diff options
author | Brant Knudson <bknudson@us.ibm.com> | 2013-07-23 21:16:01 -0500 |
---|---|---|
committer | Brant Knudson <bknudson@us.ibm.com> | 2013-07-24 12:34:48 -0500 |
commit | 7b4fedeed3517a17d32dad820bae2a49dd6c3e1b (patch) | |
tree | 137d94085943718da9e3457e409d7c67eb6a39a2 | |
parent | c6b7dd8959f96e4b5bf282860245603ff94b0084 (diff) | |
download | keystone-7b4fedeed3517a17d32dad820bae2a49dd6c3e1b.tar.gz keystone-7b4fedeed3517a17d32dad820bae2a49dd6c3e1b.tar.xz keystone-7b4fedeed3517a17d32dad820bae2a49dd6c3e1b.zip |
default token format/provider handling
The Keystone server would print a warning when both the token
format and provider were set to the default.
Also, the Keystone server would not start if the format was
commented out and the provider was set to the uuid.Provider.
Fixes: bug 1204314
Change-Id: Id7db33a1f27c4986af153efc73b22db8c6a8942e
-rw-r--r-- | etc/keystone.conf.sample | 6 | ||||
-rw-r--r-- | keystone/common/config.py | 2 | ||||
-rw-r--r-- | keystone/token/provider.py | 4 | ||||
-rw-r--r-- | tests/test_pki_token_provider.conf | 3 | ||||
-rw-r--r-- | tests/test_token_provider.py | 9 | ||||
-rw-r--r-- | tests/test_uuid_token_provider.conf | 3 |
6 files changed, 16 insertions, 11 deletions
diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample index 4c0327cf..a49a9a5e 100644 --- a/etc/keystone.conf.sample +++ b/etc/keystone.conf.sample @@ -128,7 +128,8 @@ # driver = keystone.token.backends.sql.Token # Controls the token construction, validation, and revocation operations. -# provider = keystone.token.providers.pki.Provider +# Core providers are keystone.token.providers.[pki|uuid].Provider +# provider = # Amount of time a token should remain valid (in seconds) # expiration = 86400 @@ -165,7 +166,8 @@ [signing] # Deprecated in favor of provider in the [token] section -#token_format = PKI +# Allowed values are PKI or UUID +#token_format = #certfile = /etc/keystone/pki/certs/signing_cert.pem #keyfile = /etc/keystone/pki/private/signing_key.pem diff --git a/keystone/common/config.py b/keystone/common/config.py index b0a534f8..10c47a35 100644 --- a/keystone/common/config.py +++ b/keystone/common/config.py @@ -240,7 +240,7 @@ def configure(): # signing register_str( - 'token_format', group='signing', default="PKI") + 'token_format', group='signing', default=None) register_str( 'certfile', group='signing', diff --git a/keystone/token/provider.py b/keystone/token/provider.py index 2459f843..2864be6f 100644 --- a/keystone/token/provider.py +++ b/keystone/token/provider.py @@ -77,6 +77,10 @@ class Manager(manager.Manager): 'conflicts with keystone.conf [token] provider')) return CONF.token.provider else: + if not CONF.signing.token_format: + # No token provider and no format, so use default (PKI) + return PKI_PROVIDER + msg = _('keystone.conf [signing] token_format is deprecated in ' 'favor of keystone.conf [token] provider') if CONF.signing.token_format == 'PKI': diff --git a/tests/test_pki_token_provider.conf b/tests/test_pki_token_provider.conf index ec8df231..255972c3 100644 --- a/tests/test_pki_token_provider.conf +++ b/tests/test_pki_token_provider.conf @@ -1,5 +1,2 @@ -[signing] -token_format = PKI - [token] provider = keystone.token.providers.pki.Provider diff --git a/tests/test_token_provider.py b/tests/test_token_provider.py index 1bcf1a21..ac0b0d6b 100644 --- a/tests/test_token_provider.py +++ b/tests/test_token_provider.py @@ -410,11 +410,16 @@ class TestTokenProvider(test.TestCase): self.assertRaises(exception.UnexpectedError, token.provider.Manager.get_token_provider) + def test_uuid_provider(self): + self.opt_in_group('token', provider=token.provider.UUID_PROVIDER) + self.assertEqual(token.provider.Manager.get_token_provider(), + token.provider.UUID_PROVIDER) + def test_provider_override_token_format(self): self.opt_in_group('token', provider='keystone.token.providers.pki.Test') - self.assertRaises(exception.UnexpectedError, - token.provider.Manager.get_token_provider) + self.assertEqual(token.provider.Manager.get_token_provider(), + 'keystone.token.providers.pki.Test') self.opt_in_group('signing', token_format='UUID') self.opt_in_group('token', diff --git a/tests/test_uuid_token_provider.conf b/tests/test_uuid_token_provider.conf index d1ac5fdf..d127ea3b 100644 --- a/tests/test_uuid_token_provider.conf +++ b/tests/test_uuid_token_provider.conf @@ -1,5 +1,2 @@ -[signing] -token_format = UUID - [token] provider = keystone.token.providers.uuid.Provider |