openstack
/
keystone
Code Issues Proposed changes

Merge "Remove token driver configuration"

This commit is contained in:
Zuul 2018-05-15 01:12:31 +00:00 committed by Gerrit Code Review
parent f37895dc59 0ebe420b68
commit d8dfa22b4d
2 changed files with 5 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
keystone/conf/token.py
View File

@ -53,10 +53,10 @@ expiration = cfg.IntOpt(
The amount of time that a token should remain valid (in seconds). Drastically
reducing this value may break "long-running" operations that involve multiple
services to coordinate together, and will force users to authenticate with
keystone more frequently. Drastically increasing this value will increase load
on the `[token] driver`, as more tokens will be simultaneously valid. Keystone
tokens are also bearer tokens, so a shorter duration will also reduce the
potential security impact of a compromised token.
keystone more frequently. Drastically increasing this value will increase the
number of tokens that will be simultaneously valid. Keystone tokens are also
bearer tokens, so a shorter duration will also reduce the potential security
impact of a compromised token.
"""))
provider = cfg.StrOpt(
@ -65,27 +65,12 @@ provider = cfg.StrOpt(
help=utils.fmt("""
Entry point for the token provider in the `keystone.token.provider` namespace.
The token provider controls the token construction, validation, and revocation
operations. Keystone includes `fernet` and `uuid` token
providers. `uuid` tokens must be persisted (using the backend specified in the
`[token] driver` option), but do not require any extra configuration or setup.
operations. Keystone includes `fernet` token provider.
`fernet` tokens do not need to be persisted at all, but require that you run
`keystone-manage fernet_setup` (also see the `keystone-manage fernet_rotate`
command).
"""))
driver = cfg.StrOpt(
'driver',
default='sql',
deprecated_since=versionutils.deprecated.PIKE,
deprecated_for_removal=True,
help=utils.fmt("""
Entry point for the token persistence backend driver in the
`keystone.token.persistence` namespace. Keystone provides the `sql`
driver. The `sql` option (default) depends on the options in your
`[database]` section. If you're using the `fernet` `[token] provider`, this
backend will not be utilized to persist tokens at all.
"""))
caching = cfg.BoolOpt(
'caching',
default=True,
@ -160,7 +145,6 @@ ALL_OPTS = [
enforce_token_bind,
expiration,
provider,
driver,
caching,
cache_time,
revoke_by_id,

1
keystone/tests/unit/core.py
View File

@ -883,5 +883,4 @@ class SQLDriverOverrides(object):
self.config_fixture.config(group='catalog', driver='sql')
self.config_fixture.config(group='identity', driver='sql')
self.config_fixture.config(group='policy', driver='sql')
self.config_fixture.config(group='token', driver='sql')
self.config_fixture.config(group='trust', driver='sql')