Remove id_hash column
Storing the token body in the database back end is expensive and not required. This removes the storage, as well as updates the Database schema Bug 1046023 Change-Id: Iee92ca7c2aeef04664883693b78ecfc1781fb335
This commit is contained in:
Adam Young
parent
103f692fd7
commit
a9ee611c43
@ -0,0 +1,43 @@
|
|||||||
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||||
|
|
||||||
|
# Copyright (c) 2012 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
from sqlalchemy import Column, MetaData, String, Table
|
||||||
|
|
||||||
|
|
||||||
|
def downgrade(migrate_engine):
|
||||||
|
meta = MetaData()
|
||||||
|
meta.bind = migrate_engine
|
||||||
|
token = Table('token', meta, autoload=True)
|
||||||
|
old_id_col = token.c.id
|
||||||
|
old_id_col.alter(name='id_hash')
|
||||||
|
# Note: We obtain a new metadata reference to avoid
|
||||||
|
# sqlalchemy.exc.ArgumentError:
|
||||||
|
# Trying to redefine primary-key column 'id' as a non-primary-key...
|
||||||
|
meta = MetaData()
|
||||||
|
meta.bind = migrate_engine
|
||||||
|
token = Table('token', meta, autoload=True)
|
||||||
|
new_id = Column("id", String(2048))
|
||||||
|
token.create_column(new_id)
|
||||||
|
|
||||||
|
|
||||||
|
def upgrade(migrate_engine):
|
||||||
|
meta = MetaData()
|
||||||
|
meta.bind = migrate_engine
|
||||||
|
token = Table('token', meta, autoload=True)
|
||||||
|
token.drop_column('id')
|
||||||
|
token = Table('token', meta, autoload=True)
|
||||||
|
id_col = token.c.id_hash
|
||||||
|
id_col.alter(name='id')
|
||||||
@ -376,18 +376,6 @@ class TokenController(wsgi.Application):
|
|||||||
% (user_id, tenant_id))
|
% (user_id, tenant_id))
|
||||||
raise exception.Unauthorized()
|
raise exception.Unauthorized()
|
||||||
|
|
||||||
# if the old token is sufficient unpack and return it
|
|
||||||
if (old_token_ref['tenant']
|
|
||||||
and tenant_id == old_token_ref['tenant']['id']
|
|
||||||
and len(old_token) > cms.UUID_TOKEN_LENGTH):
|
|
||||||
json_data = cms.verify_token(
|
|
||||||
old_token,
|
|
||||||
config.CONF.signing.certfile,
|
|
||||||
config.CONF.signing.ca_certs)
|
|
||||||
return_data = json.loads(json_data)
|
|
||||||
return_data['access']['token']['id'] = old_token
|
|
||||||
return return_data
|
|
||||||
|
|
||||||
expiry = old_token_ref['expires']
|
expiry = old_token_ref['expires']
|
||||||
try:
|
try:
|
||||||
tenant_ref = self.identity_api.get_tenant(context=context,
|
tenant_ref = self.identity_api.get_tenant(context=context,
|
||||||
|
|||||||
@ -27,8 +27,7 @@ from keystone import token
|
|||||||
|
|
||||||
class TokenModel(sql.ModelBase, sql.DictBase):
|
class TokenModel(sql.ModelBase, sql.DictBase):
|
||||||
__tablename__ = 'token'
|
__tablename__ = 'token'
|
||||||
id_hash = sql.Column(sql.String(64), primary_key=True)
|
id = sql.Column(sql.String(64), primary_key=True)
|
||||||
id = sql.Column(sql.String(1024))
|
|
||||||
expires = sql.Column(sql.DateTime(), default=None)
|
expires = sql.Column(sql.DateTime(), default=None)
|
||||||
extra = sql.Column(sql.JsonBlob())
|
extra = sql.Column(sql.JsonBlob())
|
||||||
valid = sql.Column(sql.Boolean(), default=True)
|
valid = sql.Column(sql.Boolean(), default=True)
|
||||||
@ -38,14 +37,13 @@ class TokenModel(sql.ModelBase, sql.DictBase):
|
|||||||
# shove any non-indexed properties into extra
|
# shove any non-indexed properties into extra
|
||||||
extra = copy.deepcopy(token_dict)
|
extra = copy.deepcopy(token_dict)
|
||||||
data = {}
|
data = {}
|
||||||
for k in ('id_hash', 'id', 'expires'):
|
for k in ('id', 'expires'):
|
||||||
data[k] = extra.pop(k, None)
|
data[k] = extra.pop(k, None)
|
||||||
data['extra'] = extra
|
data['extra'] = extra
|
||||||
return cls(**data)
|
return cls(**data)
|
||||||
|
|
||||||
def to_dict(self):
|
def to_dict(self):
|
||||||
out = copy.deepcopy(self.extra)
|
out = copy.deepcopy(self.extra)
|
||||||
out['id_hash'] = self.id
|
|
||||||
out['id'] = self.id
|
out['id'] = self.id
|
||||||
out['expires'] = self.expires
|
out['expires'] = self.expires
|
||||||
return out
|
return out
|
||||||
@ -56,7 +54,7 @@ class Token(sql.Base, token.Driver):
|
|||||||
def get_token(self, token_id):
|
def get_token(self, token_id):
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
token_ref = session.query(TokenModel)\
|
token_ref = session.query(TokenModel)\
|
||||||
.filter_by(id_hash=self.token_to_key(token_id),
|
.filter_by(id=self.token_to_key(token_id),
|
||||||
valid=True).first()
|
valid=True).first()
|
||||||
now = datetime.datetime.utcnow()
|
now = datetime.datetime.utcnow()
|
||||||
if token_ref and (not token_ref.expires or now < token_ref.expires):
|
if token_ref and (not token_ref.expires or now < token_ref.expires):
|
||||||
@ -78,7 +76,7 @@ class Token(sql.Base, token.Driver):
|
|||||||
data_copy['expires'] = self._get_default_expire_time()
|
data_copy['expires'] = self._get_default_expire_time()
|
||||||
|
|
||||||
token_ref = TokenModel.from_dict(data_copy)
|
token_ref = TokenModel.from_dict(data_copy)
|
||||||
token_ref.id_hash = self.token_to_key(token_id)
|
token_ref.id = self.token_to_key(token_id)
|
||||||
token_ref.valid = True
|
token_ref.valid = True
|
||||||
session = self.get_session()
|
session = self.get_session()
|
||||||
with session.begin():
|
with session.begin():
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user