Check token_format for default token providers only.

Ignore token_format check if the configured token provider is not one of Keystone default token providers. Fixed bug 1227980 Change-Id: Id318177f186d1f68b0f3e5cba1bfaa98a4b2db24
2013-09-23 14:41:12 -07:00 · 2013-09-23 14:41:12 -07:00 · dc62539d6f
commit dc62539d6f
parent 66d7c2c4dd
2 changed files with 14 additions and 10 deletions
--- a/keystone/tests/test_token_provider.py
+++ b/keystone/tests/test_token_provider.py
@ -746,12 +746,6 @@ class TestTokenProvider(tests.TestCase):
                          provider=token.provider.UUID_PROVIDER)
        token.provider.Manager()

-        # custom provider should be OK too
-        self.opt_in_group('signing', token_format='CUSTOM')
-        self.opt_in_group('token',
-                          provider=token.provider.PKI_PROVIDER)
-        token.provider.Manager()
-
    def test_default_token_format(self):
        self.assertEqual(token.provider.Manager.get_token_provider(),
                         token.provider.PKI_PROVIDER)
@ -761,6 +755,15 @@ class TestTokenProvider(tests.TestCase):
        self.assertEqual(token.provider.Manager.get_token_provider(),
                         token.provider.UUID_PROVIDER)

+    def test_default_providers_without_token_format(self):
+        self.opt_in_group('token',
+                          provider=token.provider.UUID_PROVIDER)
+        token.provider.Manager()
+
+        self.opt_in_group('token',
+                          provider=token.provider.PKI_PROVIDER)
+        token.provider.Manager()
+
    def test_unsupported_token_format(self):
        self.opt_in_group('signing', token_format='CUSTOM')
        self.assertRaises(exception.UnexpectedError,
--- a/keystone/token/provider.py
+++ b/keystone/token/provider.py
@ -73,10 +73,11 @@ class Manager(manager.Manager):
            # NOTE(gyee): we are deprecating CONF.signing.token_format. This
            # code is to ensure the token provider configuration agrees with
            # CONF.signing.token_format.
-            if ((CONF.signing.token_format == 'PKI' and
-                    CONF.token.provider != PKI_PROVIDER or
-                    (CONF.signing.token_format == 'UUID' and
-                        CONF.token.provider != UUID_PROVIDER))):
+            if (CONF.signing.token_format and
+                    ((CONF.token.provider == PKI_PROVIDER and
+                        CONF.signing.token_format != 'PKI') or
+                        (CONF.token.provider == UUID_PROVIDER and
+                            CONF.signing.token_format != 'UUID'))):
                raise exception.UnexpectedError(
                    _('keystone.conf [signing] token_format (deprecated) '
                      'conflicts with keystone.conf [token] provider'))