x
/
microstack
Code Issues Proposed changes

Use UTC for expiration date of tokens 

Keystone assumes UTC for expires_at dates when generating auth
tokens, so set the the expires_at to UTC timezone before making
the request.

Change-Id: I55cb6ccf7a8cf79057d5699372ecd27bf936643f
Closes-Bug: #1903208
This commit is contained in:
Billy Olsen 2020-11-05 20:42:03 -07:00
parent c19525476d
commit d7f3c1229f
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tools/cluster/cluster/add_compute.py
View File

@ -5,6 +5,7 @@ import secrets
import argparse
from datetime import datetime
from datetime import timezone
from dateutil.relativedelta import relativedelta
from oslo_serialization import (
@ -48,7 +49,10 @@ def _create_credential():
# TODO: make the expiration time customizable since this may be used by
# automation or during live demonstrations where the lag between issuance
# and usage may be more than the expiration time.
expires_at = datetime.now() + VALIDITY_PERIOD
# NOTE(wolsen): LP#1903208 expiration stamps passed to keystone without
# timezone information are assumed to be UTC. Explicitly use UTC to get
# an expiration at the right time.
expires_at = datetime.now(tz=timezone.utc) + VALIDITY_PERIOD
# Role objects themselves are not tied to a specific domain by default
# - this does not affect role assignments themselves which are scoped.