From 11848b2617cf47388ecfbcaefb72ddb88f1c0b58 Mon Sep 17 00:00:00 2001
From: Lance Bragstad <lbragstad@gmail.com>
Date: Mon, 29 Aug 2016 19:55:49 +0000
Subject: [PATCH] Remove unnecessary try/except from token provider

The validate_v2_token method previously had a try/except that would catch any
ValidationErrors and raise a NotFound along with logging an error message. It
turns out that there were no opportunities for a ValidationError to be raised
from within the validate_v2_token method, making the try/except unnecessary and
untested.

This patch removes the try/except completely.

Change-Id: I0277ae89c0f8551c7e795ec1331af7da06134102
---
 keystone/token/providers/common.py | 41 +++++++++++++-----------------
 1 file changed, 18 insertions(+), 23 deletions(-)

diff --git a/keystone/token/providers/common.py b/keystone/token/providers/common.py
index 22edd426f0..20400fa90b 100644
--- a/keystone/token/providers/common.py
+++ b/keystone/token/providers/common.py
@@ -23,7 +23,7 @@ from keystone.common import utils
 import keystone.conf
 from keystone import exception
 from keystone.federation import constants as federation_constants
-from keystone.i18n import _, _LE
+from keystone.i18n import _
 from keystone import token
 from keystone.token import provider
 
@@ -766,28 +766,23 @@ class BaseProvider(provider.Provider):
                     raise exception.Unauthorized(msg)
 
     def validate_v2_token(self, token_ref):
-        try:
-            self._assert_is_not_federation_token(token_ref)
-            self._assert_default_domain(token_ref)
-            # FIXME(gyee): performance or correctness? Should we return the
-            # cached token or reconstruct it? Obviously if we are going with
-            # the cached token, any role, project, or domain name changes
-            # will not be reflected. One may argue that with PKI tokens,
-            # we are essentially doing cached token validation anyway.
-            # Lets go with the cached token strategy. Since token
-            # management layer is now pluggable, one can always provide
-            # their own implementation to suit their needs.
-            token_data = token_ref.get('token_data')
-            token_id = token_ref['id']
-            if (self.get_token_version(token_data) != token.provider.V2):
-                # Validate the V3 token as V2
-                token_data = self.v2_token_data_helper.v3_to_v2_token(
-                    token_data, token_id)
-
-            return token_data
-        except exception.ValidationError:
-            LOG.exception(_LE('Failed to validate token'))
-            raise exception.TokenNotFound(token_id=token_id)
+        self._assert_is_not_federation_token(token_ref)
+        self._assert_default_domain(token_ref)
+        # FIXME(gyee): performance or correctness? Should we return the
+        # cached token or reconstruct it? Obviously if we are going with
+        # the cached token, any role, project, or domain name changes
+        # will not be reflected. One may argue that with PKI tokens,
+        # we are essentially doing cached token validation anyway.
+        # Lets go with the cached token strategy. Since token
+        # management layer is now pluggable, one can always provide
+        # their own implementation to suit their needs.
+        token_data = token_ref.get('token_data')
+        token_id = token_ref['id']
+        if (self.get_token_version(token_data) != token.provider.V2):
+            # Validate the V3 token as V2
+            token_data = self.v2_token_data_helper.v3_to_v2_token(
+                token_data, token_id)
+        return token_data
 
     def validate_non_persistent_token(self, token_id):
         try: