string tenant_name;
string tenant_id;
string user_name;
- string expires;
+ time_t expiration;
map<string, bool> roles;
int parse(bufferlist& bl);
- bool expired() { return false; }
+ bool expired() {
+ uint64_t now = ceph_clock_now(NULL).sec();
+ return (now < (uint64_t)expiration);
+ }
};
int KeystoneToken::parse(bufferlist& bl)
return -EINVAL;
}
+ string expires;
+
if (!token->get_data("expires", &expires)) {
dout(0) << "token response is missing expiration field" << dendl;
return -EINVAL;
}
+ struct tm t;
+ if (!parse_iso8601(expires.c_str(), &t)) {
+ dout(0) << "failed to parse token expiration (" << expires << ")" << dendl;
+ return -EINVAL;
+ }
+
+ expiration = timegm(&t);
+
JSONObj *tenant = token->find_obj("tenant");
if (!tenant) {
dout(0) << "token response is missing tenant section" << dendl;
return -EPERM;
}
- dout(0) << "validated token: " << t.tenant_name << ":" << t.user_name << " expires: " << t.expires << dendl;
+ dout(0) << "validated token: " << t.tenant_name << ":" << t.user_name << " expires: " << t.expiration << dendl;
rgw_set_keystone_token_auth_info(t, info);
keystone_token_cache->add(token, t);
projects / ceph.git / commitdiff