Remove id_hash column

Storing the token body in the database back end is expensive and
not required.  This removes the storage, as well as updates
the Database schema

Bug 1046023

Change-Id: Iee92ca7c2aeef04664883693b78ecfc1781fb335

3 files changed, 47 insertions, 18 deletions

diff --git a/keystone/common/sql/migrate_repo/versions/004_undo_token_id_hash.py b/keystone/common/sql/migrate_repo/versions/004_undo_token_id_hash.py
new file mode 100644
index 00000000..8cfad79f
--- /dev/null
+++ b/keystone/common/sql/migrate_repo/versions/004_undo_token_id_hash.py
@@ -0,0 +1,43 @@
+# vim: tabstop=4 shiftwidth=4 softtabstop=4
+
+# Copyright (c) 2012 Red Hat, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from sqlalchemy import Column, MetaData, String, Table
+
+
+def downgrade(migrate_engine):
+    meta = MetaData()
+    meta.bind = migrate_engine
+    token = Table('token', meta, autoload=True)
+    old_id_col = token.c.id
+    old_id_col.alter(name='id_hash')
+    # Note: We obtain a new metadata reference to avoid
+    # sqlalchemy.exc.ArgumentError:
+    # Trying to redefine primary-key column 'id' as a non-primary-key...
+    meta = MetaData()
+    meta.bind = migrate_engine
+    token = Table('token', meta, autoload=True)
+    new_id = Column("id", String(2048))
+    token.create_column(new_id)
+
+
+def upgrade(migrate_engine):
+    meta = MetaData()
+    meta.bind = migrate_engine
+    token = Table('token', meta, autoload=True)
+    token.drop_column('id')
+    token = Table('token', meta, autoload=True)
+    id_col = token.c.id_hash
+    id_col.alter(name='id')
diff --git a/keystone/service.py b/keystone/service.py
index 887a4f16..ddc9e4a7 100644
--- a/keystone/service.py
+++ b/keystone/service.py
@@ -376,18 +376,6 @@ class TokenController(wsgi.Application):
                                 % (user_id, tenant_id))
                     raise exception.Unauthorized()
 
-                # if the old token is sufficient unpack and return it
-                if (old_token_ref['tenant']
-                        and tenant_id == old_token_ref['tenant']['id']
-                        and len(old_token) > cms.UUID_TOKEN_LENGTH):
-                    json_data = cms.verify_token(
-                        old_token,
-                        config.CONF.signing.certfile,
-                        config.CONF.signing.ca_certs)
-                    return_data = json.loads(json_data)
-                    return_data['access']['token']['id'] = old_token
-                    return return_data
-
             expiry = old_token_ref['expires']
             try:
                 tenant_ref = self.identity_api.get_tenant(context=context,
diff --git a/keystone/token/backends/sql.py b/keystone/token/backends/sql.py
index 5816162d..15a0060c 100644
--- a/keystone/token/backends/sql.py
+++ b/keystone/token/backends/sql.py
@@ -27,8 +27,7 @@ from keystone import token
 
 class TokenModel(sql.ModelBase, sql.DictBase):
     __tablename__ = 'token'
-    id_hash = sql.Column(sql.String(64), primary_key=True)
-    id = sql.Column(sql.String(1024))
+    id = sql.Column(sql.String(64), primary_key=True)
     expires = sql.Column(sql.DateTime(), default=None)
     extra = sql.Column(sql.JsonBlob())
     valid = sql.Column(sql.Boolean(), default=True)
@@ -38,14 +37,13 @@ class TokenModel(sql.ModelBase, sql.DictBase):
         # shove any non-indexed properties into extra
         extra = copy.deepcopy(token_dict)
         data = {}
-        for k in ('id_hash', 'id', 'expires'):
+        for k in ('id', 'expires'):
             data[k] = extra.pop(k, None)
         data['extra'] = extra
         return cls(**data)
 
     def to_dict(self):
         out = copy.deepcopy(self.extra)
-        out['id_hash'] = self.id
         out['id'] = self.id
         out['expires'] = self.expires
         return out
@@ -56,7 +54,7 @@ class Token(sql.Base, token.Driver):
     def get_token(self, token_id):
         session = self.get_session()
         token_ref = session.query(TokenModel)\
-            .filter_by(id_hash=self.token_to_key(token_id),
+            .filter_by(id=self.token_to_key(token_id),
                        valid=True).first()
         now = datetime.datetime.utcnow()
         if token_ref and (not token_ref.expires or now < token_ref.expires):
@@ -78,7 +76,7 @@ class Token(sql.Base, token.Driver):
             data_copy['expires'] = self._get_default_expire_time()
 
         token_ref = TokenModel.from_dict(data_copy)
-        token_ref.id_hash = self.token_to_key(token_id)
+        token_ref.id = self.token_to_key(token_id)
         token_ref.valid = True
         session = self.get_session()
         with session.begin():