openstack
/
keystone
Code Issues Proposed changes

Move token_api.unique_id to token_provider_api 

Move the unique_id call from token_api to token_provider_api and
mark token_api.unique_id as deprecated, slated for removal in
the K cycle.

As part of the move to non-persistent tokens, the token_api calls
are being moved (as appropriate) to the token_provider_api in
preperation of token_api being deprecated.

Change-Id: I7186b8af3ecc572ca364d58e2ba1a0303e48aca1
bp: non-persistent-tokens
This commit is contained in:
Morgan Fainberg 2014-07-15 16:35:57 -07:00
parent 1612cb4168
commit 3918f55106
2 changed files with 28 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
keystone/token/core.py
View File

@ -18,7 +18,6 @@ import abc
import copy
import datetime
from keystoneclient.common import cms
import six
from keystone.common import cache
@ -29,6 +28,7 @@ from keystone import exception
from keystone.i18n import _
from keystone.openstack.common import log
from keystone.openstack.common import timeutils
from keystone.openstack.common import versionutils
CONF = config.CONF
@ -111,17 +111,12 @@ class Manager(manager.Manager):
def __init__(self):
super(Manager, self).__init__(CONF.token.driver)
@versionutils.deprecated(as_of=versionutils.deprecated.JUNO,
in_favor_of='token_provider_api.unique_id',
remove_in=+1,
what='token_api.unique_id')
def unique_id(self, token_id):
"""Return a unique ID for a token.
The returned value is useful as the primary key of a database table,
memcache store, or other lookup table.
:returns: Given a PKI token, returns it's hashed value. Otherwise,
returns the passed-in value (such as a UUID token ID or an
existing hash).
"""
return cms.cms_hash_token(token_id, mode=CONF.token.hash_algorithm)
return self.token_provider_api.unique_id(token_id)
def _assert_valid(self, token_id, token_ref):
"""Raise TokenNotFound if the token is expired."""
@ -136,7 +131,7 @@ class Manager(manager.Manager):
# context['token_id'] will in-fact be None. This also saves
# a round-trip to the backend if we don't have a token_id.
raise exception.TokenNotFound(token_id='')
unique_id = self.unique_id(token_id)
unique_id = self.token_provider_api.unique_id(token_id)
token_ref = self._get_token(unique_id)
# NOTE(morganfainberg): Lift expired checking to the manager, there is
# no reason to make the drivers implement this check. With caching,
@ -152,7 +147,7 @@ class Manager(manager.Manager):
return self.driver.get_token(token_id)
def create_token(self, token_id, data):
unique_id = self.unique_id(token_id)
unique_id = self.token_provider_api.unique_id(token_id)
data_copy = copy.deepcopy(data)
data_copy['id'] = unique_id
ret = self.driver.create_token(unique_id, data_copy)
@ -166,7 +161,7 @@ class Manager(manager.Manager):
def delete_token(self, token_id):
if not CONF.token.revoke_by_id:
return
unique_id = self.unique_id(token_id)
unique_id = self.token_provider_api.unique_id(token_id)
self.driver.delete_token(unique_id)
self._invalidate_individual_token_cache(unique_id)
self.invalidate_revocation_list()
@ -179,7 +174,7 @@ class Manager(manager.Manager):
consumer_id)
self.driver.delete_tokens(user_id, tenant_id, trust_id, consumer_id)
for token_id in token_list:
unique_id = self.unique_id(token_id)
unique_id = self.token_provider_api.unique_id(token_id)
self._invalidate_individual_token_cache(unique_id)
self.invalidate_revocation_list()

24
keystone/token/provider.py
View File

@ -16,6 +16,7 @@
import abc
from keystoneclient.common import cms
import six
from keystone.common import cache
@ -59,7 +60,6 @@ class UnsupportedTokenVersionException(Exception):
pass
@dependency.requires('token_api')
@dependency.optional('revoke_api')
@dependency.provider('token_provider_api')
class Manager(manager.Manager):
@ -105,8 +105,20 @@ class Manager(manager.Manager):
def __init__(self):
super(Manager, self).__init__(self.get_token_provider())
def unique_id(self, token_id):
"""Return a unique ID for a token.
The returned value is useful as the primary key of a database table,
memcache store, or other lookup table.
:returns: Given a PKI token, returns it's hashed value. Otherwise,
returns the passed-in value (such as a UUID token ID or an
existing hash).
"""
return cms.cms_hash_token(token_id, mode=CONF.token.hash_algorithm)
def validate_token(self, token_id, belongs_to=None):
unique_id = self.token_api.unique_id(token_id)
unique_id = self.unique_id(token_id)
# NOTE(morganfainberg): Ensure we never use the long-form token_id
# (PKI) as part of the cache_key.
token = self._validate_token(unique_id)
@ -126,7 +138,7 @@ class Manager(manager.Manager):
self.revoke_api.check_token(token_values)
def validate_v2_token(self, token_id, belongs_to=None):
unique_id = self.token_api.unique_id(token_id)
unique_id = self.unique_id(token_id)
# NOTE(morganfainberg): Ensure we never use the long-form token_id
# (PKI) as part of the cache_key.
token = self._validate_v2_token(unique_id)
@ -152,7 +164,7 @@ class Manager(manager.Manager):
return self.check_revocation_v3(token)
def validate_v3_token(self, token_id):
unique_id = self.token_api.unique_id(token_id)
unique_id = self.unique_id(token_id)
# NOTE(morganfainberg): Ensure we never use the long-form token_id
# (PKI) as part of the cache_key.
token = self._validate_v3_token(unique_id)
@ -169,7 +181,7 @@ class Manager(manager.Manager):
"""
# NOTE(morganfainberg): Ensure we never use the long-form token_id
# (PKI) as part of the cache_key.
unique_id = self.token_api.unique_id(token_id)
unique_id = self.unique_id(token_id)
self.validate_v2_token(unique_id, belongs_to=belongs_to)
def check_v3_token(self, token_id):
@ -181,7 +193,7 @@ class Manager(manager.Manager):
"""
# NOTE(morganfainberg): Ensure we never use the long-form token_id
# (PKI) as part of the cache_key.
unique_id = self.token_api.unique_id(token_id)
unique_id = self.unique_id(token_id)
self.validate_v3_token(unique_id)
@cache.on_arguments(should_cache_fn=SHOULD_CACHE,