Delete expired instance console auth tokens

Instance console auth tokens never get deleted from the cache before the instnace is deleted, this is a waste of memory. now we check if tokens are expired then remove them from the cache before store new tokens. Fix bug #1209134 Co-authored-by: Takashi Natsume <natsume.takashi@lab.ntt.co.jp> (cherry picked from commit e3bbf2e) Conflicts: nova/tests/consoleauth/test_consoleauth.py Change-Id: I8dd5089ebaed3b3d91932f1f1558bbe302cd5675
openstack · Sep 3, 2013 · 0e0f3a9 · 0e0f3a9
1 parent fc4d1f9
commit 0e0f3a9
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/nova/consoleauth/manager.py b/nova/consoleauth/manager.py
@@ -81,6 +81,11 @@ def authorize_console(self, context, token, console_type, host, port,
         self.mc.set(token.encode('UTF-8'), data, CONF.console_token_ttl)
         if instance_uuid is not None:
             tokens = self._get_tokens_for_instance(instance_uuid)
+            # Remove the expired tokens from cache.
+            for tok in tokens:
+                token_str = self.mc.get(tok.encode('UTF-8'))
+                if not token_str:
+                    tokens.remove(tok)
             tokens.append(token)
             self.mc.set(instance_uuid.encode('UTF-8'),
                         jsonutils.dumps(tokens))

diff --git a/nova/tests/consoleauth/test_consoleauth.py b/nova/tests/consoleauth/test_consoleauth.py
@@ -111,6 +111,30 @@ def test_get_backdoor_port(self):
         port = self.manager.get_backdoor_port(self.context)
         self.assertEqual(port, self.manager.backdoor_port)
 
+    def test_delete_expired_tokens(self):
+        instance = u"12345"
+        self.useFixture(test.TimeOverride())
+        token = u'mytok'
+        self.flags(console_token_ttl=1)
+
+        self._stub_validate_console_port(True)
+
+        self.manager.authorize_console(self.context, token, 'novnc',
+                                         '127.0.0.1', '8080', 'host',
+                                         instance)
+        timeutils.advance_time_seconds(1)
+        self.assertFalse(self.manager.check_token(self.context, token))
+
+        token1 = u'mytok2'
+        self.manager.authorize_console(self.context, token1, 'novnc',
+                                       '127.0.0.1', '8080', 'host',
+                                       instance)
+        stored_tokens = self.manager._get_tokens_for_instance(
+                instance)
+        # when trying to store token1, expired token is removed fist.
+        self.assertTrue(len(stored_tokens), 1)
+        self.assertTrue(stored_tokens[0], token1)
+
 
 class ControlauthMemcacheEncodingTestCase(test.TestCase):
     def setUp(self):