Merge "Set default token provider to UUID"

doc/source/configuration.rst

@@ -283,11 +283,11 @@ Token Provider
 
 Keystone supports customizable token provider and it is specified in the
 ``[token]`` section of the configuration file. Keystone provides both UUID and
-PKI token providers, with PKI token provider enabled as default. However, users
-may register their own token provider by configuring the following property.
+PKI token providers. However, users may register their own token provider by
+configuring the following property.
 
 * ``provider`` - token provider driver. Defaults to
-  ``keystone.token.providers.pki.Provider``
+  ``keystone.token.providers.uuid.Provider``
 
 Note that ``token_format`` in the ``[signing]`` section is deprecated but still
 being supported for backward compatibility. Therefore, if ``provider`` is set
@@ -322,8 +322,7 @@ additional attributes.
 
 The current architectural approaches for both UUID- and PKI-based tokens have
 pain points exposed by environments under heavy load (search bugs and
-blueprints for the latest details and potential solutions), although PKI tokens
-became the default configuration option in the Grizzly release.
+blueprints for the latest details and potential solutions).
 
 Caching Layer
 -------------

keystone/common/config.py

@@ -239,7 +239,7 @@ FILE_OPTIONS = {
                    help='Controls the token construction, validation, and '
                         'revocation operations. Core providers are '
                         '"keystone.token.providers.[pkiz|pki|uuid].'
-                        'Provider". The default provider is pkiz.'),
+                        'Provider". The default provider is uuid.'),
         cfg.StrOpt('driver',
                    default='keystone.token.persistence.backends.sql.Token',
                    help='Token persistence backend driver.'),

keystone/tests/test_cert_setup.py

@@ -66,6 +66,9 @@ class CertSetupTestCase(rest.RestfulTestCase):
             ca_key=ca_key,
             certfile=os.path.join(CERTDIR, 'keystone.pem'),
             keyfile=os.path.join(KEYDIR, 'keystonekey.pem'))
+        self.config_fixture.config(
+            group='token',
+            provider='keystone.token.providers.pkiz.Provider')
 
     def test_can_handle_missing_certs(self):
         controller = token.controllers.Auth()

keystone/tests/test_token_provider.py

@@ -730,7 +730,7 @@ class TestTokenProvider(tests.TestCase):
                           'bogus')
 
     def test_default_token_format(self):
-        self.assertEqual(token.provider.PKIZ_PROVIDER,
+        self.assertEqual(token.provider.UUID_PROVIDER,
                          token.provider.Manager.get_token_provider())
 
     def test_uuid_token_format_and_no_provider(self):

keystone/token/provider.py

@@ -144,7 +144,7 @@ class Manager(manager.Manager):
             return mapped
 
         if CONF.token.provider is None:
-            return PKIZ_PROVIDER
+            return UUID_PROVIDER
         else:
             return CONF.token.provider