From 46bde0c0b2a99580584f34e4dd72c9ac8b611fac Mon Sep 17 00:00:00 2001
From: Tim Burke <tim.burke@gmail.com>
Date: Tue, 11 Dec 2018 18:47:53 +0000
Subject: [PATCH] s3token: Raise error on negative secret_cache_duration config

Change-Id: I8a961302a8905f483433976f6105b138a1acd7ba
---
 swift/common/middleware/s3api/s3token.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/swift/common/middleware/s3api/s3token.py b/swift/common/middleware/s3api/s3token.py
index ab00cd747c..4390c2a72c 100644
--- a/swift/common/middleware/s3api/s3token.py
+++ b/swift/common/middleware/s3api/s3token.py
@@ -162,7 +162,9 @@ class S3Token(object):
             self._verify = None
 
         self._secret_cache_duration = int(conf.get('secret_cache_duration', 0))
-        if self._secret_cache_duration > 0:
+        if self._secret_cache_duration < 0:
+            raise ValueError('secret_cache_duration must be non-negative')
+        if self._secret_cache_duration:
             try:
                 auth_plugin = keystone_loading.get_plugin_loader(
                     conf.get('auth_type', 'password'))