openstack/cookbook-openstack-identity
Code Issues Proposed changes

Add attribute for token expiration time.

Browse Source 
Change-Id: I113be79142cf288badd60194d717b14cabcba736
This commit is contained in:
Hugh Saunders
2014-02-12 15:25:08 +00:00
parent c5178a623f
commit 1cf0440d63
5 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -244,6 +244,7 @@ Attributes
* `openstack['identity']['users']` - Array of users to create in the keystone server * `openstack['identity']['users']` - Array of users to create in the keystone server
TODO: Add DB2 support on other platforms TODO: Add DB2 support on other platforms
* `openstack['identity']['platform']['db2_python_packages']` - Array of DB2 python packages, only available on redhat platform * `openstack['identity']['platform']['db2_python_packages']` - Array of DB2 python packages, only available on redhat platform
* `openstack['identity']['token']['expiration']` - Token validity time in seconds
Testing Testing
===== =====

2
attributes/default.rb
View File

@@ -38,8 +38,8 @@ default['openstack']['identity']['debug'] = 'False'
default['openstack']['identity']['service_port'] = '5000' default['openstack']['identity']['service_port'] = '5000'
default['openstack']['identity']['admin_port'] = '35357' default['openstack']['identity']['admin_port'] = '35357'
default['openstack']['identity']['region'] = 'RegionOne' default['openstack']['identity']['region'] = 'RegionOne'
default['openstack']['identity']['bind_interface'] = 'lo' default['openstack']['identity']['bind_interface'] = 'lo'
default['openstack']['identity']['token']['expiration'] = '86400'
# Logging stuff # Logging stuff
default['openstack']['identity']['syslog']['use'] = false default['openstack']['identity']['syslog']['use'] = false

3
recipes/server.rb
View File

@@ -149,7 +149,8 @@ template '/etc/keystone/keystone.conf' do
uris: uris, uris: uris,
public_endpoint: public_endpoint, public_endpoint: public_endpoint,
admin_endpoint: admin_endpoint, admin_endpoint: admin_endpoint,
ldap: node['openstack']['identity']['ldap'] ldap: node['openstack']['identity']['ldap'],
token_expiration: node['openstack']['identity']['token']['expiration']
) )
notifies :restart, 'service[keystone]', :immediately notifies :restart, 'service[keystone]', :immediately

5
spec/server_spec.rb
View File

@@ -340,6 +340,11 @@ describe 'openstack-identity::server' do
r = line_regexp('driver = keystone.token.backends.sql.Token') r = line_regexp('driver = keystone.token.backends.sql.Token')
expect(chef_run).to render_file(path).with_content(r) expect(chef_run).to render_file(path).with_content(r)
end end
it 'sets token expiration time' do
r = line_regexp('expiration = 86400')
expect(chef_run).to render_file(path).with_content(r)
end
end end
describe '[policy] section' do describe '[policy] section' do

2
templates/default/keystone.conf.erb
View File

@@ -171,7 +171,7 @@ template_file = /etc/keystone/default_catalog.templates
driver = keystone.token.backends.<%= node["openstack"]["identity"]["token"]["backend"] %>.Token driver = keystone.token.backends.<%= node["openstack"]["identity"]["token"]["backend"] %>.Token
provider = keystone.token.providers.<%= node["openstack"]["auth"]["strategy"] %>.Provider provider = keystone.token.providers.<%= node["openstack"]["auth"]["strategy"] %>.Provider
# Amount of time a token should remain valid (in seconds) # Amount of time a token should remain valid (in seconds)
expiration = 86400 expiration = <%= node["openstack"]["identity"]["token"]["expiration"] %>
[policy] [policy]
driver = keystone.policy.backends.<%= node["openstack"]["identity"]["policy"]["backend"] %>.Policy driver = keystone.policy.backends.<%= node["openstack"]["identity"]["policy"]["backend"] %>.Policy