The caching layer is designed to be applied to any
manager object within Keystone
via the use of
keystone.common.cache module. This leverages oslo.cache caching
system to provide a flexible caching backend.
The caching can be setup for all or some subsystems. It is recommended that each of the
managers have an independent toggle within the config file to enable caching. The easiest
method to utilize the toggle within the configuration file is to define a
boolean option within that manager’s configuration section (e.g.
identity). Enable the
enabled option as well as the specific manager’s caching enable toggle in
order to cache that subsystem.
The oslo.cache is simple and easy to adopt by any system. See the usage guide of
it. There are various cache backends supported by it. Example use of
oslo.cache in keystone (in this example,
token is the manager):
from keystone.common import cache TOKENS_REGION = cache.create_region(name='tokens') MEMOIZE_TOKENS = cache.get_memoization_decorator( group='token', region=TOKENS_REGION) @MEMOIZE_TOKENS def _validate_token(self, token_id): ... return token
With the above example, each call to the
cacheable_function would check to see if
the arguments passed to it matched a currently valid cached item. If the return value
was cached, the caching layer would return the cached value; if the return value was
not cached, the caching layer would call the function, pass the value to the
MEMOIZE_TOKEN decorator, which would then determine if caching was globally enabled
and enabled for the
token manager. If either caching toggle is disabled, the value
is returned but not cached.
It is recommended that each of the managers have an independent configurable time-to-live
(TTL). The option
cache_time is to be set for every manager under its section in
keystone.conf file. If the
cache_time is set to
None, the expiration time will be
set to the global default
expiration_time option in the
[cache] configuration section.
These options are passed to and handled by oslo.cache.
Cache invalidation can be done if specific cache entries are changed.
Example of invalidating a cache (in this example,
token is the manager):
def invalidate_individual_token_cache(self, token_id): ... self._validate_token.invalidate(self, token_id)
For cache invalidation, there is an
invalidate method (attribute) on the decorated function.
To invalidate the cache, pass the same arguments to the
invalidate method as you would the
normal function. This means you need to pass
self as the first argument.