Remove deprecated methods and functions in token subsystem
Remove the deprecated methods and functions from the token subsystem that were slated for removal in Kilo. Change-Id: I1d3b85095d12138fa75ee1e1909b0cf932ead174 bp: removed-as-of-kilo
This commit is contained in:
parent
8d8e56212b
commit
4de1e850bd
|
@ -13,7 +13,6 @@
|
|||
# under the License.
|
||||
|
||||
from keystone.token import controllers # noqa
|
||||
from keystone.token.core import * # noqa
|
||||
from keystone.token import persistence # noqa
|
||||
from keystone.token import provider # noqa
|
||||
from keystone.token import routers # noqa
|
||||
|
|
|
@ -1,105 +0,0 @@
|
|||
# Copyright 2012 OpenStack Foundation
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
"""Main entry point into the Token service."""
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
|
||||
from keystone import exception
|
||||
from keystone.i18n import _
|
||||
from keystone.openstack.common import versionutils
|
||||
from keystone.token import persistence
|
||||
from keystone.token import provider
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
LOG = log.getLogger(__name__)
|
||||
|
||||
|
||||
@versionutils.deprecated(
|
||||
as_of=versionutils.deprecated.JUNO,
|
||||
in_favor_of='keystone.token.provider.default_expire_time',
|
||||
what='keystone.token.default_expire_time',
|
||||
remove_in=+1)
|
||||
def default_expire_time():
|
||||
return provider.default_expire_time()
|
||||
|
||||
|
||||
@versionutils.deprecated(as_of=versionutils.deprecated.JUNO,
|
||||
what='keystone.token.core.validate_auth_info',
|
||||
remove_in=+1)
|
||||
def validate_auth_info(self, user_ref, tenant_ref):
|
||||
"""Validate user and tenant auth info.
|
||||
|
||||
Validate the user and tenant auth info in order to ensure that user and
|
||||
tenant information is valid and not disabled.
|
||||
|
||||
Consolidate the checks here to ensure consistency between token auth and
|
||||
ec2 auth.
|
||||
|
||||
:params user_ref: the authenticating user
|
||||
:params tenant_ref: the scope of authorization, if any
|
||||
:raises Unauthorized: if any of the user, user's domain, tenant or
|
||||
tenant's domain are either disabled or otherwise invalid
|
||||
"""
|
||||
# If the user is disabled don't allow them to authenticate
|
||||
if not user_ref.get('enabled', True):
|
||||
msg = _('User is disabled: %s') % user_ref['id']
|
||||
LOG.warning(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
|
||||
# If the user's domain is disabled don't allow them to authenticate
|
||||
user_domain_ref = self.resource_api.get_domain(
|
||||
user_ref['domain_id'])
|
||||
if user_domain_ref and not user_domain_ref.get('enabled', True):
|
||||
msg = _('Domain is disabled: %s') % user_domain_ref['id']
|
||||
LOG.warning(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
|
||||
if tenant_ref:
|
||||
# If the project is disabled don't allow them to authenticate
|
||||
if not tenant_ref.get('enabled', True):
|
||||
msg = _('Tenant is disabled: %s') % tenant_ref['id']
|
||||
LOG.warning(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
|
||||
# If the project's domain is disabled don't allow them to authenticate
|
||||
project_domain_ref = self.resource_api.get_domain(
|
||||
tenant_ref['domain_id'])
|
||||
if (project_domain_ref and
|
||||
not project_domain_ref.get('enabled', True)):
|
||||
msg = _('Domain is disabled: %s') % project_domain_ref['id']
|
||||
LOG.warning(msg)
|
||||
raise exception.Unauthorized(msg)
|
||||
|
||||
|
||||
class Manager(persistence.Manager):
|
||||
@versionutils.deprecated(
|
||||
versionutils.deprecated.JUNO,
|
||||
in_favor_of='keystone.token.persistence.Manager',
|
||||
remove_in=+1,
|
||||
what='keystone.token.core.Manager')
|
||||
def __init__(self):
|
||||
super(Manager, self).__init__()
|
||||
|
||||
|
||||
class Driver(persistence.Driver):
|
||||
@versionutils.deprecated(
|
||||
versionutils.deprecated.JUNO,
|
||||
in_favor_of='keystone.token.persistence.Driver',
|
||||
remove_in=+1,
|
||||
what='keystone.token.core.Driver')
|
||||
def __init__(self):
|
||||
super(Driver, self).__init__()
|
|
@ -27,7 +27,6 @@ from keystone.common import dependency
|
|||
from keystone.common import manager
|
||||
from keystone import exception
|
||||
from keystone.i18n import _LW
|
||||
from keystone.openstack.common import versionutils
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
@ -52,13 +51,6 @@ class PersistenceManager(manager.Manager):
|
|||
def __init__(self):
|
||||
super(PersistenceManager, self).__init__(CONF.token.driver)
|
||||
|
||||
@versionutils.deprecated(as_of=versionutils.deprecated.JUNO,
|
||||
in_favor_of='token_provider_api.unique_id',
|
||||
remove_in=+1,
|
||||
what='token_api.unique_id')
|
||||
def unique_id(self, token_id):
|
||||
return self.token_provider_api.unique_id(token_id)
|
||||
|
||||
def _assert_valid(self, token_id, token_ref):
|
||||
"""Raise TokenNotFound if the token is expired."""
|
||||
current_time = timeutils.normalize_time(timeutils.utcnow())
|
||||
|
|
|
@ -33,7 +33,6 @@ from keystone import exception
|
|||
from keystone.i18n import _, _LE
|
||||
from keystone.models import token_model
|
||||
from keystone import notifications
|
||||
from keystone.openstack.common import versionutils
|
||||
from keystone.token import persistence
|
||||
|
||||
|
||||
|
@ -230,41 +229,6 @@ class Manager(manager.Manager):
|
|||
self._is_valid_token(token)
|
||||
return token
|
||||
|
||||
@versionutils.deprecated(
|
||||
as_of=versionutils.deprecated.JUNO,
|
||||
what='token_provider_api.check_v2_token',
|
||||
in_favor_of='token_provider_api.validate_v2_token',
|
||||
remove_in=+1)
|
||||
def check_v2_token(self, token_id, belongs_to=None):
|
||||
"""Check the validity of the given V2 token.
|
||||
|
||||
:param token_id: identity of the token
|
||||
:param belongs_to: optional identity of the scoped project
|
||||
:returns: None
|
||||
:raises: keystone.exception.Unauthorized
|
||||
"""
|
||||
# NOTE(morganfainberg): Ensure we never use the long-form token_id
|
||||
# (PKI) as part of the cache_key.
|
||||
unique_id = self.unique_id(token_id)
|
||||
self.validate_v2_token(unique_id, belongs_to=belongs_to)
|
||||
|
||||
@versionutils.deprecated(
|
||||
as_of=versionutils.deprecated.JUNO,
|
||||
what='token_provider_api.check_v3_token',
|
||||
in_favor_of='token_provider_api.validate_v3_token',
|
||||
remove_in=+1)
|
||||
def check_v3_token(self, token_id):
|
||||
"""Check the validity of the given V3 token.
|
||||
|
||||
:param token_id: identity of the token
|
||||
:returns: None
|
||||
:raises: keystone.exception.Unauthorized
|
||||
"""
|
||||
# NOTE(morganfainberg): Ensure we never use the long-form token_id
|
||||
# (PKI) as part of the cache_key.
|
||||
unique_id = self.unique_id(token_id)
|
||||
self.validate_v3_token(unique_id)
|
||||
|
||||
@cache.on_arguments(should_cache_fn=SHOULD_CACHE,
|
||||
expiration_time=EXPIRATION_TIME)
|
||||
def _validate_token(self, token_id):
|
||||
|
|
Loading…
Reference in New Issue