rgw/auth: Make service token expired token expiration configurable

Signed-off-by: Tobias Urdin <tobias.urdin@binero.com>
author: Tobias Urdin <tobias.urdin@binero.se> 2022-04-27 10:57:36 +0200
committer: Tobias Urdin <tobias.urdin@binero.se> 2022-09-21 22:33:29 +0200
commit: 31e79282be028beb363b32d4bf6e0b22ba3409e1 (patch)
tree: cc3daf30193acd9f352cba9c0db397da50a04631 /src/rgw/rgw_auth_keystone.cc
parent: rgw/auth: Validate accepted roles on service token user (diff)
download: ceph-31e79282be028beb363b32d4bf6e0b22ba3409e1.tar.xz
ceph-31e79282be028beb363b32d4bf6e0b22ba3409e1.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/src/rgw/rgw_auth_keystone.cc b/src/rgw/rgw_auth_keystone.cc
index 3fe732677d9..9976449f28b 100644
--- a/src/rgw/rgw_auth_keystone.cc
+++ b/src/rgw/rgw_auth_keystone.cc
@@ -334,8 +334,7 @@ TokenEngine::authenticate(const DoutPrefixProvider* dpp,
       /* If this token was an allowed expired token because we got a
        * service token we need to update the expiration before we cache it. */
       if (allow_expired) {
-        /* TODO(tobias-urdin): Make an hour here configurable. */
-        uint64_t new_expires = ceph_clock_now().sec() + 3600;
+        uint64_t new_expires = ceph_clock_now().sec() + g_conf()->rgw_keystone_expired_token_cache_expiration;
         ldpp_dout(dpp, 20) << "updating expiration of allowed expired token"
                            << " from " << t->get_expires() << " to "
                            << new_expires << dendl;
author	Tobias Urdin <tobias.urdin@binero.se>	2022-04-27 10:57:36 +0200
committer	Tobias Urdin <tobias.urdin@binero.se>	2022-09-21 22:33:29 +0200
commit	31e79282be028beb363b32d4bf6e0b22ba3409e1 (patch)
tree	cc3daf30193acd9f352cba9c0db397da50a04631 /src/rgw/rgw_auth_keystone.cc
parent	rgw/auth: Validate accepted roles on service token user (diff)
download	ceph-31e79282be028beb363b32d4bf6e0b22ba3409e1.tar.xz ceph-31e79282be028beb363b32d4bf6e0b22ba3409e1.zip