Log warning when using token_flush

The `keystone-manage token_flush` command was useful when we supported token format that were actually written to disk. Now that keystone has moved towards formats that don't require physical storage in the name of scalability, we no longer need the token_flush utility. This commit logs a warning when using `keystone-manage token_flush` so that people are aware they don't need to use it anymore if they are using supported upstream non-persistent token providers. Change-Id: I14d1e8a3ae367c8f13b6819a1a216f3f8f6b001a Closes-Bug: 1759289
2018-03-27 15:18:50 +00:00 · 2018-03-27 15:18:50 +00:00 · 9ca374091b
commit 9ca374091b
parent 00bb230704
3 changed files with 35 additions and 10 deletions
--- a/keystone/cmd/cli.py
+++ b/keystone/cmd/cli.py
@ -39,7 +39,6 @@ from keystone.federation import idp
 from keystone.federation import utils as mapping_engine
 from keystone.i18n import _
 from keystone.server import backends
-from keystone import token


 CONF = keystone.conf.CONF
@ -886,15 +885,14 @@ class TokenFlush(BaseApp):

    @classmethod
    def main(cls):
-        token_manager = token.persistence.PersistenceManager()
-        try:
-            token_manager.flush_expired_tokens()
-        except exception.NotImplemented:
-            # NOTE(ravelar159): Stop NotImplemented from unsupported token
-            # driver when using token_flush and print out warning instead
-            LOG.warning('Token driver %s does not support token_flush. '
-                        'The token_flush command had no effect.',
-                        CONF.token.driver)
+        LOG.warning(
+            'This command is deprecated and no longer needed with the '
+            'development of non-persistent token formats. It will be removed '
+            'in Stein. It is recommended that you remove usage of this '
+            'command or integrate it\'s functionality into a separate tool if '
+            'you are using an out-of-tree provider that relies on persistent '
+            'token storage.'
+        )


 class MappingPurge(BaseApp):
--- a/keystone/tests/unit/test_cli.py
+++ b/keystone/tests/unit/test_cli.py
@ -1385,3 +1385,20 @@ class TestMappingPurge(unit.SQLDriverOverrides, unit.BaseTestCase):
        args.append('--public-id')
        args.append(uuid.uuid4().hex)
        self.parser.parse_args(args)
+
+
+class TestTokenFlush(unit.TestCase):
+
+    def test_token_flush_emits_warning(self):
+        expected_msg = (
+            'This command is deprecated and no longer needed with the '
+            'development of non-persistent token formats. It will be removed '
+            'in Stein. It is recommended that you remove usage of this '
+            'command or integrate it\'s functionality into a separate tool if '
+            'you are using an out-of-tree provider that relies on persistent '
+            'token storage.'
+        )
+        logging = self.useFixture(fixtures.FakeLogger())
+        tf = cli.TokenFlush()
+        tf.main()
+        self.assertThat(logging.output, matchers.Contains(expected_msg))
--- a/releasenotes/notes/bug-1759289-466cdf4514de3498.yaml
+++ b/releasenotes/notes/bug-1759289-466cdf4514de3498.yaml
@ -0,0 +1,10 @@
+---
+fixes:
+  - |
+    [`bug 1759289 <https://bugs.launchpad.net/keystone/+bug/1759289>`_]
+    The ``keystone-manage token_flush`` command no longer establishes a
+    connection to a database, or persistence backend. It's usage should be
+    removed if you're using a supported non-persistent token format. If you're
+    relying on external token providers that write tokens to disk and would
+    like to maintain this functionality, please consider porting it to a
+    separate tool.