diff options
| author | Guang Yee <guang.yee@hp.com> | 2013-07-18 08:23:52 -0700 |
|---|---|---|
| committer | Guang Yee <guang.yee@hp.com> | 2013-07-18 09:28:42 -0700 |
| commit | e63501d305c67b898821ad65ec744adf6851236a (patch) | |
| tree | a9d3430185972de6f26ff1cef76525f8fc530fa1 /keystone/token | |
| parent | c42533fc00210a16d6eb74909adaeddb9bc4fbf6 (diff) | |
| download | keystone-e63501d305c67b898821ad65ec744adf6851236a.tar.gz keystone-e63501d305c67b898821ad65ec744adf6851236a.tar.xz keystone-e63501d305c67b898821ad65ec744adf6851236a.zip | |
Support token_format for backward compatibility
The provider property in the [token] section will be unset by default. If
provider is not set, we will use token_format in the [signing] section to
determine to provider. If provider is set, it must agree with the token_format.
fixed bug 1202651
Change-Id: I15ff67490acbbacc9eefc7eee253400475704b04
Diffstat (limited to 'keystone/token')
| -rw-r--r-- | keystone/token/provider.py | 46 |
1 files changed, 36 insertions, 10 deletions
diff --git a/keystone/token/provider.py b/keystone/token/provider.py index 3bb14e01..554d575c 100644 --- a/keystone/token/provider.py +++ b/keystone/token/provider.py @@ -32,6 +32,10 @@ LOG = logging.getLogger(__name__) V2 = 'v2.0' V3 = 'v3.0' +# default token providers +PKI_PROVIDER = 'keystone.token.providers.pki.Provider' +UUID_PROVIDER = 'keystone.token.providers.uuid.Provider' + class UnsupportedTokenVersionException(Exception): """Token version is unrecognizable or unsupported.""" @@ -47,17 +51,39 @@ class Manager(manager.Manager): """ + @classmethod + def check_and_get_token_provider(cls): + """Make sure we still support token_format for backward compatibility. + + Return the provider based on token_format if provider property is not + set. Otherwise, ignore token_format and return the configured provider + instead. + + """ + if CONF.token.provider: + # FIXME(gyee): we are deprecating CONF.signing.token_format. This + # code is to ensure the token provider configuration agrees with + # CONF.signing.token_format. + if ((CONF.signing.token_format == 'PKI' and + CONF.token.provider != PKI_PROVIDER or + (CONF.signing.token_format == 'UUID' and + CONF.token.provider != UUID_PROVIDER))): + raise exception.UnexpectedError( + '[signing] token_format conflicts with [token] provider ' + 'in keystone.conf') + return CONF.token.provider + else: + if CONF.signing.token_format == 'PKI': + return PKI_PROVIDER + elif CONF.signing.token_format == 'UUID': + return UUID_PROVIDER + else: + raise exception.UnexpectedError( + 'unrecognized token format. Must be either ' + '\'UUID\' or \'PKI\'') + def __init__(self): - # FIXME(gyee): we are deprecating CONF.signing.token_format. This code - # is to ensure the token provider configuration agrees with - # CONF.signing.token_format. - if ((CONF.signing.token_format == 'PKI' and - not CONF.token.provider.endswith('.pki.Provider')) or - (CONF.signing.token_format == 'UUID' and - not CONF.token.provider.endswith('uuid.Provider'))): - raise ValueError('token_format conflicts with token provider') - - super(Manager, self).__init__(CONF.token.provider) + super(Manager, self).__init__(self.check_and_get_token_provider()) class Provider(object): |