Remove id_hash column

Storing the token body in the database back end is expensive and not required. This removes the storage, as well as updates the Database schema Bug 1046023 Change-Id: Iee92ca7c2aeef04664883693b78ecfc1781fb335
2012-09-04 16:20:37 -04:00 · 2012-09-04 16:20:37 -04:00 · a9ee611c43
commit a9ee611c43
parent 103f692fd7
3 changed files with 47 additions and 18 deletions
--- a/keystone/common/sql/migrate_repo/versions/004_undo_token_id_hash.py
+++ b/keystone/common/sql/migrate_repo/versions/004_undo_token_id_hash.py
@ -0,0 +1,43 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 Red Hat, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from sqlalchemy import Column, MetaData, String, Table
+
+
+def downgrade(migrate_engine):
+    meta = MetaData()
+    meta.bind = migrate_engine
+    token = Table('token', meta, autoload=True)
+    old_id_col = token.c.id
+    old_id_col.alter(name='id_hash')
+    # Note: We obtain a new metadata reference to avoid
+    # sqlalchemy.exc.ArgumentError:
+    # Trying to redefine primary-key column 'id' as a non-primary-key...
+    meta = MetaData()
+    meta.bind = migrate_engine
+    token = Table('token', meta, autoload=True)
+    new_id = Column("id", String(2048))
+    token.create_column(new_id)
+
+
+def upgrade(migrate_engine):
+    meta = MetaData()
+    meta.bind = migrate_engine
+    token = Table('token', meta, autoload=True)
+    token.drop_column('id')
+    token = Table('token', meta, autoload=True)
+    id_col = token.c.id_hash
+    id_col.alter(name='id')
--- a/keystone/service.py
+++ b/keystone/service.py
@ -376,18 +376,6 @@ class TokenController(wsgi.Application):
                                % (user_id, tenant_id))
                    raise exception.Unauthorized()

-                # if the old token is sufficient unpack and return it
-                if (old_token_ref['tenant']
-                        and tenant_id == old_token_ref['tenant']['id']
-                        and len(old_token) > cms.UUID_TOKEN_LENGTH):
-                    json_data = cms.verify_token(
-                        old_token,
-                        config.CONF.signing.certfile,
-                        config.CONF.signing.ca_certs)
-                    return_data = json.loads(json_data)
-                    return_data['access']['token']['id'] = old_token
-                    return return_data
-
            expiry = old_token_ref['expires']
            try:
                tenant_ref = self.identity_api.get_tenant(context=context,
--- a/keystone/token/backends/sql.py
+++ b/keystone/token/backends/sql.py
@ -27,8 +27,7 @@ from keystone import token

 class TokenModel(sql.ModelBase, sql.DictBase):
    __tablename__ = 'token'
-    id_hash = sql.Column(sql.String(64), primary_key=True)
-    id = sql.Column(sql.String(1024))
+    id = sql.Column(sql.String(64), primary_key=True)
    expires = sql.Column(sql.DateTime(), default=None)
    extra = sql.Column(sql.JsonBlob())
    valid = sql.Column(sql.Boolean(), default=True)
@ -38,14 +37,13 @@ class TokenModel(sql.ModelBase, sql.DictBase):
        # shove any non-indexed properties into extra
        extra = copy.deepcopy(token_dict)
        data = {}
-        for k in ('id_hash', 'id', 'expires'):
+        for k in ('id', 'expires'):
            data[k] = extra.pop(k, None)
        data['extra'] = extra
        return cls(**data)

    def to_dict(self):
        out = copy.deepcopy(self.extra)
-        out['id_hash'] = self.id
        out['id'] = self.id
        out['expires'] = self.expires
        return out
@ -56,7 +54,7 @@ class Token(sql.Base, token.Driver):
    def get_token(self, token_id):
        session = self.get_session()
        token_ref = session.query(TokenModel)\
-            .filter_by(id_hash=self.token_to_key(token_id),
+            .filter_by(id=self.token_to_key(token_id),
                       valid=True).first()
        now = datetime.datetime.utcnow()
        if token_ref and (not token_ref.expires or now < token_ref.expires):
@ -78,7 +76,7 @@ class Token(sql.Base, token.Driver):
            data_copy['expires'] = self._get_default_expire_time()

        token_ref = TokenModel.from_dict(data_copy)
-        token_ref.id_hash = self.token_to_key(token_id)
+        token_ref.id = self.token_to_key(token_id)
        token_ref.valid = True
        session = self.get_session()
        with session.begin():