Merge "Set default token provider to UUID"
This commit is contained in:
commit
e21c70c27f
|
@ -283,11 +283,11 @@ Token Provider
|
|||
|
||||
Keystone supports customizable token provider and it is specified in the
|
||||
``[token]`` section of the configuration file. Keystone provides both UUID and
|
||||
PKI token providers, with PKI token provider enabled as default. However, users
|
||||
may register their own token provider by configuring the following property.
|
||||
PKI token providers. However, users may register their own token provider by
|
||||
configuring the following property.
|
||||
|
||||
* ``provider`` - token provider driver. Defaults to
|
||||
``keystone.token.providers.pki.Provider``
|
||||
``keystone.token.providers.uuid.Provider``
|
||||
|
||||
Note that ``token_format`` in the ``[signing]`` section is deprecated but still
|
||||
being supported for backward compatibility. Therefore, if ``provider`` is set
|
||||
|
@ -322,8 +322,7 @@ additional attributes.
|
|||
|
||||
The current architectural approaches for both UUID- and PKI-based tokens have
|
||||
pain points exposed by environments under heavy load (search bugs and
|
||||
blueprints for the latest details and potential solutions), although PKI tokens
|
||||
became the default configuration option in the Grizzly release.
|
||||
blueprints for the latest details and potential solutions).
|
||||
|
||||
Caching Layer
|
||||
-------------
|
||||
|
|
|
@ -239,7 +239,7 @@ FILE_OPTIONS = {
|
|||
help='Controls the token construction, validation, and '
|
||||
'revocation operations. Core providers are '
|
||||
'"keystone.token.providers.[pkiz|pki|uuid].'
|
||||
'Provider". The default provider is pkiz.'),
|
||||
'Provider". The default provider is uuid.'),
|
||||
cfg.StrOpt('driver',
|
||||
default='keystone.token.persistence.backends.sql.Token',
|
||||
help='Token persistence backend driver.'),
|
||||
|
|
|
@ -66,6 +66,9 @@ class CertSetupTestCase(rest.RestfulTestCase):
|
|||
ca_key=ca_key,
|
||||
certfile=os.path.join(CERTDIR, 'keystone.pem'),
|
||||
keyfile=os.path.join(KEYDIR, 'keystonekey.pem'))
|
||||
self.config_fixture.config(
|
||||
group='token',
|
||||
provider='keystone.token.providers.pkiz.Provider')
|
||||
|
||||
def test_can_handle_missing_certs(self):
|
||||
controller = token.controllers.Auth()
|
||||
|
|
|
@ -730,7 +730,7 @@ class TestTokenProvider(tests.TestCase):
|
|||
'bogus')
|
||||
|
||||
def test_default_token_format(self):
|
||||
self.assertEqual(token.provider.PKIZ_PROVIDER,
|
||||
self.assertEqual(token.provider.UUID_PROVIDER,
|
||||
token.provider.Manager.get_token_provider())
|
||||
|
||||
def test_uuid_token_format_and_no_provider(self):
|
||||
|
|
|
@ -144,7 +144,7 @@ class Manager(manager.Manager):
|
|||
return mapped
|
||||
|
||||
if CONF.token.provider is None:
|
||||
return PKIZ_PROVIDER
|
||||
return UUID_PROVIDER
|
||||
else:
|
||||
return CONF.token.provider
|
||||
|
||||
|
|
Loading…
Reference in New Issue