From 7494f93dc3d295d5aa3564c614107d0332467a80 Mon Sep 17 00:00:00 2001
From: Dolph Mathews <dolph.mathews@gmail.com>
Date: Mon, 13 Jan 2014 16:17:32 -0600
Subject: [PATCH] reduce default token duration to one hour

- reduces number of active tokens that have to be persisted, especially
  where clients are needlessly regenerating tokens
- reduces the window of publishing token revocation events (you only
  have to publish events from the last hour)
- reduces the window of the token revocation list (similar to the above)

DocImpact
UpgradeImpact

Implements: bp reduce-default-token-duration
Change-Id: Ia548f7e981690edab56c51fdcab9102245aced3e
---
 etc/keystone.conf.sample                | 2 +-
 keystone/common/config.py               | 2 +-
 keystone/tests/test_backend_memcache.py | 2 +-
 keystone/tests/test_token_provider.py   | 5 ++++-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample
index 2a525f59ae..8396a9c9b9 100644
--- a/etc/keystone.conf.sample
+++ b/etc/keystone.conf.sample
@@ -256,7 +256,7 @@
 # provider =
 
 # Amount of time a token should remain valid (in seconds)
-# expiration = 86400
+# expiration = 3600
 
 # External auth mechanisms that should add bind information to token.
 # eg kerberos, x509
diff --git a/keystone/common/config.py b/keystone/common/config.py
index 937943d400..25315bc734 100644
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@@ -69,7 +69,7 @@ FILE_OPTIONS = {
     'token': [
         cfg.ListOpt('bind', default=[]),
         cfg.StrOpt('enforce_token_bind', default='permissive'),
-        cfg.IntOpt('expiration', default=86400),
+        cfg.IntOpt('expiration', default=3600),
         cfg.StrOpt('provider', default=None),
         cfg.StrOpt('driver',
                    default='keystone.token.backends.sql.Token'),
diff --git a/keystone/tests/test_backend_memcache.py b/keystone/tests/test_backend_memcache.py
index 0641bb7e3e..313086c680 100644
--- a/keystone/tests/test_backend_memcache.py
+++ b/keystone/tests/test_backend_memcache.py
@@ -149,7 +149,7 @@ class MemcacheToken(tests.TestCase, test_backend.TokenTests):
         expired_token_id = uuid.uuid4().hex
         user_id = unicode(uuid.uuid4().hex)
 
-        expire_delta = datetime.timedelta(seconds=86400)
+        expire_delta = datetime.timedelta(seconds=CONF.token.expiration)
 
         valid_data = {'id': valid_token_id, 'a': 'b',
                       'user': {'id': user_id}}
diff --git a/keystone/tests/test_token_provider.py b/keystone/tests/test_token_provider.py
index 8b2c212e23..b25aa05a39 100644
--- a/keystone/tests/test_token_provider.py
+++ b/keystone/tests/test_token_provider.py
@@ -16,6 +16,7 @@
 
 import datetime
 
+from keystone import config
 from keystone import exception
 from keystone.openstack.common import timeutils
 from keystone import tests
@@ -23,7 +24,9 @@ from keystone.tests import default_fixtures
 from keystone import token
 
 
-FUTURE_DELTA = datetime.timedelta(seconds=86400)
+CONF = config.CONF
+
+FUTURE_DELTA = datetime.timedelta(seconds=CONF.token.expiration)
 CURRENT_DATE = timeutils.utcnow()
 
 SAMPLE_V2_TOKEN = {