From 843609d882299dd240c9cdeecbc675b81df1757b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Han?= <sebastien.han@enovance.com>
Date: Wed, 12 Feb 2014 15:43:02 +0100
Subject: [PATCH] Ability to configure keystone token expiration

Amount of time a token should remain valid (in seconds)

Closes bug: #232
---
 manifests/identity.pp               | 10 ++++++++--
 spec/classes/cloud_identity_spec.rb | 31 +++++++++++++++--------------
 2 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/manifests/identity.pp b/manifests/identity.pp
index a73eb482..75332c8b 100644
--- a/manifests/identity.pp
+++ b/manifests/identity.pp
@@ -323,6 +323,10 @@
 #   (optional) Syslog facility to receive log lines
 #   Defaults value in params
 #
+# [*token_expiration*]
+#   (optional) Amount of time a token should remain valid (in seconds)
+#   Defaults value in params
+#
 class cloud::identity (
   $swift_enabled                = $os_params::swift,
   $identity_roles_addons        = $os_params::identity_roles_addons,
@@ -392,7 +396,8 @@ class cloud::identity (
   $verbose                      = $os_params::verbose,
   $debug                        = $os_params::debug,
   $log_facility                 = $os_params::log_facility,
-  $use_syslog                   = $os_params::use_syslog
+  $use_syslog                   = $os_params::use_syslog,
+  $ks_token_expiration          = $os_params::ks_token_expiration
 ){
 
   $encoded_user     = uriescape($keystone_db_user)
@@ -414,7 +419,8 @@ class cloud::identity (
     verbose          => $verbose,
     bind_host        => $api_eth,
     public_port      => $ks_keystone_public_port,
-    admin_port       => $ks_keystone_admin_port
+    admin_port       => $ks_keystone_admin_port,
+    token_expiration => $ks_token_expiration
   }
 
   keystone_config {
diff --git a/spec/classes/cloud_identity_spec.rb b/spec/classes/cloud_identity_spec.rb
index 870b3696..57286b4f 100644
--- a/spec/classes/cloud_identity_spec.rb
+++ b/spec/classes/cloud_identity_spec.rb
@@ -94,21 +94,22 @@ describe 'cloud::identity' do
 
     it 'configure keystone server' do
       should contain_class('keystone').with(
-        :enabled          => true,
-        :admin_token      => 'SECRETE',
-        :compute_port     => '8774',
-        :debug            => true,
-        :verbose          => true,
-        :idle_timeout     => '60',
-        :log_facility     => 'LOG_LOCAL0',
-        :memcache_servers => ['10.0.0.1','10.0.0.2'],
-        :sql_connection   => 'mysql://keystone:secrete@10.0.0.1/keystone',
-        :token_driver     => 'keystone.token.backends.memcache.Token',
-        :token_provider   => 'keystone.token.providers.uuid.Provider',
-        :use_syslog       => true,
-        :bind_host        => '10.0.0.1',
-        :public_port      => '5000',
-        :admin_port       => '35357'
+        :enabled             => true,
+        :admin_token         => 'SECRETE',
+        :compute_port        => '8774',
+        :debug               => true,
+        :verbose             => true,
+        :idle_timeout        => '60',
+        :log_facility        => 'LOG_LOCAL0',
+        :memcache_servers    => ['10.0.0.1','10.0.0.2'],
+        :sql_connection      => 'mysql://keystone:secrete@10.0.0.1/keystone',
+        :token_driver        => 'keystone.token.backends.memcache.Token',
+        :token_provider      => 'keystone.token.providers.uuid.Provider',
+        :use_syslog          => true,
+        :bind_host           => '10.0.0.1',
+        :public_port         => '5000',
+        :admin_port          => '35357',
+        :ks_token_expiration => '3600'
       )
       should contain_keystone_config('ec2/driver').with('value' => 'keystone.contrib.ec2.backends.sql.Ec2')
     end