reduce default token duration to one hour
- reduces number of active tokens that have to be persisted, especially where clients are needlessly regenerating tokens - reduces the window of publishing token revocation events (you only have to publish events from the last hour) - reduces the window of the token revocation list (similar to the above) DocImpact UpgradeImpact Implements: bp reduce-default-token-duration Change-Id: Ia548f7e981690edab56c51fdcab9102245aced3e
This commit is contained in:
parent
83db9722c2
commit
7494f93dc3
|
@ -256,7 +256,7 @@
|
||||||
# provider =
|
# provider =
|
||||||
|
|
||||||
# Amount of time a token should remain valid (in seconds)
|
# Amount of time a token should remain valid (in seconds)
|
||||||
# expiration = 86400
|
# expiration = 3600
|
||||||
|
|
||||||
# External auth mechanisms that should add bind information to token.
|
# External auth mechanisms that should add bind information to token.
|
||||||
# eg kerberos, x509
|
# eg kerberos, x509
|
||||||
|
|
|
@ -69,7 +69,7 @@ FILE_OPTIONS = {
|
||||||
'token': [
|
'token': [
|
||||||
cfg.ListOpt('bind', default=[]),
|
cfg.ListOpt('bind', default=[]),
|
||||||
cfg.StrOpt('enforce_token_bind', default='permissive'),
|
cfg.StrOpt('enforce_token_bind', default='permissive'),
|
||||||
cfg.IntOpt('expiration', default=86400),
|
cfg.IntOpt('expiration', default=3600),
|
||||||
cfg.StrOpt('provider', default=None),
|
cfg.StrOpt('provider', default=None),
|
||||||
cfg.StrOpt('driver',
|
cfg.StrOpt('driver',
|
||||||
default='keystone.token.backends.sql.Token'),
|
default='keystone.token.backends.sql.Token'),
|
||||||
|
|
|
@ -149,7 +149,7 @@ class MemcacheToken(tests.TestCase, test_backend.TokenTests):
|
||||||
expired_token_id = uuid.uuid4().hex
|
expired_token_id = uuid.uuid4().hex
|
||||||
user_id = unicode(uuid.uuid4().hex)
|
user_id = unicode(uuid.uuid4().hex)
|
||||||
|
|
||||||
expire_delta = datetime.timedelta(seconds=86400)
|
expire_delta = datetime.timedelta(seconds=CONF.token.expiration)
|
||||||
|
|
||||||
valid_data = {'id': valid_token_id, 'a': 'b',
|
valid_data = {'id': valid_token_id, 'a': 'b',
|
||||||
'user': {'id': user_id}}
|
'user': {'id': user_id}}
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
import datetime
|
import datetime
|
||||||
|
|
||||||
|
from keystone import config
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
from keystone.openstack.common import timeutils
|
from keystone.openstack.common import timeutils
|
||||||
from keystone import tests
|
from keystone import tests
|
||||||
|
@ -23,7 +24,9 @@ from keystone.tests import default_fixtures
|
||||||
from keystone import token
|
from keystone import token
|
||||||
|
|
||||||
|
|
||||||
FUTURE_DELTA = datetime.timedelta(seconds=86400)
|
CONF = config.CONF
|
||||||
|
|
||||||
|
FUTURE_DELTA = datetime.timedelta(seconds=CONF.token.expiration)
|
||||||
CURRENT_DATE = timeutils.utcnow()
|
CURRENT_DATE = timeutils.utcnow()
|
||||||
|
|
||||||
SAMPLE_V2_TOKEN = {
|
SAMPLE_V2_TOKEN = {
|
||||||
|
|
Loading…
Reference in New Issue