diff options
| author | Dolph Mathews <dolph.mathews@gmail.com> | 2014-01-13 16:17:32 -0600 |
|---|---|---|
| committer | Dolph Mathews <dolph.mathews@gmail.com> | 2014-01-14 15:25:19 -0600 |
| commit | 7494f93dc3d295d5aa3564c614107d0332467a80 (patch) | |
| tree | 7fb72059545ba1044ae38abb5c5fe383ef5912c4 | |
| parent | 83db9722c201eca9fa47d93fce7d09dd6f28e053 (diff) | |
| download | keystone-7494f93dc3d295d5aa3564c614107d0332467a80.tar.gz | |
reduce default token duration to one hour
- reduces number of active tokens that have to be persisted, especially
where clients are needlessly regenerating tokens
- reduces the window of publishing token revocation events (you only
have to publish events from the last hour)
- reduces the window of the token revocation list (similar to the above)
DocImpact
UpgradeImpact
Implements: bp reduce-default-token-duration
Change-Id: Ia548f7e981690edab56c51fdcab9102245aced3e
| -rw-r--r-- | etc/keystone.conf.sample | 2 | ||||
| -rw-r--r-- | keystone/common/config.py | 2 | ||||
| -rw-r--r-- | keystone/tests/test_backend_memcache.py | 2 | ||||
| -rw-r--r-- | keystone/tests/test_token_provider.py | 5 |
4 files changed, 7 insertions, 4 deletions
diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample index 2a525f59a..8396a9c9b 100644 --- a/etc/keystone.conf.sample +++ b/etc/keystone.conf.sample @@ -256,7 +256,7 @@ # provider = # Amount of time a token should remain valid (in seconds) -# expiration = 86400 +# expiration = 3600 # External auth mechanisms that should add bind information to token. # eg kerberos, x509 diff --git a/keystone/common/config.py b/keystone/common/config.py index 937943d40..25315bc73 100644 --- a/keystone/common/config.py +++ b/keystone/common/config.py @@ -69,7 +69,7 @@ FILE_OPTIONS = { 'token': [ cfg.ListOpt('bind', default=[]), cfg.StrOpt('enforce_token_bind', default='permissive'), - cfg.IntOpt('expiration', default=86400), + cfg.IntOpt('expiration', default=3600), cfg.StrOpt('provider', default=None), cfg.StrOpt('driver', default='keystone.token.backends.sql.Token'), diff --git a/keystone/tests/test_backend_memcache.py b/keystone/tests/test_backend_memcache.py index 0641bb7e3..313086c68 100644 --- a/keystone/tests/test_backend_memcache.py +++ b/keystone/tests/test_backend_memcache.py @@ -149,7 +149,7 @@ class MemcacheToken(tests.TestCase, test_backend.TokenTests): expired_token_id = uuid.uuid4().hex user_id = unicode(uuid.uuid4().hex) - expire_delta = datetime.timedelta(seconds=86400) + expire_delta = datetime.timedelta(seconds=CONF.token.expiration) valid_data = {'id': valid_token_id, 'a': 'b', 'user': {'id': user_id}} diff --git a/keystone/tests/test_token_provider.py b/keystone/tests/test_token_provider.py index 8b2c212e2..b25aa05a3 100644 --- a/keystone/tests/test_token_provider.py +++ b/keystone/tests/test_token_provider.py @@ -16,6 +16,7 @@ import datetime +from keystone import config from keystone import exception from keystone.openstack.common import timeutils from keystone import tests @@ -23,7 +24,9 @@ from keystone.tests import default_fixtures from keystone import token -FUTURE_DELTA = datetime.timedelta(seconds=86400) +CONF = config.CONF + +FUTURE_DELTA = datetime.timedelta(seconds=CONF.token.expiration) CURRENT_DATE = timeutils.utcnow() SAMPLE_V2_TOKEN = { |