Disable keystone token_flush by default

We don't need token_flush job for keystone now as we use fernet token which does not require to be persisted inside database. Change-Id: I164b42d292481530b024ed9f329dd9bfa11aceaf
2019-09-17 09:38:24 +09:00 · 2019-09-17 09:38:24 +09:00 · f907b0ec26
parent 6080f92919
commit f907b0ec26
2 changed files with 22 additions and 7 deletions
--- a/manifests/profile/base/keystone.pp
+++ b/manifests/profile/base/keystone.pp
@ -70,7 +70,7 @@
 #
 # [*manage_db_purge*]
 #   (Optional) Whether keystone token flushing should be enabled
-#   Defaults to hiera('keystone_enable_db_purge', true)
+#   Defaults to hiera('keystone_enable_db_purge', false)
 #
 # [*public_endpoint_network*]
 #   (Optional) The network name where the admin endpoint is listening on.
@ -169,7 +169,7 @@ class tripleo::profile::base::keystone (
  $heat_admin_user                = undef,
  $ldap_backends_config           = undef,
  $ldap_backend_enable            = false,
-  $manage_db_purge                = hiera('keystone_enable_db_purge', true),
+  $manage_db_purge                = hiera('keystone_enable_db_purge', false),
  $public_endpoint_network        = hiera('keystone_public_api_network', undef),
  $oslomsg_rpc_proto              = hiera('oslo_messaging_rpc_scheme', 'rabbit'),
  $oslomsg_rpc_hosts              = any2array(hiera('oslo_messaging_rpc_node_names', undef)),
--- a/spec/classes/tripleo_profile_base_keystone_spec.rb
+++ b/spec/classes/tripleo_profile_base_keystone_spec.rb
@ -118,7 +118,7 @@ describe 'tripleo::profile::base::keystone' do
        is_expected.to contain_class('keystone::security_compliance')
        is_expected.to_not contain_class('keystone::ldap_backend')
        is_expected.to_not contain_class('keystone::federation::openidc')
-        is_expected.to contain_class('keystone::cron::token_flush')
+        is_expected.to_not contain_class('keystone::cron::token_flush')
      end
    end

@ -144,16 +144,16 @@ describe 'tripleo::profile::base::keystone' do
        is_expected.to contain_class('keystone::security_compliance')
        is_expected.to_not contain_class('keystone::ldap_backend')
        is_expected.to_not contain_class('keystone::federation::openidc')
-        is_expected.to contain_class('keystone::cron::token_flush')
+        is_expected.to_not contain_class('keystone::cron::token_flush')
      end
    end

-    context 'with step 4 and db_purge disabled' do
+    context 'with step less than 4 and db_purge enabled' do
      before do
        params.merge!(
-          { :step            => 4,
+          { :step            => 3,
            :bootstrap_node  => 'other.example.com',
-            :manage_db_purge => false
+            :manage_db_purge => true
          }
        )
      end
@ -162,6 +162,21 @@ describe 'tripleo::profile::base::keystone' do
        is_expected.to_not contain_class('keystone::cron::token_flush')
      end
    end
+
+    context 'with step 4 and db_purge enabled' do
+      before do
+        params.merge!(
+          { :step            => 4,
+            :bootstrap_node  => 'other.example.com',
+            :manage_db_purge => true
+          }
+        )
+      end
+
+      it 'should trigger token_flush configuration' do
+        is_expected.to contain_class('keystone::cron::token_flush')
+      end
+    end
  end

  on_supported_os.each do |os, facts|