Merge pull request ceph#63271 from rafaelweingartner/parameter_to_externalize_secret_key_ttl-upstream-2

ivancich · web-flow · commit 476f6d05cf07 · 2025-06-20T14:00:54.000-06:00
rgw: Externalize Keystone secret key cache TTL

Reviewed-by: Matt Benjamin &lt;mbenjamin@redhat.com&gt;
Reviewed-by: Adam C. Emerson &lt;aemerson@redhat.com&gt;
Reviewed-by: Tobias Urdin &lt;tobias.urdin@binero.com&gt;
diff --git a/src/common/options/rgw.yaml.in b/src/common/options/rgw.yaml.in
@@ -844,6 +844,16 @@ options:
   services:
   - rgw
   with_legacy: true
+- name: rgw_keystone_token_cache_ttl
+  type: int
+  level: advanced
+  desc: Keystone token secret key cache TTL
+  long_desc: The TTL for secret keys that are loaded from Keystone and stored in the cache system.
+  fmt_desc: The maximum TTL that a secret loaded from Keystone is maintained in the token cache system.
+  default: 300
+  services:
+  - rgw
+  with_legacy: true
 - name: rgw_keystone_verify_ssl
   type: bool
   level: advanced
diff --git a/src/rgw/rgw_auth_keystone.h b/src/rgw/rgw_auth_keystone.h
@@ -102,7 +102,7 @@ class SecretCache {
     : cct(g_ceph_context),
       lock(),
       max(cct->_conf->rgw_keystone_token_cache_size),
-      s3_token_expiry_length(300, 0) {
+      s3_token_expiry_length(cct->_conf->rgw_keystone_token_cache_ttl, 0) {
   }
 
   ~SecretCache() {}

Original file line number	Diff line number	Diff line change
`@@ -102,7 +102,7 @@ class SecretCache {`
`102`	`102`	`: cct(g_ceph_context),`
`103`	`103`	`lock(),`
`104`	`104`	`max(cct->_conf->rgw_keystone_token_cache_size),`
`105`		`- s3_token_expiry_length(300, 0) {`
	`105`	`+ s3_token_expiry_length(cct->_conf->rgw_keystone_token_cache_ttl, 0) {`
`106`	`106`	`}`
`107`	`107`
`108`	`108`	`~SecretCache() {}`