From 275315a46e69a0c072259705b7738272baad9f8d Mon Sep 17 00:00:00 2001 From: Kieran Spear Date: Tue, 23 Jul 2013 17:28:09 +1000 Subject: [PATCH] Convert revocation list file last modified to UTC On a restart of a service using auth_token middleware, the last modified time of the revocation list file is checked to decide whether to get the fresh list from keystone. In server timezones that are ahead of UTC, this compares a local time with UTC. This means whenever a service is restarted it doesn't update the revocation list for the length of the timezone offset from UTC. This change converts the last modified time to UTC when it's first read, so the comparison is valid. Closes-bug: 1204000 Change-Id: I623b6273beb56f8da2a8649a10a64318da8cd6bc --- keystoneclient/middleware/auth_token.py | 2 +- .../tests/test_auth_token_middleware.py | 44 +++++++++++++++++-- 2 files changed, 42 insertions(+), 4 deletions(-) diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py index 1a13d8004..3d3cb9864 100644 --- a/keystoneclient/middleware/auth_token.py +++ b/keystoneclient/middleware/auth_token.py @@ -1191,7 +1191,7 @@ class AuthProtocol(object): # modification time. if os.path.exists(self.revoked_file_name): mtime = os.path.getmtime(self.revoked_file_name) - fetched_time = datetime.datetime.fromtimestamp(mtime) + fetched_time = datetime.datetime.utcfromtimestamp(mtime) # Otherwise the list will need to be fetched. else: fetched_time = datetime.datetime.min diff --git a/keystoneclient/tests/test_auth_token_middleware.py b/keystoneclient/tests/test_auth_token_middleware.py index 875844f1b..b31be6ef0 100644 --- a/keystoneclient/tests/test_auth_token_middleware.py +++ b/keystoneclient/tests/test_auth_token_middleware.py @@ -23,6 +23,7 @@ import stat import sys import tempfile import testtools +import time import uuid import fixtures @@ -141,6 +142,33 @@ class DisableModuleFixture(fixtures.Fixture): sys.meta_path.insert(0, finder) +class TimezoneFixture(fixtures.Fixture): + @staticmethod + def supported(): + # tzset is only supported on Unix. + return hasattr(time, 'tzset') + + def __init__(self, new_tz): + super(TimezoneFixture, self).__init__() + self.tz = new_tz + self.old_tz = os.environ.get('TZ', None) + + def setUp(self): + super(TimezoneFixture, self).setUp() + if not self.supported(): + raise NotImplementedError('timezone override is not supported.') + os.environ['TZ'] = self.tz + time.tzset() + self.addCleanup(self.cleanup) + + def cleanup(self): + if self.old_tz is not None: + os.environ['TZ'] = self.old_tz + elif 'TZ' in os.environ: + del os.environ['TZ'] + time.tzset() + + class FakeSwiftOldMemcacheClient(memorycache.Client): # NOTE(vish,chmou): old swift memcache uses param timeout instead of time def set(self, key, value, timeout=0, min_compress_len=0): @@ -506,9 +534,19 @@ class CommonAuthTokenMiddlewareTest(object): def test_get_token_revocation_list_fetched_time_returns_mtime(self): self.middleware.token_revocation_list_fetched_time = None mtime = os.path.getmtime(self.middleware.revoked_file_name) - fetched_time = datetime.datetime.fromtimestamp(mtime) - self.assertEqual(self.middleware.token_revocation_list_fetched_time, - fetched_time) + fetched_time = datetime.datetime.utcfromtimestamp(mtime) + self.assertEqual(fetched_time, + self.middleware.token_revocation_list_fetched_time) + + @testtools.skipUnless(TimezoneFixture.supported(), + 'TimezoneFixture not supported') + def test_get_token_revocation_list_fetched_time_returns_utc(self): + with TimezoneFixture('UTC-1'): + self.middleware.token_revocation_list = jsonutils.dumps( + client_fixtures.REVOCATION_LIST) + self.middleware.token_revocation_list_fetched_time = None + fetched_time = self.middleware.token_revocation_list_fetched_time + self.assertTrue(timeutils.is_soon(fetched_time, 1)) def test_get_token_revocation_list_fetched_time_returns_value(self): expected = self.middleware._token_revocation_list_fetched_time