Merge "Renew token before expiry time"
diff --git a/tempest/auth.py b/tempest/auth.py
index 0e45161..5fc923f 100644
--- a/tempest/auth.py
+++ b/tempest/auth.py
@@ -164,6 +164,8 @@
class KeystoneAuthProvider(AuthProvider):
+ token_expiry_threshold = datetime.timedelta(seconds=60)
+
def __init__(self, credentials, client_type='tempest', interface=None):
super(KeystoneAuthProvider, self).__init__(credentials, client_type,
interface)
@@ -293,7 +295,8 @@
_, access = auth_data
expiry = datetime.datetime.strptime(access['token']['expires'],
self.EXPIRY_DATE_FORMAT)
- return expiry <= datetime.datetime.now()
+ return expiry - self.token_expiry_threshold <= \
+ datetime.datetime.utcnow()
class KeystoneV3AuthProvider(KeystoneAuthProvider):
@@ -393,4 +396,5 @@
_, access = auth_data
expiry = datetime.datetime.strptime(access['expires_at'],
self.EXPIRY_DATE_FORMAT)
- return expiry <= datetime.datetime.now()
+ return expiry - self.token_expiry_threshold <= \
+ datetime.datetime.utcnow()
diff --git a/tempest/tests/test_auth.py b/tempest/tests/test_auth.py
index b6e15bd..62c20e3 100644
--- a/tempest/tests/test_auth.py
+++ b/tempest/tests/test_auth.py
@@ -14,6 +14,7 @@
# under the License.
import copy
+import datetime
from tempest import auth
from tempest.common import http
@@ -131,6 +132,11 @@
self.assertEqual(expected['token'], headers['X-Auth-Token'])
self.assertEqual(expected['body'], body)
+ def _auth_data_with_expiry(self, date_as_string):
+ token, access = self.auth_provider.auth_data
+ access['token']['expires'] = date_as_string
+ return token, access
+
def test_request(self):
filters = {
'service': 'compute',
@@ -292,6 +298,25 @@
expected = 'http://fake_url/'
self._test_base_url_helper(expected, self.filters)
+ def test_token_not_expired(self):
+ expiry_data = datetime.datetime.utcnow() + datetime.timedelta(days=1)
+ auth_data = self._auth_data_with_expiry(
+ expiry_data.strftime(self.auth_provider.EXPIRY_DATE_FORMAT))
+ self.assertFalse(self.auth_provider.is_expired(auth_data))
+
+ def test_token_expired(self):
+ expiry_data = datetime.datetime.utcnow() - datetime.timedelta(hours=1)
+ auth_data = self._auth_data_with_expiry(
+ expiry_data.strftime(self.auth_provider.EXPIRY_DATE_FORMAT))
+ self.assertTrue(self.auth_provider.is_expired(auth_data))
+
+ def test_token_not_expired_to_be_renewed(self):
+ expiry_data = datetime.datetime.utcnow() + \
+ self.auth_provider.token_expiry_threshold / 2
+ auth_data = self._auth_data_with_expiry(
+ expiry_data.strftime(self.auth_provider.EXPIRY_DATE_FORMAT))
+ self.assertTrue(self.auth_provider.is_expired(auth_data))
+
class TestKeystoneV3AuthProvider(TestKeystoneV2AuthProvider):
_endpoints = fake_identity.IDENTITY_V3_RESPONSE['token']['catalog']
@@ -316,6 +341,11 @@
return ep['url'].replace('v3', replacement)
return ep['url']
+ def _auth_data_with_expiry(self, date_as_string):
+ token, access = self.auth_provider.auth_data
+ access['expires_at'] = date_as_string
+ return token, access
+
def test_check_credentials_missing_tenant_name(self):
cred = copy.copy(self.credentials)
del cred['domain_name']