openstack/keystone
Code Issues Proposed changes

Impose a min and a max on time values in CONF.token

Browse Source 
expiration is passed to datetime.timedelta which cannot handle Python
long values. Cap the integer at sys.maxsize. A negative time is also
invalid so set the minimum to 0.

Change-Id: Ie3ec0c490cac3b4c4cb87f246d6c8bc4e9b0d41a
This commit is contained in:
Sean Perry 2016-08-26 10:44:58 -07:00
parent eb215803c8
commit 5346dfaf01
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
keystone/conf/token.py
View File

@ -11,6 +11,7 @@
# under the License. # under the License.
import hashlib import hashlib
import sys
from oslo_config import cfg from oslo_config import cfg
@ -46,6 +47,8 @@ binding metadata be supported by keystone.
expiration = cfg.IntOpt( expiration = cfg.IntOpt(
'expiration', 'expiration',
default=3600, default=3600,
min=0,
max=sys.maxsize,
help=utils.fmt(""" help=utils.fmt("""
The amount of time that a token should remain valid (in seconds). Drastically The amount of time that a token should remain valid (in seconds). Drastically
reducing this value may break "long-running" operations that involve multiple reducing this value may break "long-running" operations that involve multiple
@ -96,6 +99,8 @@ unless global caching is enabled.
cache_time = cfg.IntOpt( cache_time = cfg.IntOpt(
'cache_time', 'cache_time',
min=0,
max=sys.maxsize,
help=utils.fmt(""" help=utils.fmt("""
The number of seconds to cache token creation and validation data. This has no The number of seconds to cache token creation and validation data. This has no
effect unless both global and `[token] caching` are enabled. effect unless both global and `[token] caching` are enabled.