Impose a min and a max on time values in CONF.token

expiration is passed to datetime.timedelta which cannot handle Python long values. Cap the integer at sys.maxsize. A negative time is also invalid so set the minimum to 0. Change-Id: Ie3ec0c490cac3b4c4cb87f246d6c8bc4e9b0d41a
2016-08-26 10:44:58 -07:00 · 2016-08-26 10:44:58 -07:00 · 5346dfaf01
commit 5346dfaf01
parent eb215803c8
1 changed files with 5 additions and 0 deletions
--- a/keystone/conf/token.py
+++ b/keystone/conf/token.py
@ -11,6 +11,7 @@
 # under the License.

 import hashlib
+import sys

 from oslo_config import cfg

@ -46,6 +47,8 @@ binding metadata be supported by keystone.
 expiration = cfg.IntOpt(
    'expiration',
    default=3600,
+    min=0,
+    max=sys.maxsize,
    help=utils.fmt("""
 The amount of time that a token should remain valid (in seconds). Drastically
 reducing this value may break "long-running" operations that involve multiple
@ -96,6 +99,8 @@ unless global caching is enabled.

 cache_time = cfg.IntOpt(
    'cache_time',
+    min=0,
+    max=sys.maxsize,
    help=utils.fmt("""
 The number of seconds to cache token creation and validation data. This has no
 effect unless both global and `[token] caching` are enabled.