Deprecate cache_on_issue configuration option
Keystone already supports a global caching toggle and an option to configure token caching explicitly. Having a third option to enable pre-cached tokens is redundant, creates unnecessary complexity that bleeds through to operators, and causes weird behaviors if token caching is disabled and pre-caching is not. This commit deprecates the cache_on_issue configuration option in favor of just using ``keystone.conf [token] caching`` option instead. This commit also attempts to clarify the help text so that it describes the relationship between the various caching options, even if it is short-lived. The help text for ``keystone.conf [token] cache_on_issue`` claimed that it only cached tokens if global caching was enabled through oslo.cache and if ``keystone.conf [token] caching = True``. However, the actual implementation doesn't check if ``keystone.conf [token] caching = True`` at all. Even if token caching is disabled, tokens will be cached when they are issued. Change-Id: I1e1117deabadaba26ea8e833a06180529e1e0a4b
This commit is contained in:
parent
8d84ec2420
commit
ebad027f21
|
@ -104,10 +104,21 @@ other role assignments.
|
|||
cache_on_issue = cfg.BoolOpt(
|
||||
'cache_on_issue',
|
||||
default=True,
|
||||
deprecated_since=versionutils.deprecated.STEIN,
|
||||
deprecated_reason=utils.fmt("""
|
||||
Keystone already exposes a configuration option for caching tokens. Having a
|
||||
separate configuration option to cache tokens when they are issued is
|
||||
redundant, unnecessarily complicated, and is misleading if token caching is
|
||||
disabled because tokens will still be pre-cached by default when they are
|
||||
issued. The ability to pre-cache tokens when they are issued is going to rely
|
||||
exclusively on the ``keystone.conf [token] caching`` option in the future.
|
||||
"""),
|
||||
deprecated_for_removal=True,
|
||||
help=utils.fmt("""
|
||||
Enable storing issued token data to token validation cache so that first token
|
||||
validation doesn't actually cause full validation cycle. This option has no
|
||||
effect unless global caching and token caching are enabled.
|
||||
effect unless global caching is enabled and will still cache tokens even if
|
||||
`[token] caching = False`.
|
||||
"""))
|
||||
|
||||
allow_expired_window = cfg.IntOpt(
|
||||
|
|
|
@ -125,7 +125,7 @@ class Manager(manager.Manager):
|
|||
consuming notifications that signal invalidating the token cache.
|
||||
|
||||
"""
|
||||
if CONF.token.cache_on_issue:
|
||||
if CONF.token.cache_on_issue or CONF.token.caching:
|
||||
TOKENS_REGION.invalidate()
|
||||
|
||||
def check_revocation_v3(self, token):
|
||||
|
@ -252,7 +252,7 @@ class Manager(manager.Manager):
|
|||
token.mint(token_id, issued_at)
|
||||
|
||||
# cache the token object and with ID
|
||||
if CONF.token.cache_on_issue:
|
||||
if CONF.token.cache_on_issue or CONF.token.caching:
|
||||
# NOTE(amakarov): here and above TOKENS_REGION is to be passed
|
||||
# to serve as required positional "self" argument. It's ignored,
|
||||
# so I've put it here for convenience - any placeholder is fine.
|
||||
|
|
Loading…
Reference in New Issue