s3token: Enable secret caching by default

Code Issues Proposed changes

Now that we need to pass the service creds to keystone, we might as well
default secret caching by default now that they need to be provided.
This patch also adds the required s3token configuration to CI so we can use the
swift service creds to fetch s3api secrets.
As well as also configuring keystone users for cross-compatibility tests.
Change-Id: Ief0a29c4300edf2e0d52c041960d756ecc8a2677
Signed-off-by: Tim Burke <tburke@nvidia.com>

This commit is contained in:

Tim Burke

2025年11月06日 10:30:21 +11:00

committed by Matthew Oliver

parent b147eae95d

commit 5f89d14ebb

4 changed files with 107 additions and 1 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

6
etc/proxy-server.conf-sample

View File

@@ -793,6 +793,12 @@ http_timeout = 10.0

# You can override the default log routing for this filter here:

# log_name = s3token

# Secrets may be cached to reduce latency for the client and load on Keystone.

# This configures the duration that secrets may be cached; set to zero to

# disable caching and prevent Swift from retrieving secrets from Keystone.

# secret_cache_duration = 60

# Note that caching is required to enable signed aws-chunked transfers.

# Recent Keystone deployments require credentials similar to the authtoken

# middleware; these credentials require access to the s3tokens endpoint.

# Additionally, if secret caching is enabled, the credentials should have

s3token: Enable secret caching by default

6 etc/proxy-server.conf-sample Unescape Escape View File

6
etc/proxy-server.conf-sample

View File