Make role-cache-expiration configurable
We use a default expiration_time (dogpile-expiration-time) of 600s which means that role assignments will take up to this amount of time before all caches are updated to reflect changes. This may not be suitable for some clouds that make frequent changes to role assignments and lowering the global value is not recommended so this overrides the [role] cache_time to a more appropriate value and also makes it configurable. We leave default value as None so that the global value is still inherited but this at least allows it to be customised. Change-Id: I49e46e010c543f831959581b2122f59068f2c07b Closes-Bug: #1771114
This commit is contained in:
parent
23e2642b41
commit
0cb787bb9d
10
config.yaml
10
config.yaml
|
@ -107,6 +107,16 @@ options:
|
|||
type: int
|
||||
default: 60
|
||||
description: Amount of time (in seconds) the catalog should be cached for.
|
||||
role-cache-expiration:
|
||||
type: int
|
||||
default:
|
||||
description: |
|
||||
Amount of time (in seconds) role assignments should be cached for.
|
||||
Relying on the global expiration_time can cause applications that
|
||||
frequently add/remove role assignments to become slow or fail
|
||||
since assignment changes will take up to expiration_time to sync
|
||||
across all caches. Reducing cache_time means more database queries
|
||||
so if an impact is perceived this value should be increased.
|
||||
dogpile-cache-expiration:
|
||||
type: int
|
||||
default: 600
|
||||
|
|
|
@ -214,6 +214,9 @@ class KeystoneContext(context.OSContextGenerator):
|
|||
ctxt['verbose'] = config('verbose')
|
||||
ctxt['token_expiration'] = config('token-expiration')
|
||||
ctxt['catalog_cache_expiration'] = config('catalog-cache-expiration')
|
||||
if config('role-cache-expiration') is not None:
|
||||
ctxt['role_cache_expiration'] = config('role-cache-expiration')
|
||||
|
||||
ctxt['dogpile_cache_expiration'] = config('dogpile-cache-expiration')
|
||||
|
||||
ctxt['identity_backend'] = config('identity-backend')
|
||||
|
|
|
@ -42,6 +42,11 @@ driver = sql
|
|||
cache_time = {{ catalog_cache_expiration }}
|
||||
driver = sql
|
||||
|
||||
{% if role_cache_expiration is not None -%}
|
||||
[role]
|
||||
cache_time = {{ role_cache_expiration }}
|
||||
{% endif -%}
|
||||
|
||||
[endpoint_filter]
|
||||
|
||||
[token]
|
||||
|
|
Loading…
Reference in New Issue