Browse Source

Use UTC for expiration date of tokens

Keystone assumes UTC for expires_at dates when generating auth
tokens, so set the the expires_at to UTC timezone before making
the request.

Change-Id: I55cb6ccf7a8cf79057d5699372ecd27bf936643f
Closes-Bug: #1903208
Billy Olsen 7 months ago
1 changed files with 5 additions and 1 deletions
  1. +5

+ 5
- 1
tools/cluster/cluster/ View File

@ -5,6 +5,7 @@ import secrets
import argparse
from datetime import datetime
from datetime import timezone
from dateutil.relativedelta import relativedelta
from oslo_serialization import (
@ -48,7 +49,10 @@ def _create_credential():
# TODO: make the expiration time customizable since this may be used by
# automation or during live demonstrations where the lag between issuance
# and usage may be more than the expiration time.
expires_at = + VALIDITY_PERIOD
# NOTE(wolsen): LP#1903208 expiration stamps passed to keystone without
# timezone information are assumed to be UTC. Explicitly use UTC to get
# an expiration at the right time.
expires_at = + VALIDITY_PERIOD
# Role objects themselves are not tied to a specific domain by default
# - this does not affect role assignments themselves which are scoped.