OpenStack Identity (keystone)

Expired Tokens Retention when using MySQL as backend

Registered by Emilien Macchi on 2013-03-15

This blueprint has been superseded. See the newer blueprint "keystone-manage token-flush" for updated plans.

Expired tokens stay in Database.
In Public Cloud, that could be a problem when a lot of tokens are asked every time (and even in Private Cloud).

(Possible) Solution :
add a flag in keystone.conf like :
keep_expired_tokens = True
retention_time = 365 #in days

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: None

Direction:: Needs approval

Assignee:: None

Definition:: Superseded

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Completed by: Dolph Mathews on 2013-04-30

Related branches

Related bugs

Bug #1155709: Expired Tokens stay in Database when using MySQL Backend

Invalid

Sprints

Whiteboard

redundant with https://blueprints.launchpad.net/keystone/+spec/keystone-manage-token-flush

the "possible solution" here puts the responsibility of deleting potential audit data on the service, which I don't think should be the case; however, providing an external mechanism to flush audit data is fine; I do very much like the idea of limiting the scope of impact of the flush mechanism to tokens that have already been expired for a certain period of time, and i'll include that in the above bp

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Emilien Macchi