Add auth_ttl into keystone.conf

There is a requirement for some end users where we need to specify
auth_ttl to a higher level. This should help with these users

Change-Id: Ifd515d7c103a6b24c4f5da500442406f04fb372f

config.yaml

@@ -442,3 +442,10 @@ options:
     description: |
       Default time (in minutes) for the validity of group memberships carried
       over from a federation mapping. Default is 0 which means disabled.
+  ec2-auth-ttl:
+    type: int
+    default: 15
+    description: |
+      The config item specifies the auth_ttl otion in [credentials]. This is
+      the length of time in minutes for which a signed EC2 or S3 token request
+      is valid from the timestamp contained in the token request.

hooks/keystone_context.py

@@ -208,6 +208,7 @@ class KeystoneContext(context.OSContextGenerator):
         ctxt['assignment_backend'] = config('assignment-backend')
         ctxt['token_provider'] = config('token-provider')
         ctxt['fernet_max_active_keys'] = config('fernet-max-active-keys')
+        ctxt['ec2_auth_ttl'] = config('ec2-auth-ttl')
         if config('identity-backend') == 'ldap':
             ctxt['ldap_server'] = config('ldap-server')
             ctxt['ldap_user'] = config('ldap-user')

templates/queens/keystone.conf

@@ -31,6 +31,7 @@ domain_config_dir = {{ domain_config_dir }}
 
 [credential]
 driver = sql
+auth_ttl = {{ ec2_auth_ttl }}
 
 [trust]
 driver = sql

templates/rocky/keystone.conf

@@ -31,6 +31,7 @@ domain_config_dir = {{ domain_config_dir }}
 
 [credential]
 driver = sql
+auth_ttl = {{ ec2_auth_ttl }}
 
 [trust]
 driver = sql