Make role-cache-expiration configurable
We use a default expiration_time (dogpile-expiration-time)
of 600s which means that role assignments will take up to
this amount of time before all caches are updated to
reflect changes. This may not be suitable for some clouds
that make frequent changes to role assignments and lowering
the global value is not recommended so this overrides the
[role] cache_time to a more appropriate value and also
makes it configurable. We leave default value as None so
that the global value is still inherited but this at least
allows it to be customised.
Change-Id: I49e46e010c543f831959581b2122f59068f2c07b
Closes-Bug: #1771114
(cherry picked from commit 0cb787bb9d
)
This commit is contained in:
parent
62fa41d4ae
commit
74fe8858a5
10
config.yaml
10
config.yaml
|
@ -107,6 +107,16 @@ options:
|
|||
type: int
|
||||
default: 60
|
||||
description: Amount of time (in seconds) the catalog should be cached for.
|
||||
role-cache-expiration:
|
||||
type: int
|
||||
default:
|
||||
description: |
|
||||
Amount of time (in seconds) role assignments should be cached for.
|
||||
Relying on the global expiration_time can cause applications that
|
||||
frequently add/remove role assignments to become slow or fail
|
||||
since assignment changes will take up to expiration_time to sync
|
||||
across all caches. Reducing cache_time means more database queries
|
||||
so if an impact is perceived this value should be increased.
|
||||
dogpile-cache-expiration:
|
||||
type: int
|
||||
default: 600
|
||||
|
|
|
@ -202,6 +202,9 @@ class KeystoneContext(context.OSContextGenerator):
|
|||
ctxt['verbose'] = config('verbose')
|
||||
ctxt['token_expiration'] = config('token-expiration')
|
||||
ctxt['catalog_cache_expiration'] = config('catalog-cache-expiration')
|
||||
if config('role-cache-expiration') is not None:
|
||||
ctxt['role_cache_expiration'] = config('role-cache-expiration')
|
||||
|
||||
ctxt['dogpile_cache_expiration'] = config('dogpile-cache-expiration')
|
||||
|
||||
ctxt['identity_backend'] = config('identity-backend')
|
||||
|
|
|
@ -42,6 +42,11 @@ driver = sql
|
|||
cache_time = {{ catalog_cache_expiration }}
|
||||
driver = sql
|
||||
|
||||
{% if role_cache_expiration is not None -%}
|
||||
[role]
|
||||
cache_time = {{ role_cache_expiration }}
|
||||
{% endif -%}
|
||||
|
||||
[endpoint_filter]
|
||||
|
||||
[token]
|
||||
|
|
Loading…
Reference in New Issue