53a83c2073
Based upon the keystone caching (using dogpile.cache) implementation
token caching is implemented in this patchset.
This patchset inclues basic Token caching as the first implementation
of this caching layer. The following methods are cached:
* token_api.get_token,
* token_api.list_revoked_tokens
* token_provider_api.validate_v3_token
* token_provider_api.check_v3_token
* token_provider_api.check_v2_token
* token_provider_api.validate_v2_token
* token_provider_api.validate_token
Calls to token_api.delete_token and token_api.delete_tokens will
properly invalidate the cache for the tokens being acted upon, as
well as invalidating the cache for the revoked_tokens_list and the
validate/check token calls.
Token caching is configurable independantly of the revocation_list
caching.
Lifted expiration checks from the token drivers to the token manager.
This ensures that cached tokens will still raise TokenNotFound when
expired.
For cache consistency, all token_ids are transformed into the short
token hash at the provider and token_driver level. Some methods would
have access to the full ID (PKI Tokens), and some methods would not.
Cache invalidation is inconsistent without token_id normalization.
DocImpact
partial-blueprint: caching-layer-for-driver-calls
Change-Id: Ifada0db0043fede504a091670ccc521196c2f19c
|
||
|---|---|---|
| .. | ||
| default_catalog.templates | ||
| keystone-paste.ini | ||
| keystone.conf.sample | ||
| logging.conf.sample | ||
| policy.json | ||
| policy.v3cloudsample.json | ||