2fadadbb8c
Fixed a number of readability and typo issues with the release notes found while reviewing them. Change-Id: Iff20bce313e93192f9e0c6d2df3bb0e9908a21d4
19 lines
1.0 KiB
YAML
19 lines
1.0 KiB
YAML
---
|
|
features:
|
|
- >
|
|
[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/allow-expired>`_]
|
|
An `allow_expired` flag is added to the token validation call
|
|
(``GET/HEAD /v3/auth/tokens``) that allows fetching a token that has
|
|
expired. This allows for validating tokens in long running operations.
|
|
upgrade:
|
|
- >
|
|
[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/allow-expired>`_]
|
|
To allow long running operations to complete services must be able to fetch
|
|
expired tokens via the ``allow_expired`` flag. The length of time a token is
|
|
retrievable for beyond its traditional expiry is managed by the
|
|
``[token] allow_expired_window`` option and so the data must be retrievable
|
|
for this amount of time. When using fernet tokens this means the key
|
|
rotation period must exceed this time so older tokens are still
|
|
decryptable. Ensure you do not rotate fernet keys faster than
|
|
``[token] expiration`` + ``[token] allow_expired_window`` seconds.
|