reduce default token duration to one hour
- reduces number of active tokens that have to be persisted, especially where clients are needlessly regenerating tokens - reduces the window of publishing token revocation events (you only have to publish events from the last hour) - reduces the window of the token revocation list (similar to the above) DocImpact UpgradeImpact Implements: bp reduce-default-token-duration Change-Id: Ia548f7e981690edab56c51fdcab9102245aced3e
This commit is contained in:
parent
83db9722c2
commit
7494f93dc3
|
@ -256,7 +256,7 @@
|
|||
# provider =
|
||||
|
||||
# Amount of time a token should remain valid (in seconds)
|
||||
# expiration = 86400
|
||||
# expiration = 3600
|
||||
|
||||
# External auth mechanisms that should add bind information to token.
|
||||
# eg kerberos, x509
|
||||
|
|
|
@ -69,7 +69,7 @@ FILE_OPTIONS = {
|
|||
'token': [
|
||||
cfg.ListOpt('bind', default=[]),
|
||||
cfg.StrOpt('enforce_token_bind', default='permissive'),
|
||||
cfg.IntOpt('expiration', default=86400),
|
||||
cfg.IntOpt('expiration', default=3600),
|
||||
cfg.StrOpt('provider', default=None),
|
||||
cfg.StrOpt('driver',
|
||||
default='keystone.token.backends.sql.Token'),
|
||||
|
|
|
@ -149,7 +149,7 @@ class MemcacheToken(tests.TestCase, test_backend.TokenTests):
|
|||
expired_token_id = uuid.uuid4().hex
|
||||
user_id = unicode(uuid.uuid4().hex)
|
||||
|
||||
expire_delta = datetime.timedelta(seconds=86400)
|
||||
expire_delta = datetime.timedelta(seconds=CONF.token.expiration)
|
||||
|
||||
valid_data = {'id': valid_token_id, 'a': 'b',
|
||||
'user': {'id': user_id}}
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
import datetime
|
||||
|
||||
from keystone import config
|
||||
from keystone import exception
|
||||
from keystone.openstack.common import timeutils
|
||||
from keystone import tests
|
||||
|
@ -23,7 +24,9 @@ from keystone.tests import default_fixtures
|
|||
from keystone import token
|
||||
|
||||
|
||||
FUTURE_DELTA = datetime.timedelta(seconds=86400)
|
||||
CONF = config.CONF
|
||||
|
||||
FUTURE_DELTA = datetime.timedelta(seconds=CONF.token.expiration)
|
||||
CURRENT_DATE = timeutils.utcnow()
|
||||
|
||||
SAMPLE_V2_TOKEN = {
|
||||
|
|
Loading…
Reference in New Issue