Merge "default token format/provider handling"

6 files changed, 16 insertions, 11 deletions

diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample
index 4c0327cf..a49a9a5e 100644
--- a/etc/keystone.conf.sample
+++ b/etc/keystone.conf.sample
@@ -128,7 +128,8 @@
 # driver = keystone.token.backends.sql.Token
 
 # Controls the token construction, validation, and revocation operations.
-# provider = keystone.token.providers.pki.Provider
+# Core providers are keystone.token.providers.[pki|uuid].Provider
+# provider =
 
 # Amount of time a token should remain valid (in seconds)
 # expiration = 86400
@@ -165,7 +166,8 @@
 
 [signing]
 # Deprecated in favor of provider in the [token] section
-#token_format = PKI
+# Allowed values are PKI or UUID
+#token_format =
 
 #certfile = /etc/keystone/pki/certs/signing_cert.pem
 #keyfile = /etc/keystone/pki/private/signing_key.pem
diff --git a/keystone/common/config.py b/keystone/common/config.py
index b0a534f8..10c47a35 100644
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@@ -240,7 +240,7 @@ def configure():
 
     # signing
     register_str(
-        'token_format', group='signing', default="PKI")
+        'token_format', group='signing', default=None)
     register_str(
         'certfile',
         group='signing',
diff --git a/keystone/token/provider.py b/keystone/token/provider.py
index 2459f843..2864be6f 100644
--- a/keystone/token/provider.py
+++ b/keystone/token/provider.py
@@ -77,6 +77,10 @@ class Manager(manager.Manager):
                       'conflicts with keystone.conf [token] provider'))
             return CONF.token.provider
         else:
+            if not CONF.signing.token_format:
+                # No token provider and no format, so use default (PKI)
+                return PKI_PROVIDER
+
             msg = _('keystone.conf [signing] token_format is deprecated in '
                     'favor of keystone.conf [token] provider')
             if CONF.signing.token_format == 'PKI':
diff --git a/tests/test_pki_token_provider.conf b/tests/test_pki_token_provider.conf
index ec8df231..255972c3 100644
--- a/tests/test_pki_token_provider.conf
+++ b/tests/test_pki_token_provider.conf
@@ -1,5 +1,2 @@
-[signing]
-token_format = PKI
-
 [token]
 provider = keystone.token.providers.pki.Provider
diff --git a/tests/test_token_provider.py b/tests/test_token_provider.py
index 1bcf1a21..ac0b0d6b 100644
--- a/tests/test_token_provider.py
+++ b/tests/test_token_provider.py
@@ -410,11 +410,16 @@ class TestTokenProvider(test.TestCase):
         self.assertRaises(exception.UnexpectedError,
                           token.provider.Manager.get_token_provider)
 
+    def test_uuid_provider(self):
+        self.opt_in_group('token', provider=token.provider.UUID_PROVIDER)
+        self.assertEqual(token.provider.Manager.get_token_provider(),
+                         token.provider.UUID_PROVIDER)
+
     def test_provider_override_token_format(self):
         self.opt_in_group('token',
                           provider='keystone.token.providers.pki.Test')
-        self.assertRaises(exception.UnexpectedError,
-                          token.provider.Manager.get_token_provider)
+        self.assertEqual(token.provider.Manager.get_token_provider(),
+                         'keystone.token.providers.pki.Test')
 
         self.opt_in_group('signing', token_format='UUID')
         self.opt_in_group('token',
diff --git a/tests/test_uuid_token_provider.conf b/tests/test_uuid_token_provider.conf
index d1ac5fdf..d127ea3b 100644
--- a/tests/test_uuid_token_provider.conf
+++ b/tests/test_uuid_token_provider.conf
@@ -1,5 +1,2 @@
-[signing]
-token_format = UUID
-
 [token]
 provider = keystone.token.providers.uuid.Provider