Convert revocation list file last modified to UTC

On a restart of a service using auth_token middleware, the last modified time of the revocation list file is checked to decide whether to get the fresh list from keystone. In server timezones that are ahead of UTC, this compares a local time with UTC. This means whenever a service is restarted it doesn't update the revocation list for the length of the timezone offset from UTC. This change converts the last modified time to UTC when it's first read, so the comparison is valid. Closes-bug: 1204000 Change-Id: I623b6273beb56f8da2a8649a10a64318da8cd6bc
2013-07-23 17:28:09 +10:00
parent dca1d4259d
commit 275315a46e
2 changed files with 42 additions and 4 deletions
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -1191,7 +1191,7 @@ class AuthProtocol(object):
            # modification time.
            if os.path.exists(self.revoked_file_name):
                mtime = os.path.getmtime(self.revoked_file_name)
-                fetched_time = datetime.datetime.fromtimestamp(mtime)
+                fetched_time = datetime.datetime.utcfromtimestamp(mtime)
            # Otherwise the list will need to be fetched.
            else:
                fetched_time = datetime.datetime.min
--- a/keystoneclient/tests/test_auth_token_middleware.py
+++ b/keystoneclient/tests/test_auth_token_middleware.py
@@ -23,6 +23,7 @@ import stat
 import sys
 import tempfile
 import testtools
+import time
 import uuid

 import fixtures
@@ -141,6 +142,33 @@ class DisableModuleFixture(fixtures.Fixture):
        sys.meta_path.insert(0, finder)


+class TimezoneFixture(fixtures.Fixture):
+    @staticmethod
+    def supported():
+        # tzset is only supported on Unix.
+        return hasattr(time, 'tzset')
+
+    def __init__(self, new_tz):
+        super(TimezoneFixture, self).__init__()
+        self.tz = new_tz
+        self.old_tz = os.environ.get('TZ', None)
+
+    def setUp(self):
+        super(TimezoneFixture, self).setUp()
+        if not self.supported():
+            raise NotImplementedError('timezone override is not supported.')
+        os.environ['TZ'] = self.tz
+        time.tzset()
+        self.addCleanup(self.cleanup)
+
+    def cleanup(self):
+        if self.old_tz is not None:
+            os.environ['TZ'] = self.old_tz
+        elif 'TZ' in os.environ:
+            del os.environ['TZ']
+        time.tzset()
+
+
 class FakeSwiftOldMemcacheClient(memorycache.Client):
    # NOTE(vish,chmou): old swift memcache uses param timeout instead of time
    def set(self, key, value, timeout=0, min_compress_len=0):
@@ -506,9 +534,19 @@ class CommonAuthTokenMiddlewareTest(object):
    def test_get_token_revocation_list_fetched_time_returns_mtime(self):
        self.middleware.token_revocation_list_fetched_time = None
        mtime = os.path.getmtime(self.middleware.revoked_file_name)
-        fetched_time = datetime.datetime.fromtimestamp(mtime)
-        self.assertEqual(self.middleware.token_revocation_list_fetched_time,
-                         fetched_time)
+        fetched_time = datetime.datetime.utcfromtimestamp(mtime)
+        self.assertEqual(fetched_time,
+                         self.middleware.token_revocation_list_fetched_time)
+
+    @testtools.skipUnless(TimezoneFixture.supported(),
+                          'TimezoneFixture not supported')
+    def test_get_token_revocation_list_fetched_time_returns_utc(self):
+        with TimezoneFixture('UTC-1'):
+            self.middleware.token_revocation_list = jsonutils.dumps(
+                client_fixtures.REVOCATION_LIST)
+            self.middleware.token_revocation_list_fetched_time = None
+            fetched_time = self.middleware.token_revocation_list_fetched_time
+            self.assertTrue(timeutils.is_soon(fetched_time, 1))

    def test_get_token_revocation_list_fetched_time_returns_value(self):
        expected = self.middleware._token_revocation_list_fetched_time