diff options
-rw-r--r-- | keystone/token/provider.py | 32 | ||||
-rw-r--r-- | tests/test_token_provider.py | 14 |
2 files changed, 27 insertions, 19 deletions
diff --git a/keystone/token/provider.py b/keystone/token/provider.py index 554d575c..2459f843 100644 --- a/keystone/token/provider.py +++ b/keystone/token/provider.py @@ -52,16 +52,20 @@ class Manager(manager.Manager): """ @classmethod - def check_and_get_token_provider(cls): - """Make sure we still support token_format for backward compatibility. + def get_token_provider(cls): + """Return package path to the configured token provider. - Return the provider based on token_format if provider property is not - set. Otherwise, ignore token_format and return the configured provider - instead. + The value should come from ``keystone.conf`` ``[token] provider``, + however this method ensures backwards compatibility for + ``keystone.conf`` ``[signing] token_format`` until Havana + 2. + + Return the provider based on ``token_format`` if ``provider`` is not + set. Otherwise, ignore ``token_format`` and return the configured + ``provider`` instead. """ - if CONF.token.provider: - # FIXME(gyee): we are deprecating CONF.signing.token_format. This + if CONF.token.provider is not None: + # NOTE(gyee): we are deprecating CONF.signing.token_format. This # code is to ensure the token provider configuration agrees with # CONF.signing.token_format. if ((CONF.signing.token_format == 'PKI' and @@ -69,21 +73,25 @@ class Manager(manager.Manager): (CONF.signing.token_format == 'UUID' and CONF.token.provider != UUID_PROVIDER))): raise exception.UnexpectedError( - '[signing] token_format conflicts with [token] provider ' - 'in keystone.conf') + _('keystone.conf [signing] token_format (deprecated) ' + 'conflicts with keystone.conf [token] provider')) return CONF.token.provider else: + msg = _('keystone.conf [signing] token_format is deprecated in ' + 'favor of keystone.conf [token] provider') if CONF.signing.token_format == 'PKI': + LOG.warning(msg) return PKI_PROVIDER elif CONF.signing.token_format == 'UUID': + LOG.warning(msg) return UUID_PROVIDER else: raise exception.UnexpectedError( - 'unrecognized token format. Must be either ' - '\'UUID\' or \'PKI\'') + _('Unrecognized keystone.conf [signing] token_format: ' + 'expected either \'UUID\' or \'PKI\'')) def __init__(self): - super(Manager, self).__init__(self.check_and_get_token_provider()) + super(Manager, self).__init__(self.get_token_provider()) class Provider(object): diff --git a/tests/test_token_provider.py b/tests/test_token_provider.py index 31205073..1bcf1a21 100644 --- a/tests/test_token_provider.py +++ b/tests/test_token_provider.py @@ -397,39 +397,39 @@ class TestTokenProvider(test.TestCase): token.provider.Manager() def test_default_token_format(self): - self.assertEqual(token.provider.Manager.check_and_get_token_provider(), + self.assertEqual(token.provider.Manager.get_token_provider(), token.provider.PKI_PROVIDER) def test_uuid_token_format_and_no_provider(self): self.opt_in_group('signing', token_format='UUID') - self.assertEqual(token.provider.Manager.check_and_get_token_provider(), + self.assertEqual(token.provider.Manager.get_token_provider(), token.provider.UUID_PROVIDER) def test_unsupported_token_format(self): self.opt_in_group('signing', token_format='CUSTOM') self.assertRaises(exception.UnexpectedError, - token.provider.Manager.check_and_get_token_provider) + token.provider.Manager.get_token_provider) def test_provider_override_token_format(self): self.opt_in_group('token', provider='keystone.token.providers.pki.Test') self.assertRaises(exception.UnexpectedError, - token.provider.Manager.check_and_get_token_provider) + token.provider.Manager.get_token_provider) self.opt_in_group('signing', token_format='UUID') self.opt_in_group('token', provider=token.provider.UUID_PROVIDER) - self.assertEqual(token.provider.Manager.check_and_get_token_provider(), + self.assertEqual(token.provider.Manager.get_token_provider(), token.provider.UUID_PROVIDER) self.opt_in_group('signing', token_format='PKI') self.opt_in_group('token', provider=token.provider.PKI_PROVIDER) - self.assertEqual(token.provider.Manager.check_and_get_token_provider(), + self.assertEqual(token.provider.Manager.get_token_provider(), token.provider.PKI_PROVIDER) self.opt_in_group('signing', token_format='CUSTOM') self.opt_in_group('token', provider='my.package.MyProvider') - self.assertEqual(token.provider.Manager.check_and_get_token_provider(), + self.assertEqual(token.provider.Manager.get_token_provider(), 'my.package.MyProvider') |