b47e84dac1
Since we're no longer supporting persistent tokens in tree and we removed the uuid token provider, it's the perfect time to clean up a good amount of confusing technical debt. The token provider API is historically known for being confusing. This is mainly because the reference that is intended to be returned to the user is modified all up and down the API. Different parts of the API use the reference to invoke call hooks in other method making the code hard to debug. In order to fully understand how tokens are built, you need to understand where and how tokens are modified by different layers of the API according to a specific contract of the authentication API. Another big problem is that it couples the actual reference of how a token looks too closely to the business logic for tokens. Which means you have to write a ton of code if you ever want a token to look differently, like you would if you wanted to support a new API version. A token should be an object that the managers and controllers can query and reason about. From there they should be able to build token responses accordingly. This will make the actual token provider API much simpler because it needs to know less about API contracts that are the responsibility of the controllers. This should lead to simpler interfaces when new token providers are added, or maintained out of tree. This also makes it less likely for APIs to behave differently based on what token provider is configured by being explicitly building the token reference in one place. This commit ports the token business logic out of the keystone.token.providers.common module and into a dedicated token object, or model. This will result in a cleaner interface between the token providers and the token provider API. A subsequent patch will remove the unused code across the token provider API. Partial-Bug: 1778945 Change-Id: If9ded94e65bacb0d06f5225bb36f659dc7bb8355
19 lines
995 B
YAML
19 lines
995 B
YAML
---
|
|
upgrade:
|
|
- |
|
|
[`bug 1778945 <https://bugs.launchpad.net/keystone/+bug/1778945>`_]
|
|
The pluggable interface for token providers has changed. If you're
|
|
maintaining a custom token provider, you're going to be affected by these
|
|
interface changes. Implementing the new interface will be required before
|
|
using your custom token provider with the Rocky release of keystone. The
|
|
new interface is more clear about the relationship and responsibilities
|
|
between the token API and pluggable token providers.
|
|
fixes:
|
|
- |
|
|
[`bug 1778945 <https://bugs.launchpad.net/keystone/+bug/1778945>`_]
|
|
There were several improvements made to the token provider API and
|
|
interface that simplify what external developers need to do and understand
|
|
in order to provide their own token provider implementation. Please see the
|
|
linked bug report for more details as to why these changes were made and
|
|
the benefits they provide for both upstream and downstream developers.
|