Add token-expiration to allow the time a token should remain valid (in seconds) to be set. Remove token-expiry which seems unused

config.yaml

@@ -62,10 +62,10 @@ options:
     default: 'Admin'
     type: string
     description: 'Admin role to be associated with admin and service users'
-  token-expiry:
+  token-expiration:
-    default: "2017-02-05T00:00"
+    default: 3600
-    type: string
+    type: int
-    description: "Expiration date of generated admin tokens"
+    description: "Amount of time a token should remain valid (in seconds)."
   service-tenant:
     default: "services"
     type: string

hooks/keystone_context.py

@@ -202,6 +202,7 @@ class KeystoneContext(context.OSContextGenerator):
         ctxt['debug'] = debug and bool_from_string(debug)
         verbose = config('verbose')
         ctxt['verbose'] = verbose and bool_from_string(verbose)
+        ctxt['token_expiration'] = config('token-expiration')
 
         ctxt['identity_backend'] = config('identity-backend')
         ctxt['assignment_backend'] = config('assignment-backend')

templates/icehouse/keystone.conf

@@ -49,7 +49,8 @@ provider = keystone.token.providers.pki.Provider
 provider = keystone.token.providers.pkiz.Provider
 {% else -%}
 provider = keystone.token.providers.uuid.Provider 
-{% endif %}
+{% endif -%}
+expiration = {{ token_expiration }}
 
 {% include "parts/section-signing" %}
 

templates/kilo/keystone.conf

@@ -46,6 +46,7 @@ driver = keystone.catalog.backends.sql.Catalog
 [token]
 driver = keystone.token.persistence.backends.sql.Token
 provider = keystone.token.providers.uuid.Provider
+expiration = {{ token_expiration }}
 
 [cache]