Log warning when using token_flush

The `keystone-manage token_flush` command was useful when we
supported token format that were actually written to disk. Now that
keystone has moved towards formats that don't require physical
storage in the name of scalability, we no longer need the
token_flush utility.

This commit logs a warning when using `keystone-manage token_flush`
so that people are aware they don't need to use it anymore if they
are using supported upstream non-persistent token providers.

Change-Id: I14d1e8a3ae367c8f13b6819a1a216f3f8f6b001a
Closes-Bug: 1759289
This commit is contained in:
Lance Bragstad 2018-03-27 15:18:50 +00:00
parent 00bb230704
commit 9ca374091b
3 changed files with 35 additions and 10 deletions

View File

@ -39,7 +39,6 @@ from keystone.federation import idp
from keystone.federation import utils as mapping_engine
from keystone.i18n import _
from keystone.server import backends
from keystone import token
CONF = keystone.conf.CONF
@ -886,15 +885,14 @@ class TokenFlush(BaseApp):
@classmethod
def main(cls):
token_manager = token.persistence.PersistenceManager()
try:
token_manager.flush_expired_tokens()
except exception.NotImplemented:
# NOTE(ravelar159): Stop NotImplemented from unsupported token
# driver when using token_flush and print out warning instead
LOG.warning('Token driver %s does not support token_flush. '
'The token_flush command had no effect.',
CONF.token.driver)
LOG.warning(
'This command is deprecated and no longer needed with the '
'development of non-persistent token formats. It will be removed '
'in Stein. It is recommended that you remove usage of this '
'command or integrate it\'s functionality into a separate tool if '
'you are using an out-of-tree provider that relies on persistent '
'token storage.'
)
class MappingPurge(BaseApp):

View File

@ -1385,3 +1385,20 @@ class TestMappingPurge(unit.SQLDriverOverrides, unit.BaseTestCase):
args.append('--public-id')
args.append(uuid.uuid4().hex)
self.parser.parse_args(args)
class TestTokenFlush(unit.TestCase):
def test_token_flush_emits_warning(self):
expected_msg = (
'This command is deprecated and no longer needed with the '
'development of non-persistent token formats. It will be removed '
'in Stein. It is recommended that you remove usage of this '
'command or integrate it\'s functionality into a separate tool if '
'you are using an out-of-tree provider that relies on persistent '
'token storage.'
)
logging = self.useFixture(fixtures.FakeLogger())
tf = cli.TokenFlush()
tf.main()
self.assertThat(logging.output, matchers.Contains(expected_msg))

View File

@ -0,0 +1,10 @@
---
fixes:
- |
[`bug 1759289 <https://bugs.launchpad.net/keystone/+bug/1759289>`_]
The ``keystone-manage token_flush`` command no longer establishes a
connection to a database, or persistence backend. It's usage should be
removed if you're using a supported non-persistent token format. If you're
relying on external token providers that write tokens to disk and would
like to maintain this functionality, please consider porting it to a
separate tool.