Browse Source

Use UTC for expiration date of tokens

Keystone assumes UTC for expires_at dates when generating auth
tokens, so set the the expires_at to UTC timezone before making
the request.

Change-Id: I55cb6ccf7a8cf79057d5699372ecd27bf936643f
Closes-Bug: #1903208
changes/97/761697/1
Billy Olsen 7 months ago
parent
commit
d7f3c1229f
1 changed files with 5 additions and 1 deletions
  1. +5
    -1
      tools/cluster/cluster/add_compute.py

+ 5
- 1
tools/cluster/cluster/add_compute.py View File

@ -5,6 +5,7 @@ import secrets
import argparse
from datetime import datetime
from datetime import timezone
from dateutil.relativedelta import relativedelta
from oslo_serialization import (
@ -48,7 +49,10 @@ def _create_credential():
# TODO: make the expiration time customizable since this may be used by
# automation or during live demonstrations where the lag between issuance
# and usage may be more than the expiration time.
expires_at = datetime.now() + VALIDITY_PERIOD
# NOTE(wolsen): LP#1903208 expiration stamps passed to keystone without
# timezone information are assumed to be UTC. Explicitly use UTC to get
# an expiration at the right time.
expires_at = datetime.now(tz=timezone.utc) + VALIDITY_PERIOD
# Role objects themselves are not tied to a specific domain by default
# - this does not affect role assignments themselves which are scoped.


Loading…
Cancel
Save