rgw: configurable swift token ttl

Bump up ttl to 24h, and make it configurable.

Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>

2 files changed, 2 insertions, 1 deletions

diff --git a/src/common/config_opts.h b/src/common/config_opts.h
index a49b9d76ecc..4a4c082e654 100644
--- a/src/common/config_opts.h
+++ b/src/common/config_opts.h
@@ -420,6 +420,7 @@ OPTION(rgw_swift_url_prefix, OPT_STR, "swift")  //
 OPTION(rgw_swift_auth_entry, OPT_STR, "auth")  // entry point for which a url is considered a swift auth url
 OPTION(rgw_admin_entry, OPT_STR, "admin")  // entry point for which a url is considered an admin request
 OPTION(rgw_enforce_swift_acls, OPT_BOOL, true)
+OPTION(rgw_swift_token_expiration, OPT_INT, 24 * 3600) // time in seconds for swift token expiration
 OPTION(rgw_print_continue, OPT_BOOL, true)  // enable if 100-Continue works
 OPTION(rgw_remote_addr_param, OPT_STR, "REMOTE_ADDR")  // e.g. X-Forwarded-For, if you have a reverse proxy
 OPTION(rgw_op_thread_timeout, OPT_INT, 10*60)
diff --git a/src/rgw/rgw_swift_auth.cc b/src/rgw/rgw_swift_auth.cc
index 47390fb48c1..b0be5d45938 100644
--- a/src/rgw/rgw_swift_auth.cc
+++ b/src/rgw/rgw_swift_auth.cc
@@ -49,7 +49,7 @@ static int encode_token(CephContext *cct, string& swift_user, string& key, buffe
     return ret;
 
   utime_t expiration = ceph_clock_now(cct);
-  expiration += RGW_SWIFT_TOKEN_EXPIRATION; // 15 minutes
+  expiration += cct->_conf->rgw_swift_token_expiration;
 
   ret = build_token(swift_user, key, nonce, expiration, bl);