Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / keystone / 6b0b74a4d7866b2bfde5c5f5d05ad77b3abfeb5c^! / .
commit6b0b74a4d7866b2bfde5c5f5d05ad77b3abfeb5c[log] [tgz]
authorJakub Pavlik <pavlk.jakub@gmail.com>Thu Sep 01 10:49:14 2016 +0200
committerJakub Pavlik <pavlk.jakub@gmail.com>Thu Sep 01 10:49:14 2016 +0200
treee57ffb036165758d4ece1be7e003ddebc547e578
parent1984148f01742d9f174a92ed8f64880bb809d517 [diff]
max active keys for fernet

Change-Id: I4fafaee9c6203139f276b68c21904ec400133003

diff --git a/README.rst b/README.rst
index b0a0323..8e539d3 100644
--- a/README.rst
+++ b/README.rst

@@ -167,6 +167,7 @@
         ...
         tokens:
           engine: fernet
+          max_active_keys: 3
         ...
 
 Keystone domain with LDAP backend, using SQL for role/project assignment

diff --git a/keystone/files/kilo/keystone.conf.Debian b/keystone/files/kilo/keystone.conf.Debian
index 11ae0f2..263c70a 100644
--- a/keystone/files/kilo/keystone.conf.Debian
+++ b/keystone/files/kilo/keystone.conf.Debian

@@ -697,7 +697,7 @@
 # key. Increasing this value means that additional secondary keys will be kept
 # in the rotation. (integer value)
 #max_active_keys = 3
-
+max_active_keys={{ server.tokens.get('max_active_keys', '3') }}
 
 [identity]
 

diff --git a/keystone/files/liberty/keystone.conf.Debian b/keystone/files/liberty/keystone.conf.Debian
index 80c1ed6..159e082 100644
--- a/keystone/files/liberty/keystone.conf.Debian
+++ b/keystone/files/liberty/keystone.conf.Debian

@@ -823,7 +823,7 @@
 # key. Increasing this value means that additional secondary keys will be kept
 # in the rotation. (integer value)
 #max_active_keys = 3
-
+max_active_keys={{ server.tokens.get('max_active_keys', '3') }}
 
 [identity]
 

diff --git a/keystone/files/mitaka/keystone.conf.Debian b/keystone/files/mitaka/keystone.conf.Debian
index 9f80fd9..d21cc89 100644
--- a/keystone/files/mitaka/keystone.conf.Debian
+++ b/keystone/files/mitaka/keystone.conf.Debian

@@ -877,7 +877,7 @@
 # key. Increasing this value means that additional secondary keys will be kept
 # in the rotation. (integer value)
 #max_active_keys = 3
-
+max_active_keys={{ server.tokens.get('max_active_keys', '3') }}
 
 [identity]
 

diff --git a/tests/pillar/single_fernet.sls b/tests/pillar/single_fernet.sls
index 15f61f3..e9f90eb 100644
--- a/tests/pillar/single_fernet.sls
+++ b/tests/pillar/single_fernet.sls

@@ -25,6 +25,7 @@
       engine: fernet
       expiration: 86400
       location: /etc/keystone/fernet-keys/
+      max_active_keys: 4
     cache:
       engine: memcached
       members: