Clean up the create_arguments_apply methods

replace create_arguments_apply methods by token model way. bp: removed-as-of-stein Change-Id: I3239e723981dc7d0a53eb454e879096318f7b11a
2018-12-28 16:44:35 +08:00 · 2018-12-28 16:44:35 +08:00 · 3db38cabcb
commit 3db38cabcb
parent ef87a20212
3 changed files with 41 additions and 80 deletions
--- a/keystone/token/providers/fernet/core.py
+++ b/keystone/token/providers/fernet/core.py
@ -44,11 +44,36 @@ class Provider(base.Provider):

        self.token_formatter = tf.TokenFormatter()

+    def _determine_payload_class_from_token(self, token):
+        if token.oauth_scoped:
+            return tf.OauthScopedPayload
+        elif token.trust_scoped:
+            return tf.TrustScopedPayload
+        elif token.is_federated:
+            if token.project_scoped:
+                return tf.FederatedProjectScopedPayload
+            elif token.domain_scoped:
+                return tf.FederatedDomainScopedPayload
+            elif token.unscoped:
+                return tf.FederatedUnscopedPayload
+        elif token.application_credential_id:
+            return tf.ApplicationCredentialScopedPayload
+        elif token.project_scoped:
+            return tf.ProjectScopedPayload
+        elif token.domain_scoped:
+            return tf.DomainScopedPayload
+        elif token.system_scoped:
+            return tf.SystemScopedPayload
+        else:
+            return tf.UnscopedPayload
+
    def generate_id_and_issued_at(self, token):
+        token_payload_class = self._determine_payload_class_from_token(token)
        token_id = self.token_formatter.create_token(
            token.user_id,
            token.expires_at,
            token.audit_ids,
+            token_payload_class,
            methods=token.methods,
            system=token.system,
            domain_id=token.domain_id,
--- a/keystone/token/token_formatters.py
+++ b/keystone/token/token_formatters.py
@ -135,23 +135,12 @@ class TokenFormatter(object):

        return issued_at

-    def create_token(self, user_id, expires_at, audit_ids, methods=None,
-                     system=None, domain_id=None, project_id=None,
-                     trust_id=None, federated_group_ids=None,
+    def create_token(self, user_id, expires_at, audit_ids, payload_class,
+                     methods=None, system=None, domain_id=None,
+                     project_id=None, trust_id=None, federated_group_ids=None,
                     identity_provider_id=None, protocol_id=None,
                     access_token_id=None, app_cred_id=None):
        """Given a set of payload attributes, generate a Fernet token."""
-        for payload_class in PAYLOAD_CLASSES:
-            if payload_class.create_arguments_apply(
-                    project_id=project_id, domain_id=domain_id,
-                    system=system, trust_id=trust_id,
-                    federated_group_ids=federated_group_ids,
-                    identity_provider_id=identity_provider_id,
-                    protocol_id=protocol_id,
-                    access_token_id=access_token_id,
-                    app_cred_id=app_cred_id):
-                break
-
        version = payload_class.version
        payload = payload_class.assemble(
            user_id, methods, system, project_id, domain_id, expires_at,
@ -186,7 +175,7 @@ class TokenFormatter(object):
        versioned_payload = msgpack.unpackb(serialized_payload)
        version, payload = versioned_payload[0], versioned_payload[1:]

-        for payload_class in PAYLOAD_CLASSES:
+        for payload_class in _PAYLOAD_CLASSES:
            if version == payload_class.version:
                (user_id, methods, system, project_id, domain_id,
                 expires_at, audit_ids, trust_id, federated_group_ids,
@ -223,17 +212,6 @@ class BasePayload(object):
    # each payload variant should have a unique version
    version = None

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        """Check the arguments to see if they apply to this payload variant.
-
-        :returns: True if the arguments indicate that this payload class is
-                  needed for the token otherwise returns False.
-        :rtype: bool
-
-        """
-        raise NotImplementedError()
-
    @classmethod
    def assemble(cls, user_id, methods, system, project_id, domain_id,
                 expires_at, audit_ids, trust_id, federated_group_ids,
@ -370,10 +348,6 @@ class BasePayload(object):
 class UnscopedPayload(BasePayload):
    version = 0

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        return True
-
    @classmethod
    def assemble(cls, user_id, methods, system, project_id, domain_id,
                 expires_at, audit_ids, trust_id, federated_group_ids,
@ -412,10 +386,6 @@ class UnscopedPayload(BasePayload):
 class DomainScopedPayload(BasePayload):
    version = 1

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        return kwargs['domain_id']
-
    @classmethod
    def assemble(cls, user_id, methods, system, project_id, domain_id,
                 expires_at, audit_ids, trust_id, federated_group_ids,
@ -471,10 +441,6 @@ class DomainScopedPayload(BasePayload):
 class ProjectScopedPayload(BasePayload):
    version = 2

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        return kwargs['project_id']
-
    @classmethod
    def assemble(cls, user_id, methods, system, project_id, domain_id,
                 expires_at, audit_ids, trust_id, federated_group_ids,
@ -516,10 +482,6 @@ class ProjectScopedPayload(BasePayload):
 class TrustScopedPayload(BasePayload):
    version = 3

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        return kwargs['trust_id']
-
    @classmethod
    def assemble(cls, user_id, methods, system, project_id, domain_id,
                 expires_at, audit_ids, trust_id, federated_group_ids,
@ -564,10 +526,6 @@ class TrustScopedPayload(BasePayload):
 class FederatedUnscopedPayload(BasePayload):
    version = 4

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        return kwargs['federated_group_ids']
-
    @classmethod
    def pack_group_id(cls, group_dict):
        return cls.attempt_convert_uuid_hex_to_bytes(group_dict['id'])
@ -678,26 +636,14 @@ class FederatedScopedPayload(FederatedUnscopedPayload):
 class FederatedProjectScopedPayload(FederatedScopedPayload):
    version = 5

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        return kwargs['project_id'] and kwargs['federated_group_ids']
-

 class FederatedDomainScopedPayload(FederatedScopedPayload):
    version = 6

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        return kwargs['domain_id'] and kwargs['federated_group_ids']
-

 class OauthScopedPayload(BasePayload):
    version = 7

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        return kwargs['access_token_id']
-
    @classmethod
    def assemble(cls, user_id, methods, system, project_id, domain_id,
                 expires_at, audit_ids, trust_id, federated_group_ids,
@ -745,10 +691,6 @@ class OauthScopedPayload(BasePayload):
 class SystemScopedPayload(BasePayload):
    version = 8

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        return kwargs['system']
-
    @classmethod
    def assemble(cls, user_id, methods, system, project_id, domain_id,
                 expires_at, audit_ids, trust_id, federated_group_ids,
@ -787,10 +729,6 @@ class SystemScopedPayload(BasePayload):
 class ApplicationCredentialScopedPayload(BasePayload):
    version = 9

-    @classmethod
-    def create_arguments_apply(cls, **kwargs):
-        return kwargs['app_cred_id']
-
    @classmethod
    def assemble(cls, user_id, methods, system, project_id, domain_id,
                 expires_at, audit_ids, trust_id, federated_group_ids,
@ -833,22 +771,15 @@ class ApplicationCredentialScopedPayload(BasePayload):
                app_cred_id)


-# For now, the order of the classes in the following list is important. This
-# is because the way they test that the payload applies to them in
-# the create_arguments_apply method requires that the previous ones rejected
-# the payload arguments. For example, UnscopedPayload must be last since it's
-# the catch-all after all the other payloads have been checked.
-# TODO(blk-u): Clean up the create_arguments_apply methods so that they don't
-# depend on the previous classes then these can be in any order.
-PAYLOAD_CLASSES = [
-    OauthScopedPayload,
+_PAYLOAD_CLASSES = [
+    UnscopedPayload,
+    DomainScopedPayload,
+    ProjectScopedPayload,
    TrustScopedPayload,
+    FederatedUnscopedPayload,
    FederatedProjectScopedPayload,
    FederatedDomainScopedPayload,
-    FederatedUnscopedPayload,
-    ApplicationCredentialScopedPayload,
-    ProjectScopedPayload,
-    DomainScopedPayload,
+    OauthScopedPayload,
    SystemScopedPayload,
-    UnscopedPayload,
+    ApplicationCredentialScopedPayload,
 ]
--- a/releasenotes/notes/removed-as-of-stein-5eb23253b72ab54e.yaml
+++ b/releasenotes/notes/removed-as-of-stein-5eb23253b72ab54e.yaml
@ -20,3 +20,8 @@ other:
    The ``keystone.conf [DEFAULT] secure_proxy_ssl_header`` configuration
    option was slated for removal in Pike and has now officially been removed.
    Please use ``oslo.middleware.http_proxy_to_wsgi`` instead.
+  - >
+    [`blueprint removed-as-of-stein <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-stein>`_]
+    The interface ``create_arguments_apply`` in token formatter payload has
+    been removed. The token payload now doesn't need to be force ordered any
+    more.