diff options
author | Lance Bragstad <lbragstad@gmail.com> | 2018-02-14 16:00:57 +0000 |
---|---|---|
committer | Lance Bragstad <lbragstad@gmail.com> | 2018-02-15 20:38:54 +0000 |
commit | 1b8d0589ce79cb141326d68c12c9f2a37951e938 (patch) | |
tree | 16ca4dd73e3ace5026da21cf0b7b18248ecb91f9 /keystone/token/provider.py | |
parent | be644b773e236452d6f31d290d311623ca6cd006 (diff) | |
download | keystone-1b8d0589ce79cb141326d68c12c9f2a37951e938.tar.gz |
Remove needs_persistence property from token providers
Since the sql token storage mechanism was removed in Rocky, we no
longer need hooks in the token Manager to determine if a token needs
to be retrieved from or written to a backend somewhere. Instead, token
providers will need to handle storage requirements if they need them.
This will result in a cleaner token provider interface.
Change-Id: Icc095987d41e9c08de2f34dc657b08b98bd944e4
Diffstat (limited to 'keystone/token/provider.py')
-rw-r--r-- | keystone/token/provider.py | 56 |
1 files changed, 0 insertions, 56 deletions
diff --git a/keystone/token/provider.py b/keystone/token/provider.py index 905eaa058..9a58b7d47 100644 --- a/keystone/token/provider.py +++ b/keystone/token/provider.py @@ -15,11 +15,9 @@ """Token provider interface.""" import datetime -import sys from oslo_log import log from oslo_utils import timeutils -import six from keystone.common import cache from keystone.common import manager @@ -62,7 +60,6 @@ class Manager(manager.Manager): V3 = V3 VERSIONS = VERSIONS - _persistence_manager = None def __init__(self): super(Manager, self).__init__(CONF.token.provider) @@ -99,35 +96,6 @@ class Manager(manager.Manager): notifications.register_event_callback(event, resource_type, callback_fns) - @property - def _needs_persistence(self): - return self.driver.needs_persistence() - - @property - def _persistence(self): - # NOTE(morganfainberg): This should not be handled via __init__ to - # avoid dependency injection oddities circular dependencies (where - # the provider manager requires the token persistence manager, which - # requires the token provider manager). - if self._persistence_manager is None: - self._persistence_manager = self._token_persistence_manager - return self._persistence_manager - - def _create_token(self, token_id, token_data): - try: - if isinstance(token_data['expires'], six.string_types): - token_data['expires'] = timeutils.normalize_time( - timeutils.parse_isotime(token_data['expires'])) - self._persistence.create_token(token_id, token_data) - except Exception: - exc_info = sys.exc_info() - # an identical token may have been created already. - # if so, return the token_data as it is also identical - try: - self._persistence.get_token(token_id) - except exception.TokenNotFound: - six.reraise(*exc_info) - def check_revocation_v3(self, token): try: token_data = token['token'] @@ -144,15 +112,6 @@ class Manager(manager.Manager): raise exception.TokenNotFound(_('No token in the request')) try: - # NOTE(lbragstad): Only go to persistent storage if we have a token - # to fetch from the backend (the driver persists the token). - # Otherwise the information about the token must be in the token - # id. - if self._needs_persistence: - token_ref = self._persistence.get_token(token_id) - # Overload the token_id variable to be a token reference - # instead. - token_id = token_ref token_ref = self._validate_token(token_id) self._is_valid_token(token_ref, window_seconds=window_seconds) return token_ref @@ -207,18 +166,6 @@ class Manager(manager.Manager): app_cred_id=app_cred_id, include_catalog=include_catalog, parent_audit_id=parent_audit_id) - if self._needs_persistence: - data = dict(key=token_id, - id=token_id, - expires=token_data['token']['expires_at'], - user=token_data['token']['user'], - tenant=token_data['token'].get('project'), - is_domain=is_domain, - token_data=token_data, - trust_id=trust['id'] if trust else None, - token_version=self.V3) - self._create_token(token_id, data) - if CONF.token.cache_on_issue: # NOTE(amakarov): here and above TOKENS_REGION is to be passed # to serve as required positional "self" argument. It's ignored, @@ -255,9 +202,6 @@ class Manager(manager.Manager): else: PROVIDERS.revoke_api.revoke_by_audit_id(token_ref.audit_id) - if CONF.token.revoke_by_id and self._needs_persistence: - self._persistence.delete_token(token_id=token_id) - # FIXME(morganfainberg): Does this cache actually need to be # invalidated? We maintain a cached revocation list, which should be # consulted before accepting a token as valid. For now we will |