change config values for enable diable PKI
In the auth_token middleware, the revocation list is fetched prior
to validating tokens. Any tokens that are on the revocation list
will be treated as invalid.
Added in PKI token tests that check the same logic as the UUID tests.
Sample data for the tests is read out of the signing directory.
dropped number on sql scripts to pass tests.
Also fixes 1031373
Bug 1037683
Change-Id: Icef2f173e50fe3cce4273c161f69d41259bf5d23
Implements blueprint use-common-timeutils
1. Edit openstack-common.conf and import keystone/openstack/common/timeutils.py
2. Replace datetime.utcnow with timeutils.utcnow
3. Replace utils.isotime with timeutils.isotime
4. Remove utils.isotime in common/utils.py and datetime related unittest
Change-Id: I4f5a63a368fde8787a0dc0a817c940de685b9ca2
Fixes bug #983800
The expiration timestamps are expressed in UTC time, so ensure:
1) The timestamp of the token created by the test is UTC time (i.e.
utcnow() vs now())
2) The expiration check in the dummy memcache client properly
accounts for UTC (i.e. utctimetuple() vs timetuple())
Change-Id: Ie7356456f79ab5a8070a79771bb7d210b1cedd47
