openstack
/
keystone
Code Issues Proposed changes

Remove issue_v3_token in favor of issue_token 

Since we don't have a reason to hold on to a version specific
token method name, we can rename it to be just issue_token.

Now the token provider interface has two intergral methods,
validate_token and issue_token. From a third-party perspective, this
makes it easier to maintain a proprietary token provider since it
eliminates a lot of version specific things from the provider
implementation. From a keystone perspective, we are isolating the
numerous token validation and issuance paths to a since route. This
will make understanding the code easier for other developers and
eventually easier to optimize.

Change-Id: I71a04b42e931338b8bd59e479636b6199c7c2d76
This commit is contained in:
Lance Bragstad 2016-10-14 22:08:42 +00:00
parent dd1e705853
commit c0c23fd9df
11 changed files with 40 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
keystone/auth/controllers.py
View File

@ -411,13 +411,13 @@ class Auth(controller.V3Controller):
method_names = list(set(method_names))
expires_at = auth_context.get('expires_at')
# NOTE(morganfainberg): define this here so it is clear what the
# argument is during the issue_v3_token provider call.
# argument is during the issue_token provider call.
metadata_ref = None
token_audit_id = auth_context.get('audit_id')
is_domain = auth_context.get('is_domain')
(token_id, token_data) = self.token_provider_api.issue_v3_token(
(token_id, token_data) = self.token_provider_api.issue_token(
auth_context['user_id'], method_names, expires_at, project_id,
is_domain, domain_id, auth_context, trust, metadata_ref,
include_catalog, parent_audit_id=token_audit_id)

2
keystone/contrib/ec2/controllers.py
View File

@ -383,7 +383,7 @@ class Ec2ControllerV3(Ec2ControllerCommon, controller.V3Controller):
method_names = ['ec2credential']
token_id, token_data = self.token_provider_api.issue_v3_token(
token_id, token_data = self.token_provider_api.issue_token(
user_ref['id'], method_names, project_id=project_ref['id'],
metadata_ref=metadata_ref)
return render_token_data_response(token_id, token_data)

4
keystone/tests/unit/token/test_backends.py
View File

@ -391,7 +391,7 @@ class TokenCacheInvalidation(object):
time = datetime.datetime.utcnow()
with freezegun.freeze_time(time) as frozen_datetime:
# Create an equivalent of a scoped token
token_id, data = self.token_provider_api.issue_v3_token(
token_id, data = self.token_provider_api.issue_token(
self.user_foo['id'],
['password'],
project_id=self.tenant_bar['id']
@ -399,7 +399,7 @@ class TokenCacheInvalidation(object):
self.scoped_token_id = token_id
# ..and an un-scoped one
token_id, data = self.token_provider_api.issue_v3_token(
token_id, data = self.token_provider_api.issue_token(
self.user_foo['id'],
['password']
)

6
keystone/tests/unit/token/test_fernet_provider.py
View File

@ -101,7 +101,7 @@ class TestValidate(unit.TestCase):
user_ref = self.identity_api.create_user(user_ref)
method_names = ['password']
token_id, token_data_ = self.token_provider_api.issue_v3_token(
token_id, token_data_ = self.token_provider_api.issue_token(
user_ref['id'], method_names)
token_data = self.token_provider_api.validate_token(token_id)
@ -144,7 +144,7 @@ class TestValidate(unit.TestCase):
federation_constants.IDENTITY_PROVIDER: identity_provider,
federation_constants.PROTOCOL: protocol,
}
token_id, token_data_ = self.token_provider_api.issue_v3_token(
token_id, token_data_ = self.token_provider_api.issue_token(
user_ref['id'], method_names, auth_context=auth_context)
token_data = self.token_provider_api.validate_token(token_id)
@ -201,7 +201,7 @@ class TestValidate(unit.TestCase):
method_names = ['password']
token_id, token_data_ = self.token_provider_api.issue_v3_token(
token_id, token_data_ = self.token_provider_api.issue_token(
user_ref['id'], method_names, project_id=project_ref['id'],
trust=trust_ref)

2
keystone/token/controllers.py
View File

@ -143,7 +143,7 @@ class Auth(controller.V2Controller):
if CONF.trust.enabled and 'trust_id' in auth:
trust_ref = self.trust_api.get_trust(auth['trust_id'])
(token_id, token_data) = self.token_provider_api.issue_v3_token(
(token_id, token_data) = self.token_provider_api.issue_token(
user_ref['id'], ['password'], expires_at=expiry,
project_id=project_id, trust=trust_ref, parent_audit_id=audit_id,
auth_context=auth_context)

10
keystone/token/provider.py
View File

@ -206,11 +206,11 @@ class Manager(manager.Manager):
else:
raise exception.TokenNotFound(_('Failed to validate token'))
def issue_v3_token(self, user_id, method_names, expires_at=None,
project_id=None, is_domain=False, domain_id=None,
auth_context=None, trust=None, metadata_ref=None,
include_catalog=True, parent_audit_id=None):
token_id, token_data = self.driver.issue_v3_token(
def issue_token(self, user_id, method_names, expires_at=None,
project_id=None, is_domain=False, domain_id=None,
auth_context=None, trust=None, metadata_ref=None,
include_catalog=True, parent_audit_id=None):
token_id, token_data = self.driver.issue_token(
user_id, method_names, expires_at, project_id, domain_id,
auth_context, trust, metadata_ref, include_catalog,
parent_audit_id)

8
keystone/token/providers/base.py
View File

@ -49,10 +49,10 @@ class Provider(object):
raise exception.NotImplemented() # pragma: no cover
@abc.abstractmethod
def issue_v3_token(self, user_id, method_names, expires_at=None,
project_id=None, domain_id=None, auth_context=None,
trust=None, metadata_ref=None, include_catalog=True,
parent_audit_id=None):
def issue_token(self, user_id, method_names, expires_at=None,
project_id=None, domain_id=None, auth_context=None,
trust=None, metadata_ref=None, include_catalog=True,
parent_audit_id=None):
"""Issue a V3 Token.
:param user_id: identity of the user

8
keystone/token/providers/common.py
View File

@ -679,10 +679,10 @@ class BaseProvider(base.Provider):
return (federation_constants.IDENTITY_PROVIDER in auth_context and
federation_constants.PROTOCOL in auth_context)
def issue_v3_token(self, user_id, method_names, expires_at=None,
project_id=None, domain_id=None, auth_context=None,
trust=None, metadata_ref=None, include_catalog=True,
parent_audit_id=None):
def issue_token(self, user_id, method_names, expires_at=None,
project_id=None, domain_id=None, auth_context=None,
trust=None, metadata_ref=None, include_catalog=True,
parent_audit_id=None):
if auth_context and auth_context.get('bind'):
# NOTE(lbragstad): Check if the token provider being used actually
# supports bind authentication methods before proceeding.

4
keystone/token/providers/fernet/core.py
View File

@ -50,8 +50,8 @@ class Provider(common.BaseProvider):
"""Should the token be written to a backend."""
return False
def issue_v3_token(self, *args, **kwargs):
token_id, token_data = super(Provider, self).issue_v3_token(
def issue_token(self, *args, **kwargs):
token_id, token_data = super(Provider, self).issue_token(
*args, **kwargs)
self._build_issued_at_info(token_id, token_data)
return token_id, token_data

2
keystone/v2_crud/user_crud.py
View File

@ -94,7 +94,7 @@ class UserController(identity.controllers.User):
import time
time.sleep(1)
new_token_id, new_token_data = self.token_provider_api.issue_v3_token(
new_token_id, new_token_data = self.token_provider_api.issue_token(
token_ref.user_id, token_ref.methods,
project_id=token_ref.project_id,
parent_audit_id=token_ref.audit_chain_id)

15
releasenotes/notes/remove-issue-v3-token-method-98f58e9e494885cb.yaml Normal file
View File

@ -0,0 +1,15 @@
---
upgrade:
- The ``issue_v3_token()`` method has been removed
from the token provider interface. The token provider
API now uses a single create token method, ``issue_token``
and translates v3 token responses to v2 format when
needed. Having ``issue_v3_token()`` defined with the
Ocata codebase will fail since the interface no longer
includes that method. Please take this into consideration
and plan accordingly if you're maintaining a custom token
provider.
critical:
- If writing a custom token provider, see the upgrade
section about the removal of the ``issue_v3_token()``
method.