Move token_api.unique_id to token_provider_api
Move the unique_id call from token_api to token_provider_api and mark token_api.unique_id as deprecated, slated for removal in the K cycle. As part of the move to non-persistent tokens, the token_api calls are being moved (as appropriate) to the token_provider_api in preperation of token_api being deprecated. Change-Id: I7186b8af3ecc572ca364d58e2ba1a0303e48aca1 bp: non-persistent-tokens
This commit is contained in:
parent
1612cb4168
commit
3918f55106
|
@ -18,7 +18,6 @@ import abc
|
|||
import copy
|
||||
import datetime
|
||||
|
||||
from keystoneclient.common import cms
|
||||
import six
|
||||
|
||||
from keystone.common import cache
|
||||
|
@ -29,6 +28,7 @@ from keystone import exception
|
|||
from keystone.i18n import _
|
||||
from keystone.openstack.common import log
|
||||
from keystone.openstack.common import timeutils
|
||||
from keystone.openstack.common import versionutils
|
||||
|
||||
|
||||
CONF = config.CONF
|
||||
|
@ -111,17 +111,12 @@ class Manager(manager.Manager):
|
|||
def __init__(self):
|
||||
super(Manager, self).__init__(CONF.token.driver)
|
||||
|
||||
@versionutils.deprecated(as_of=versionutils.deprecated.JUNO,
|
||||
in_favor_of='token_provider_api.unique_id',
|
||||
remove_in=+1,
|
||||
what='token_api.unique_id')
|
||||
def unique_id(self, token_id):
|
||||
"""Return a unique ID for a token.
|
||||
|
||||
The returned value is useful as the primary key of a database table,
|
||||
memcache store, or other lookup table.
|
||||
|
||||
:returns: Given a PKI token, returns it's hashed value. Otherwise,
|
||||
returns the passed-in value (such as a UUID token ID or an
|
||||
existing hash).
|
||||
"""
|
||||
return cms.cms_hash_token(token_id, mode=CONF.token.hash_algorithm)
|
||||
return self.token_provider_api.unique_id(token_id)
|
||||
|
||||
def _assert_valid(self, token_id, token_ref):
|
||||
"""Raise TokenNotFound if the token is expired."""
|
||||
|
@ -136,7 +131,7 @@ class Manager(manager.Manager):
|
|||
# context['token_id'] will in-fact be None. This also saves
|
||||
# a round-trip to the backend if we don't have a token_id.
|
||||
raise exception.TokenNotFound(token_id='')
|
||||
unique_id = self.unique_id(token_id)
|
||||
unique_id = self.token_provider_api.unique_id(token_id)
|
||||
token_ref = self._get_token(unique_id)
|
||||
# NOTE(morganfainberg): Lift expired checking to the manager, there is
|
||||
# no reason to make the drivers implement this check. With caching,
|
||||
|
@ -152,7 +147,7 @@ class Manager(manager.Manager):
|
|||
return self.driver.get_token(token_id)
|
||||
|
||||
def create_token(self, token_id, data):
|
||||
unique_id = self.unique_id(token_id)
|
||||
unique_id = self.token_provider_api.unique_id(token_id)
|
||||
data_copy = copy.deepcopy(data)
|
||||
data_copy['id'] = unique_id
|
||||
ret = self.driver.create_token(unique_id, data_copy)
|
||||
|
@ -166,7 +161,7 @@ class Manager(manager.Manager):
|
|||
def delete_token(self, token_id):
|
||||
if not CONF.token.revoke_by_id:
|
||||
return
|
||||
unique_id = self.unique_id(token_id)
|
||||
unique_id = self.token_provider_api.unique_id(token_id)
|
||||
self.driver.delete_token(unique_id)
|
||||
self._invalidate_individual_token_cache(unique_id)
|
||||
self.invalidate_revocation_list()
|
||||
|
@ -179,7 +174,7 @@ class Manager(manager.Manager):
|
|||
consumer_id)
|
||||
self.driver.delete_tokens(user_id, tenant_id, trust_id, consumer_id)
|
||||
for token_id in token_list:
|
||||
unique_id = self.unique_id(token_id)
|
||||
unique_id = self.token_provider_api.unique_id(token_id)
|
||||
self._invalidate_individual_token_cache(unique_id)
|
||||
self.invalidate_revocation_list()
|
||||
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
import abc
|
||||
|
||||
from keystoneclient.common import cms
|
||||
import six
|
||||
|
||||
from keystone.common import cache
|
||||
|
@ -59,7 +60,6 @@ class UnsupportedTokenVersionException(Exception):
|
|||
pass
|
||||
|
||||
|
||||
@dependency.requires('token_api')
|
||||
@dependency.optional('revoke_api')
|
||||
@dependency.provider('token_provider_api')
|
||||
class Manager(manager.Manager):
|
||||
|
@ -105,8 +105,20 @@ class Manager(manager.Manager):
|
|||
def __init__(self):
|
||||
super(Manager, self).__init__(self.get_token_provider())
|
||||
|
||||
def unique_id(self, token_id):
|
||||
"""Return a unique ID for a token.
|
||||
|
||||
The returned value is useful as the primary key of a database table,
|
||||
memcache store, or other lookup table.
|
||||
|
||||
:returns: Given a PKI token, returns it's hashed value. Otherwise,
|
||||
returns the passed-in value (such as a UUID token ID or an
|
||||
existing hash).
|
||||
"""
|
||||
return cms.cms_hash_token(token_id, mode=CONF.token.hash_algorithm)
|
||||
|
||||
def validate_token(self, token_id, belongs_to=None):
|
||||
unique_id = self.token_api.unique_id(token_id)
|
||||
unique_id = self.unique_id(token_id)
|
||||
# NOTE(morganfainberg): Ensure we never use the long-form token_id
|
||||
# (PKI) as part of the cache_key.
|
||||
token = self._validate_token(unique_id)
|
||||
|
@ -126,7 +138,7 @@ class Manager(manager.Manager):
|
|||
self.revoke_api.check_token(token_values)
|
||||
|
||||
def validate_v2_token(self, token_id, belongs_to=None):
|
||||
unique_id = self.token_api.unique_id(token_id)
|
||||
unique_id = self.unique_id(token_id)
|
||||
# NOTE(morganfainberg): Ensure we never use the long-form token_id
|
||||
# (PKI) as part of the cache_key.
|
||||
token = self._validate_v2_token(unique_id)
|
||||
|
@ -152,7 +164,7 @@ class Manager(manager.Manager):
|
|||
return self.check_revocation_v3(token)
|
||||
|
||||
def validate_v3_token(self, token_id):
|
||||
unique_id = self.token_api.unique_id(token_id)
|
||||
unique_id = self.unique_id(token_id)
|
||||
# NOTE(morganfainberg): Ensure we never use the long-form token_id
|
||||
# (PKI) as part of the cache_key.
|
||||
token = self._validate_v3_token(unique_id)
|
||||
|
@ -169,7 +181,7 @@ class Manager(manager.Manager):
|
|||
"""
|
||||
# NOTE(morganfainberg): Ensure we never use the long-form token_id
|
||||
# (PKI) as part of the cache_key.
|
||||
unique_id = self.token_api.unique_id(token_id)
|
||||
unique_id = self.unique_id(token_id)
|
||||
self.validate_v2_token(unique_id, belongs_to=belongs_to)
|
||||
|
||||
def check_v3_token(self, token_id):
|
||||
|
@ -181,7 +193,7 @@ class Manager(manager.Manager):
|
|||
"""
|
||||
# NOTE(morganfainberg): Ensure we never use the long-form token_id
|
||||
# (PKI) as part of the cache_key.
|
||||
unique_id = self.token_api.unique_id(token_id)
|
||||
unique_id = self.unique_id(token_id)
|
||||
self.validate_v3_token(unique_id)
|
||||
|
||||
@cache.on_arguments(should_cache_fn=SHOULD_CACHE,
|
||||
|
|
Loading…
Reference in New Issue