Add attribute for token expiration time.

Change-Id: I113be79142cf288badd60194d717b14cabcba736
2014-02-12 15:25:08 +00:00
parent c5178a623f
commit 1cf0440d63
5 changed files with 10 additions and 3 deletions
--- a/README.md
+++ b/README.md
@@ -244,6 +244,7 @@ Attributes
 * `openstack['identity']['users']` - Array of users to create in the keystone server
 TODO: Add DB2 support on other platforms
 * `openstack['identity']['platform']['db2_python_packages']` - Array of DB2 python packages, only available on redhat platform
+* `openstack['identity']['token']['expiration']` - Token validity time in seconds

 Testing
 =====
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -38,8 +38,8 @@ default['openstack']['identity']['debug'] = 'False'
 default['openstack']['identity']['service_port'] = '5000'
 default['openstack']['identity']['admin_port'] = '35357'
 default['openstack']['identity']['region'] = 'RegionOne'
-
 default['openstack']['identity']['bind_interface'] = 'lo'
+default['openstack']['identity']['token']['expiration'] = '86400'

 # Logging stuff
 default['openstack']['identity']['syslog']['use'] = false
--- a/recipes/server.rb
+++ b/recipes/server.rb
@@ -149,7 +149,8 @@ template '/etc/keystone/keystone.conf' do
    uris: uris,
    public_endpoint: public_endpoint,
    admin_endpoint: admin_endpoint,
-    ldap: node['openstack']['identity']['ldap']
+    ldap: node['openstack']['identity']['ldap'],
+    token_expiration: node['openstack']['identity']['token']['expiration']
  )

  notifies :restart, 'service[keystone]', :immediately
--- a/spec/server_spec.rb
+++ b/spec/server_spec.rb
@@ -340,6 +340,11 @@ describe 'openstack-identity::server' do
          r = line_regexp('driver = keystone.token.backends.sql.Token')
          expect(chef_run).to render_file(path).with_content(r)
        end
+
+        it 'sets token expiration time' do
+          r = line_regexp('expiration = 86400')
+          expect(chef_run).to render_file(path).with_content(r)
+        end
      end

      describe '[policy] section' do
--- a/templates/default/keystone.conf.erb
+++ b/templates/default/keystone.conf.erb
@@ -171,7 +171,7 @@ template_file = /etc/keystone/default_catalog.templates
 driver = keystone.token.backends.<%= node["openstack"]["identity"]["token"]["backend"] %>.Token
 provider = keystone.token.providers.<%= node["openstack"]["auth"]["strategy"] %>.Provider
 # Amount of time a token should remain valid (in seconds)
-expiration = 86400
+expiration = <%= node["openstack"]["identity"]["token"]["expiration"] %>

 [policy]
 driver = keystone.policy.backends.<%= node["openstack"]["identity"]["policy"]["backend"] %>.Policy