Move the token abstract base class out of core

This patch moves the token abstract base class out of core and
into providers/base.py, which is consistent with the other
backend drivers.

Change-Id: Icf22adb2ccfa0470bb61ceb7d6c90467f44da6c8
Closes-Bug: #1563101

doc/source/architecture.rst

@@ -174,7 +174,7 @@ directory as ``base.py``. The corresponding drivers for the services are:
 * :mod:`keystone.resource.backends.base.DomainConfigDriver`
 * :mod:`keystone.resource.backends.base.ResourceDriver`
 * :mod:`keystone.revoke.backends.base.RevokeDriver`
-* :mod:`keystone.token.backends.base.TokenDriver`
+* :mod:`keystone.token.providers.base.Provider`
 * :mod:`keystone.trust.backends.base.TrustDriver`
 
 If you implement a backend driver for one of the Keystone services, you're

keystone/token/provider.py

@@ -14,7 +14,6 @@
 
 """Token provider interface."""
 
-import abc
 import base64
 import datetime
 import sys
@@ -463,100 +462,3 @@ class Manager(manager.Manager):
         if CONF.token.cache_on_issue:
             # NOTE(amakarov): preserving behavior
             TOKENS_REGION.invalidate()
-
-
-@six.add_metaclass(abc.ABCMeta)
-class Provider(object):
-    """Interface description for a Token provider."""
-
-    @abc.abstractmethod
-    def needs_persistence(self):
-        """Determine if the token should be persisted.
-
-        If the token provider requires that the token be persisted to a
-        backend this should return True, otherwise return False.
-
-        """
-        raise exception.NotImplemented()  # pragma: no cover
-
-    @abc.abstractmethod
-    def get_token_version(self, token_data):
-        """Return the version of the given token data.
-
-        If the given token data is unrecognizable,
-        UnsupportedTokenVersionException is raised.
-
-        :param token_data: token_data
-        :type token_data: dict
-        :returns: token version string
-        :raises keystone.exception.UnsupportedTokenVersionException:
-            If the token version is not expected.
-        """
-        raise exception.NotImplemented()  # pragma: no cover
-
-    @abc.abstractmethod
-    def issue_v2_token(self, token_ref, roles_ref=None, catalog_ref=None):
-        """Issue a V2 token.
-
-        :param token_ref: token data to generate token from
-        :type token_ref: dict
-        :param roles_ref: optional roles list
-        :type roles_ref: dict
-        :param catalog_ref: optional catalog information
-        :type catalog_ref: dict
-        :returns: (token_id, token_data)
-        """
-        raise exception.NotImplemented()  # pragma: no cover
-
-    @abc.abstractmethod
-    def issue_v3_token(self, user_id, method_names, expires_at=None,
-                       project_id=None, domain_id=None, auth_context=None,
-                       trust=None, metadata_ref=None, include_catalog=True,
-                       parent_audit_id=None):
-        """Issue a V3 Token.
-
-        :param user_id: identity of the user
-        :type user_id: string
-        :param method_names: names of authentication methods
-        :type method_names: list
-        :param expires_at: optional time the token will expire
-        :type expires_at: string
-        :param project_id: optional project identity
-        :type project_id: string
-        :param domain_id: optional domain identity
-        :type domain_id: string
-        :param auth_context: optional context from the authorization plugins
-        :type auth_context: dict
-        :param trust: optional trust reference
-        :type trust: dict
-        :param metadata_ref: optional metadata reference
-        :type metadata_ref: dict
-        :param include_catalog: optional, include the catalog in token data
-        :type include_catalog: boolean
-        :param parent_audit_id: optional, the audit id of the parent token
-        :type parent_audit_id: string
-        :returns: (token_id, token_data)
-        """
-        raise exception.NotImplemented()  # pragma: no cover
-
-    @abc.abstractmethod
-    def validate_token(self, token_ref):
-        """Validate the given V3 token and return the token_data.
-
-        :param token_ref: the token reference
-        :type token_ref: dict
-        :returns: token data
-        :raises keystone.exception.TokenNotFound: If the token doesn't exist.
-        """
-        raise exception.NotImplemented()  # pragma: no cover
-
-    @abc.abstractmethod
-    def _get_token_id(self, token_data):
-        """Generate the token_id based upon the data in token_data.
-
-        :param token_data: token information
-        :type token_data: dict
-        :returns: token identifier
-        :rtype: six.text_type
-        """
-        raise exception.NotImplemented()  # pragma: no cover

keystone/token/providers/base.py

@@ -0,0 +1,116 @@
+# Copyright 2012 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import abc
+
+import six
+
+from keystone import exception
+
+
+@six.add_metaclass(abc.ABCMeta)
+class Provider(object):
+    """Interface description for a Token provider."""
+
+    @abc.abstractmethod
+    def needs_persistence(self):
+        """Determine if the token should be persisted.
+
+        If the token provider requires that the token be persisted to a
+        backend this should return True, otherwise return False.
+
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    @abc.abstractmethod
+    def get_token_version(self, token_data):
+        """Return the version of the given token data.
+
+        If the given token data is unrecognizable,
+        UnsupportedTokenVersionException is raised.
+
+        :param token_data: token_data
+        :type token_data: dict
+        :returns: token version string
+        :raises keystone.exception.UnsupportedTokenVersionException:
+            If the token version is not expected.
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    @abc.abstractmethod
+    def issue_v2_token(self, token_ref, roles_ref=None, catalog_ref=None):
+        """Issue a V2 token.
+
+        :param token_ref: token data to generate token from
+        :type token_ref: dict
+        :param roles_ref: optional roles list
+        :type roles_ref: dict
+        :param catalog_ref: optional catalog information
+        :type catalog_ref: dict
+        :returns: (token_id, token_data)
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    @abc.abstractmethod
+    def issue_v3_token(self, user_id, method_names, expires_at=None,
+                       project_id=None, domain_id=None, auth_context=None,
+                       trust=None, metadata_ref=None, include_catalog=True,
+                       parent_audit_id=None):
+        """Issue a V3 Token.
+
+        :param user_id: identity of the user
+        :type user_id: string
+        :param method_names: names of authentication methods
+        :type method_names: list
+        :param expires_at: optional time the token will expire
+        :type expires_at: string
+        :param project_id: optional project identity
+        :type project_id: string
+        :param domain_id: optional domain identity
+        :type domain_id: string
+        :param auth_context: optional context from the authorization plugins
+        :type auth_context: dict
+        :param trust: optional trust reference
+        :type trust: dict
+        :param metadata_ref: optional metadata reference
+        :type metadata_ref: dict
+        :param include_catalog: optional, include the catalog in token data
+        :type include_catalog: boolean
+        :param parent_audit_id: optional, the audit id of the parent token
+        :type parent_audit_id: string
+        :returns: (token_id, token_data)
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    @abc.abstractmethod
+    def validate_token(self, token_ref):
+        """Validate the given V3 token and return the token_data.
+
+        :param token_ref: the token reference
+        :type token_ref: dict
+        :returns: token data
+        :raises keystone.exception.TokenNotFound: If the token doesn't exist.
+        """
+        raise exception.NotImplemented()  # pragma: no cover
+
+    @abc.abstractmethod
+    def _get_token_id(self, token_data):
+        """Generate the token_id based upon the data in token_data.
+
+        :param token_data: token information
+        :type token_data: dict
+        :returns: token identifier
+        :rtype: six.text_type
+        """
+        raise exception.NotImplemented()  # pragma: no cover

keystone/token/providers/common.py

@@ -26,6 +26,7 @@ from keystone.federation import constants as federation_constants
 from keystone.i18n import _
 from keystone import token
 from keystone.token import provider
+from keystone.token.providers import base
 
 
 LOG = log.getLogger(__name__)
@@ -601,7 +602,7 @@ class V3TokenDataHelper(object):
 
 @dependency.requires('catalog_api', 'identity_api', 'oauth_api',
                      'resource_api', 'role_api', 'trust_api')
-class BaseProvider(provider.Provider):
+class BaseProvider(base.Provider):
     def __init__(self, *args, **kwargs):
         super(BaseProvider, self).__init__(*args, **kwargs)
         self.v3_token_data_helper = V3TokenDataHelper()

releasenotes/notes/move-token-provider-base-class-out-of-core-134df5b99ea48f00.yaml

@@ -0,0 +1,7 @@
+---
+other:
+  - >
+    The token provider driver interface has moved from
+    ``keystone.token.provider.Provider`` to ``keystone.token.providers.base.Provider``.
+    This is consistent with other backend drivers. If you have implemented a
+    custom token provider, you will want to subclass from the new location.