[gnuoy,r=james-page] Add configuration option to allow token expiry to be set

Defaults to 3600 seconds. Also synced kilo template with icehouse to pickup pki changes.
2015-04-01 08:09:43 +01:00 · 2015-04-01 08:09:43 +01:00 · 5d832683d2
commit 5d832683d2
parent d20221ff56 ac8914c146
4 changed files with 17 additions and 6 deletions
--- a/config.yaml
+++ b/config.yaml
@ -62,10 +62,10 @@ options:
    default: 'Admin'
    type: string
    description: 'Admin role to be associated with admin and service users'
-  token-expiry:
-    default: "2017-02-05T00:00"
-    type: string
-    description: "Expiration date of generated admin tokens"
+  token-expiration:
+    default: 3600
+    type: int
+    description: "Amount of time a token should remain valid (in seconds)."
  service-tenant:
    default: "services"
    type: string
--- a/hooks/keystone_context.py
+++ b/hooks/keystone_context.py
@ -202,6 +202,7 @@ class KeystoneContext(context.OSContextGenerator):
        ctxt['debug'] = debug and bool_from_string(debug)
        verbose = config('verbose')
        ctxt['verbose'] = verbose and bool_from_string(verbose)
+        ctxt['token_expiration'] = config('token-expiration')

        ctxt['identity_backend'] = config('identity-backend')
        ctxt['assignment_backend'] = config('assignment-backend')
--- a/templates/icehouse/keystone.conf
+++ b/templates/icehouse/keystone.conf
@ -48,8 +48,9 @@ provider = keystone.token.providers.pki.Provider
 {% elif token_provider == 'pkiz' -%}
 provider = keystone.token.providers.pkiz.Provider
 {% else -%}
-provider = keystone.token.providers.uuid.Provider 
-{% endif %}
+provider = keystone.token.providers.uuid.Provider
+{% endif -%}
+expiration = {{ token_expiration }}

 {% include "parts/section-signing" %}

--- a/templates/kilo/keystone.conf
+++ b/templates/kilo/keystone.conf
@ -45,7 +45,16 @@ driver = keystone.catalog.backends.sql.Catalog

 [token]
 driver = keystone.token.persistence.backends.sql.Token
+{% if token_provider == 'pki' -%}
+provider = keystone.token.providers.pki.Provider
+{% elif token_provider == 'pkiz' -%}
+provider = keystone.token.providers.pkiz.Provider
+{% else -%}
 provider = keystone.token.providers.uuid.Provider
+{% endif -%}
+expiration = {{ token_expiration }}
+
+{% include "parts/section-signing" %}

 [cache]