OpenStack Identity (keystone)

expires_at and issues_at have inconsistent time stamp format

Bug #1134802 reported by Guang Yee on 2013-02-27

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
OpenStack Identity (keystone)	Fix Released	Medium	Guang Yee	OpenStack Identity (keystone) 2013.1 "grizzly"
oslo-incubator	Fix Released	Medium	Adam Young	oslo-incubator grizzly-rc1 "RC1"
Grizzly	Fix Released	Medium	Adam Young	oslo-incubator 2013.1 "grizzly"

Bug Description

both time stamps need to be normalized.

Guang Yee (guang-yee) on 2013-02-27

Changed in keystone:
milestone:	none → grizzly-rc1

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-02-27:

FWIW, I think this is the difference between what we're doing and what we should be doing...

Incorrect, the equivalent of passing datetime objects directly to json.dumps():

>>> print unicode(timeutils.utcnow())
2013-02-27 21:54:23.832703

Correct:

>>> print timeutils.isotime(timeutils.utcnow())
2013-02-27T21:54:32Z

Malini Bhandaru (malini-k-bhandaru) on 2013-02-27

Changed in keystone:
assignee:	nobody → Malini Bhandaru (malini-k-bhandaru)

Revision history for this message

Guang Yee (guang-yee) wrote on 2013-02-28:

both need to be in ISO 8601 format. For example,

'2013-02-27T22:21:38Z'

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-02-28: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/23158

Changed in keystone:
status:	New → In Progress

Revision history for this message

Guang Yee (guang-yee) wrote on 2013-02-28:

patch submitted

Changed in keystone:
assignee:	Malini Bhandaru (malini-k-bhandaru) → Guang Yee (guang-yee)

Revision history for this message

Adam Young (ayoung) wrote on 2013-03-01:

I think this is invalid. issued_at is specifically there to deal with rapid token reissue. As such, it needs to have a very high degree of precision: if token requests come in less than a second apart, they will stil be treated as distinct tokens.

Expires at is much more granaular, most likely at the minute or larger level. They do not need to be sub second.

Revision history for this message

Guang Yee (guang-yee) wrote on 2013-03-01:

Adam, by the same argument, we wouldn't need issued_at if expires_at is at micro second precision right?

Revision history for this message

Mark McLoughlin (markmc) wrote on 2013-03-04:

https://review.openstack.org/23218

The idea is to have timeutils.isotime() optional include sub-second values in its output

Changed in oslo:
status:	New → In Progress
importance:	Undecided → Medium
assignee:	nobody → Guang Yee (guang-yee)
milestone:	none → grizzly-rc1

Revision history for this message

Mark McLoughlin (markmc) wrote on 2013-03-04:

Will keystone have a DB migration to convert from the old issued_at format to the new one?

OpenStack Infra (hudson-openstack) on 2013-03-04

Changed in oslo:
assignee:	Guang Yee (guang-yee) → Adam Young (ayoung)

OpenStack Infra (hudson-openstack) on 2013-03-05

Changed in keystone:
assignee:	Guang Yee (guang-yee) → Adam Young (ayoung)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-05: Fix merged to oslo-incubator (master)

Reviewed: https://review.openstack.org/23218
Committed: http://github.com/openstack/oslo-incubator/commit/2cb8e4557b05f92fbd9f56b7a6a6d4f35c8a883a
Submitter: Jenkins
Branch: master

commit 2cb8e4557b05f92fbd9f56b7a6a6d4f35c8a883a
Author: Guang Yee <email address hidden>
Date: Thu Feb 28 14:51:24 2013 -0800

support ISO 8601 micro-second precision

Bug 1134802

Change-Id: I9cc3c9d9324314d293f01f047882eb6be06e02dd

Changed in oslo:
status:	In Progress → Fix Committed

OpenStack Infra (hudson-openstack) on 2013-03-05

Changed in keystone:
assignee:	Adam Young (ayoung) → Guang Yee (guang-yee)

OpenStack Infra (hudson-openstack) on 2013-03-05

Changed in keystone:
assignee:	Guang Yee (guang-yee) → Adam Young (ayoung)

OpenStack Infra (hudson-openstack) on 2013-03-05

Changed in keystone:
assignee:	Adam Young (ayoung) → Guang Yee (guang-yee)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-03-06: Fix merged to keystone (master)

#10

Reviewed: https://review.openstack.org/23158
Committed: http://github.com/openstack/keystone/commit/ab6e5529513af656db512b888fed9b320391afbd
Submitter: Jenkins
Branch: master

commit ab6e5529513af656db512b888fed9b320391afbd
Author: Guang Yee <email address hidden>
Date: Wed Feb 27 22:53:23 2013 -0800

bug 1134802: fix inconsistent format for expires_at and issued_at

Notice we have to use fraction of second precision to prevent PKI token ID
overlap.

Change-Id: Icfc192c08ab5b4db02547ef6f077fa7f32210835

Changed in keystone:
status:	In Progress → Fix Committed

Dolph Mathews (dolph) on 2013-03-07

Changed in keystone:
importance:	Undecided → Medium

Thierry Carrez (ttx) on 2013-03-13

Changed in oslo:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-03-21

Changed in keystone:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-04-04

Changed in keystone:
milestone:	grizzly-rc1 → 2013.1

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.