reduce default token duration to one hour

- reduces number of active tokens that have to be persisted, especially where clients are needlessly regenerating tokens - reduces the window of publishing token revocation events (you only have to publish events from the last hour) - reduces the window of the token revocation list (similar to the above) DocImpact UpgradeImpact Implements: bp reduce-default-token-duration Change-Id: Ia548f7e981690edab56c51fdcab9102245aced3e
2014-01-13 16:17:32 -06:00 · 2014-01-13 16:17:32 -06:00 · 7494f93dc3
parent 83db9722c2
commit 7494f93dc3
4 changed files with 7 additions and 4 deletions
--- a/etc/keystone.conf.sample
+++ b/etc/keystone.conf.sample
@ -256,7 +256,7 @@
 # provider =

 # Amount of time a token should remain valid (in seconds)
-# expiration = 86400
+# expiration = 3600

 # External auth mechanisms that should add bind information to token.
 # eg kerberos, x509
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@ -69,7 +69,7 @@ FILE_OPTIONS = {
    'token': [
        cfg.ListOpt('bind', default=[]),
        cfg.StrOpt('enforce_token_bind', default='permissive'),
-        cfg.IntOpt('expiration', default=86400),
+        cfg.IntOpt('expiration', default=3600),
        cfg.StrOpt('provider', default=None),
        cfg.StrOpt('driver',
                   default='keystone.token.backends.sql.Token'),
--- a/keystone/tests/test_backend_memcache.py
+++ b/keystone/tests/test_backend_memcache.py
@ -149,7 +149,7 @@ class MemcacheToken(tests.TestCase, test_backend.TokenTests):
        expired_token_id = uuid.uuid4().hex
        user_id = unicode(uuid.uuid4().hex)

-        expire_delta = datetime.timedelta(seconds=86400)
+        expire_delta = datetime.timedelta(seconds=CONF.token.expiration)

        valid_data = {'id': valid_token_id, 'a': 'b',
                      'user': {'id': user_id}}
--- a/keystone/tests/test_token_provider.py
+++ b/keystone/tests/test_token_provider.py
@ -16,6 +16,7 @@

 import datetime

+from keystone import config
 from keystone import exception
 from keystone.openstack.common import timeutils
 from keystone import tests
@ -23,7 +24,9 @@ from keystone.tests import default_fixtures
 from keystone import token


-FUTURE_DELTA = datetime.timedelta(seconds=86400)
+CONF = config.CONF
+
+FUTURE_DELTA = datetime.timedelta(seconds=CONF.token.expiration)
 CURRENT_DATE = timeutils.utcnow()

 SAMPLE_V2_TOKEN = {