Delete expired instance console auth tokens

Instance console auth tokens never get deleted from the cache before the instnace is deleted, this is a waste of memory. now we check if tokens are expired then remove them from the cache before store new tokens. Fix bug #1209134 Co-authored-by: Takashi Natsume <natsume.takashi@lab.ntt.co.jp> Change-Id: I8dd5089ebaed3b3d91932f1f1558bbe302cd5675
openstack · Aug 23, 2013 · e3bbf2e · e3bbf2e
1 parent 4e983aa
commit e3bbf2e
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/nova/consoleauth/manager.py b/nova/consoleauth/manager.py
@@ -81,6 +81,11 @@ def authorize_console(self, context, token, console_type, host, port,
         self.mc.set(token.encode('UTF-8'), data, CONF.console_token_ttl)
         if instance_uuid is not None:
             tokens = self._get_tokens_for_instance(instance_uuid)
+            # Remove the expired tokens from cache.
+            for tok in tokens:
+                token_str = self.mc.get(tok.encode('UTF-8'))
+                if not token_str:
+                    tokens.remove(tok)
             tokens.append(token)
             self.mc.set(instance_uuid.encode('UTF-8'),
                         jsonutils.dumps(tokens))

diff --git a/nova/tests/consoleauth/test_consoleauth.py b/nova/tests/consoleauth/test_consoleauth.py
@@ -105,6 +105,29 @@ def test_console_no_instance_uuid(self):
                                         instance_uuid=None)
         self.assertFalse(self.manager.check_token(self.context, u"token"))
 
+    def test_delete_expired_tokens(self):
+        self.useFixture(test.TimeOverride())
+        token = u'mytok'
+        self.flags(console_token_ttl=1)
+
+        self._stub_validate_console_port(True)
+
+        self.manager.authorize_console(self.context, token, 'novnc',
+                                         '127.0.0.1', '8080', 'host',
+                                         self.instance['uuid'])
+        timeutils.advance_time_seconds(1)
+        self.assertFalse(self.manager.check_token(self.context, token))
+
+        token1 = u'mytok2'
+        self.manager.authorize_console(self.context, token1, 'novnc',
+                                       '127.0.0.1', '8080', 'host',
+                                       self.instance['uuid'])
+        stored_tokens = self.manager._get_tokens_for_instance(
+                self.instance['uuid'])
+        # when trying to store token1, expired token is removed fist.
+        self.assertTrue(len(stored_tokens), 1)
+        self.assertTrue(stored_tokens[0], token1)
+
 
 class ControlauthMemcacheEncodingTestCase(test.TestCase):
     def setUp(self):