Remove issue_v3_token in favor of issue_token

Since we don't have a reason to hold on to a version specific
token method name, we can rename it to be just issue_token.

Now the token provider interface has two intergral methods,
validate_token and issue_token. From a third-party perspective, this
makes it easier to maintain a proprietary token provider since it
eliminates a lot of version specific things from the provider
implementation. From a keystone perspective, we are isolating the
numerous token validation and issuance paths to a since route. This
will make understanding the code easier for other developers and
eventually easier to optimize.

Change-Id: I71a04b42e931338b8bd59e479636b6199c7c2d76

keystone/auth/controllers.py

@@ -411,13 +411,13 @@ class Auth(controller.V3Controller):
             method_names = list(set(method_names))
             expires_at = auth_context.get('expires_at')
             # NOTE(morganfainberg): define this here so it is clear what the
-            # argument is during the issue_v3_token provider call.
+            # argument is during the issue_token provider call.
             metadata_ref = None
 
             token_audit_id = auth_context.get('audit_id')
 
             is_domain = auth_context.get('is_domain')
-            (token_id, token_data) = self.token_provider_api.issue_v3_token(
+            (token_id, token_data) = self.token_provider_api.issue_token(
                 auth_context['user_id'], method_names, expires_at, project_id,
                 is_domain, domain_id, auth_context, trust, metadata_ref,
                 include_catalog, parent_audit_id=token_audit_id)

keystone/contrib/ec2/controllers.py

@@ -383,7 +383,7 @@ class Ec2ControllerV3(Ec2ControllerCommon, controller.V3Controller):
 
         method_names = ['ec2credential']
 
-        token_id, token_data = self.token_provider_api.issue_v3_token(
+        token_id, token_data = self.token_provider_api.issue_token(
             user_ref['id'], method_names, project_id=project_ref['id'],
             metadata_ref=metadata_ref)
         return render_token_data_response(token_id, token_data)

keystone/tests/unit/token/test_backends.py

@@ -391,7 +391,7 @@ class TokenCacheInvalidation(object):
         time = datetime.datetime.utcnow()
         with freezegun.freeze_time(time) as frozen_datetime:
             # Create an equivalent of a scoped token
-            token_id, data = self.token_provider_api.issue_v3_token(
+            token_id, data = self.token_provider_api.issue_token(
                 self.user_foo['id'],
                 ['password'],
                 project_id=self.tenant_bar['id']
@@ -399,7 +399,7 @@ class TokenCacheInvalidation(object):
             self.scoped_token_id = token_id
 
             # ..and an un-scoped one
-            token_id, data = self.token_provider_api.issue_v3_token(
+            token_id, data = self.token_provider_api.issue_token(
                 self.user_foo['id'],
                 ['password']
             )

keystone/tests/unit/token/test_fernet_provider.py

@@ -101,7 +101,7 @@ class TestValidate(unit.TestCase):
         user_ref = self.identity_api.create_user(user_ref)
 
         method_names = ['password']
-        token_id, token_data_ = self.token_provider_api.issue_v3_token(
+        token_id, token_data_ = self.token_provider_api.issue_token(
             user_ref['id'], method_names)
 
         token_data = self.token_provider_api.validate_token(token_id)
@@ -144,7 +144,7 @@ class TestValidate(unit.TestCase):
             federation_constants.IDENTITY_PROVIDER: identity_provider,
             federation_constants.PROTOCOL: protocol,
         }
-        token_id, token_data_ = self.token_provider_api.issue_v3_token(
+        token_id, token_data_ = self.token_provider_api.issue_token(
             user_ref['id'], method_names, auth_context=auth_context)
 
         token_data = self.token_provider_api.validate_token(token_id)
@@ -201,7 +201,7 @@ class TestValidate(unit.TestCase):
 
         method_names = ['password']
 
-        token_id, token_data_ = self.token_provider_api.issue_v3_token(
+        token_id, token_data_ = self.token_provider_api.issue_token(
             user_ref['id'], method_names, project_id=project_ref['id'],
             trust=trust_ref)
 

keystone/token/controllers.py

@@ -143,7 +143,7 @@ class Auth(controller.V2Controller):
         if CONF.trust.enabled and 'trust_id' in auth:
             trust_ref = self.trust_api.get_trust(auth['trust_id'])
 
-        (token_id, token_data) = self.token_provider_api.issue_v3_token(
+        (token_id, token_data) = self.token_provider_api.issue_token(
             user_ref['id'], ['password'], expires_at=expiry,
             project_id=project_id, trust=trust_ref, parent_audit_id=audit_id,
             auth_context=auth_context)

keystone/token/provider.py

@@ -206,11 +206,11 @@ class Manager(manager.Manager):
         else:
             raise exception.TokenNotFound(_('Failed to validate token'))
 
-    def issue_v3_token(self, user_id, method_names, expires_at=None,
-                       project_id=None, is_domain=False, domain_id=None,
-                       auth_context=None, trust=None, metadata_ref=None,
-                       include_catalog=True, parent_audit_id=None):
-        token_id, token_data = self.driver.issue_v3_token(
+    def issue_token(self, user_id, method_names, expires_at=None,
+                    project_id=None, is_domain=False, domain_id=None,
+                    auth_context=None, trust=None, metadata_ref=None,
+                    include_catalog=True, parent_audit_id=None):
+        token_id, token_data = self.driver.issue_token(
             user_id, method_names, expires_at, project_id, domain_id,
             auth_context, trust, metadata_ref, include_catalog,
             parent_audit_id)

keystone/token/providers/base.py

@@ -49,10 +49,10 @@ class Provider(object):
         raise exception.NotImplemented()  # pragma: no cover
 
     @abc.abstractmethod
-    def issue_v3_token(self, user_id, method_names, expires_at=None,
-                       project_id=None, domain_id=None, auth_context=None,
-                       trust=None, metadata_ref=None, include_catalog=True,
-                       parent_audit_id=None):
+    def issue_token(self, user_id, method_names, expires_at=None,
+                    project_id=None, domain_id=None, auth_context=None,
+                    trust=None, metadata_ref=None, include_catalog=True,
+                    parent_audit_id=None):
         """Issue a V3 Token.
 
         :param user_id: identity of the user

keystone/token/providers/common.py

@@ -679,10 +679,10 @@ class BaseProvider(base.Provider):
         return (federation_constants.IDENTITY_PROVIDER in auth_context and
                 federation_constants.PROTOCOL in auth_context)
 
-    def issue_v3_token(self, user_id, method_names, expires_at=None,
-                       project_id=None, domain_id=None, auth_context=None,
-                       trust=None, metadata_ref=None, include_catalog=True,
-                       parent_audit_id=None):
+    def issue_token(self, user_id, method_names, expires_at=None,
+                    project_id=None, domain_id=None, auth_context=None,
+                    trust=None, metadata_ref=None, include_catalog=True,
+                    parent_audit_id=None):
         if auth_context and auth_context.get('bind'):
             # NOTE(lbragstad): Check if the token provider being used actually
             # supports bind authentication methods before proceeding.

keystone/token/providers/fernet/core.py

@@ -50,8 +50,8 @@ class Provider(common.BaseProvider):
         """Should the token be written to a backend."""
         return False
 
-    def issue_v3_token(self, *args, **kwargs):
-        token_id, token_data = super(Provider, self).issue_v3_token(
+    def issue_token(self, *args, **kwargs):
+        token_id, token_data = super(Provider, self).issue_token(
             *args, **kwargs)
         self._build_issued_at_info(token_id, token_data)
         return token_id, token_data

keystone/v2_crud/user_crud.py

@@ -94,7 +94,7 @@ class UserController(identity.controllers.User):
         import time
         time.sleep(1)
 
-        new_token_id, new_token_data = self.token_provider_api.issue_v3_token(
+        new_token_id, new_token_data = self.token_provider_api.issue_token(
             token_ref.user_id, token_ref.methods,
             project_id=token_ref.project_id,
             parent_audit_id=token_ref.audit_chain_id)

releasenotes/notes/remove-issue-v3-token-method-98f58e9e494885cb.yaml

@@ -0,0 +1,15 @@
+---
+upgrade:
+  - The ``issue_v3_token()`` method has been removed
+    from the token provider interface. The token provider
+    API now uses a single create token method, ``issue_token``
+    and translates v3 token responses to v2 format when
+    needed. Having ``issue_v3_token()`` defined with the
+    Ocata codebase will fail since the interface no longer
+    includes that method. Please take this into consideration
+    and plan accordingly if you're maintaining a custom token
+    provider.
+critical:
+  - If writing a custom token provider, see the upgrade
+    section about the removal of the ``issue_v3_token()``
+    method.