From 3a3e2540ff10a78ca9b4dde98671f6fd970e6568 Mon Sep 17 00:00:00 2001
From: Adam Young <ayoung@redhat.com>
Date: Tue, 19 Mar 2013 13:20:17 -0400
Subject: [PATCH] Config value for revocation list timeout

Adds the config option 'revocation_cache_time'
default of 300 seconds, same as token timeout

Bug 1076083

DocImpact

Change-Id: Ifd41c816dd5431f140461d6a1588364d7ecf9a62
---
 keystoneclient/middleware/auth_token.py |  5 +++--
 tests/test_auth_token_middleware.py     | 16 +++++++++++++---
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/keystoneclient/middleware/auth_token.py b/keystoneclient/middleware/auth_token.py
index 98a427b..694089c 100644
--- a/keystoneclient/middleware/auth_token.py
+++ b/keystoneclient/middleware/auth_token.py
@@ -215,6 +215,7 @@ opts = [
                default=os.path.expanduser('~/keystone-signing')),
     cfg.ListOpt('memcache_servers'),
     cfg.IntOpt('token_cache_time', default=300),
+    cfg.IntOpt('revocation_cache_time', default=1),
     cfg.StrOpt('memcache_security_strategy', default=None),
     cfg.StrOpt('memcache_secret_key', default=None, secret=True)
 ]
@@ -337,8 +338,8 @@ class AuthProtocol(object):
         self.token_cache_time = int(self._conf_get('token_cache_time'))
         self._token_revocation_list = None
         self._token_revocation_list_fetched_time = None
-        cache_timeout = datetime.timedelta(seconds=0)
-        self.token_revocation_list_cache_timeout = cache_timeout
+        self.token_revocation_list_cache_timeout = datetime.timedelta(
+            seconds=self._conf_get('revocation_cache_time'))
         http_connect_timeout_cfg = self._conf_get('http_connect_timeout')
         self.http_connect_timeout = (http_connect_timeout_cfg and
                                      int(http_connect_timeout_cfg))
diff --git a/tests/test_auth_token_middleware.py b/tests/test_auth_token_middleware.py
index 59f3d22..f2615d6 100644
--- a/tests/test_auth_token_middleware.py
+++ b/tests/test_auth_token_middleware.py
@@ -625,8 +625,6 @@ class BaseAuthTokenMiddlewareTest(testtools.TestCase):
         self.middleware = auth_token.AuthProtocol(fake_app(expected_env), conf)
         self.middleware._iso8601 = iso8601
         self.middleware.revoked_file_name = tempfile.mkstemp()[1]
-        cache_timeout = datetime.timedelta(days=1)
-        self.middleware.token_revocation_list_cache_timeout = cache_timeout
         self.middleware.token_revocation_list = jsonutils.dumps(
             {"revoked": [], "extra": "success"})
 
@@ -748,7 +746,8 @@ class AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest):
     def test_init_does_not_call_http(self):
         conf = {
             'auth_host': 'keystone.example.com',
-            'auth_port': 1234
+            'auth_port': 1234,
+            'revocation_cache_time': 1
         }
         self.set_fake_http(RaisingHTTPConnection)
         self.set_middleware(conf=conf, fake_http=RaisingHTTPConnection)
@@ -1165,6 +1164,17 @@ class AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest):
         }
         self.assertRaises(Exception, self.set_middleware, conf)
 
+    def test_config_revocation_cache_timeout(self):
+        conf = {
+                'auth_host': 'keystone.example.com',
+                'auth_port': 1234,
+                'auth_admin_prefix': '/testadmin',
+                'revocation_cache_time': 24
+        }
+        middleware = auth_token.AuthProtocol(self.fake_app, conf)
+        self.assertEquals(middleware.token_revocation_list_cache_timeout,
+                          datetime.timedelta(seconds=24))
+
 
 class v2AuthTokenMiddlewareTest(test.NoModule, BaseAuthTokenMiddlewareTest):
     """ v2 token specific tests.