@@ -49,7 +49,8 @@ def __init__(
4949 auth_token_max_lifetime = 60 ,
5050 aws_creds = None ,
5151 extra_context = None ,
52- endpoint_url = None
52+ endpoint_url = None ,
53+ token_cache_size = 4096 ,
5354 ):
5455 """Create a KMSTokenValidator object.
5556
@@ -61,11 +62,18 @@ def __init__(
6162 to_auth_context: The KMS encryption context to use for the to
6263 context for authentication. Required.
6364 region: AWS region to connect to. Required.
64- token_version: The version of the authentication token. Default: 2
65- token_cache_file: he location to use for caching the auth token.
66- If set to empty string, no cache will be used. Default: None
67- token_lifetime: Lifetime of the authentication token generated.
68- Default: 10
65+ scoped_auth_keys: A dict of KMS key to account mappings. These keys
66+ are for the 'service' role to support multiple AWS accounts. If
67+ services are scoped to accounts, kmsauth will ensure the service
68+ authentication KMS auth used the mapped key.
69+ Example: {"sandbox-auth-key":"sandbox","primary-auth-key":"primary"}
70+ minimum_token_version: The minimum version of the authentication
71+ token accepted.
72+ maximum_token_version: The maximum version of the authentication
73+ token accepted.
74+ auth_token_max_lifetime: The maximum lifetime of an authentication
75+ token in minutes.
76+ token_cache_size: Size of the in-memory LRU cache for auth tokens.
6977 aws_creds: A dict of AccessKeyId, SecretAccessKey, SessionToken.
7078 Useful if you wish to pass in assumed role credentials or MFA
7179 credentials. Default: None
@@ -103,7 +111,7 @@ def __init__(
103111 self .extra_context = {}
104112 else :
105113 self .extra_context = extra_context
106- self .TOKENS = lru .LRUCache (4096 )
114+ self .TOKENS = lru .LRUCache (token_cache_size )
107115 self .KEY_METADATA = {}
108116 self ._validate ()
109117
0 commit comments