5 files changed, 30 insertions, 20 deletions

diff --git a/nova/api/openstack/auth.py b/nova/api/openstack/auth.py
index 1dfdd5318..dff69a7f2 100644
--- a/nova/api/openstack/auth.py
+++ b/nova/api/openstack/auth.py
@@ -103,11 +103,11 @@ class AuthMiddleware(wsgi.Middleware):
         2 days ago.
         """
         ctxt = context.get_admin_context()
-        token = self.db.auth_get_token(ctxt, token_hash)
+        token = self.db.auth_token_get(ctxt, token_hash)
         if token:
             delta = datetime.datetime.now() - token.created_at
             if delta.days >= 2:
-                self.db.auth_destroy_token(ctxt, token)
+                self.db.auth_token_destroy(ctxt, token.id)
             else:
                 return self.auth.get_user(token.user_id)
         return None
@@ -131,6 +131,6 @@ class AuthMiddleware(wsgi.Middleware):
             token_dict['server_management_url'] = req.url
             token_dict['storage_url'] = ''
             token_dict['user_id'] = user.id
-            token = self.db.auth_create_token(ctxt, token_dict)
+            token = self.db.auth_token_create(ctxt, token_dict)
             return token, user
         return None, None
diff --git a/nova/db/api.py b/nova/db/api.py
index 0a010e727..4c7eb857f 100644
--- a/nova/db/api.py
+++ b/nova/db/api.py
@@ -630,19 +630,19 @@ def iscsi_target_create_safe(context, values):
 ###############
 
 
-def auth_destroy_token(context, token):
+def auth_token_destroy(context, token_id):
     """Destroy an auth token."""
-    return IMPL.auth_destroy_token(context, token)
+    return IMPL.auth_token_destroy(context, token_id)
 
 
-def auth_get_token(context, token_hash):
+def auth_token_get(context, token_hash):
     """Retrieves a token given the hash representing it."""
-    return IMPL.auth_get_token(context, token_hash)
+    return IMPL.auth_token_get(context, token_hash)
 
 
-def auth_create_token(context, token):
+def auth_token_create(context, token):
     """Creates a new token."""
-    return IMPL.auth_create_token(context, token)
+    return IMPL.auth_token_create(context, token)
 
 
 ###################
diff --git a/nova/db/sqlalchemy/api.py b/nova/db/sqlalchemy/api.py
index d8751bef4..0be08c4d1 100644
--- a/nova/db/sqlalchemy/api.py
+++ b/nova/db/sqlalchemy/api.py
@@ -1262,16 +1262,19 @@ def iscsi_target_create_safe(context, values):
 
 
 @require_admin_context
-def auth_destroy_token(_context, token):
+def auth_token_destroy(context, token_id):
     session = get_session()
-    session.delete(token)
+    with session.begin():
+        token_ref = auth_token_get(context, token_id, session=session)
+        token_ref.delete(session=session)
 
 
 @require_admin_context
-def auth_get_token(_context, token_hash):
+def auth_token_get(context, token_hash):
     session = get_session()
     tk = session.query(models.AuthToken).\
                   filter_by(token_hash=token_hash).\
+                  filter_by(deleted=can_read_deleted(context)).\
                   first()
     if not tk:
         raise exception.NotFound(_('Token %s does not exist') % token_hash)
@@ -1279,7 +1282,7 @@ def auth_get_token(_context, token_hash):
 
 
 @require_admin_context
-def auth_create_token(_context, token):
+def auth_token_create(_context, token):
     tk = models.AuthToken()
     tk.update(token)
     tk.save()
diff --git a/nova/tests/api/openstack/fakes.py b/nova/tests/api/openstack/fakes.py
index fb282f1c9..49ce8c1b5 100644
--- a/nova/tests/api/openstack/fakes.py
+++ b/nova/tests/api/openstack/fakes.py
@@ -188,7 +188,11 @@ def stub_out_glance(stubs, initial_fixtures=None):
 
 
 class FakeToken(object):
+    id = 0
+
     def __init__(self, **kwargs):
+        FakeToken.id += 1
+        self.id = FakeToken.id
         for k, v in kwargs.iteritems():
             setattr(self, k, v)
 
@@ -203,19 +207,22 @@ class FakeAuthDatabase(object):
     data = {}
 
     @staticmethod
-    def auth_get_token(context, token_hash):
+    def auth_token_get(context, token_hash):
         return FakeAuthDatabase.data.get(token_hash, None)
 
     @staticmethod
-    def auth_create_token(context, token):
+    def auth_token_create(context, token):
         fake_token = FakeToken(created_at=datetime.datetime.now(), **token)
         FakeAuthDatabase.data[fake_token.token_hash] = fake_token
+        FakeAuthDatabase.data['id_%i' % fake_token.id] = fake_token
         return fake_token
 
     @staticmethod
-    def auth_destroy_token(context, token):
-        if token.token_hash in FakeAuthDatabase.data:
-            del FakeAuthDatabase.data['token_hash']
+    def auth_token_destroy(context, token_id):
+        token = FakeAuthDatabase.data.get('id_%i' % token_id)
+        if token and token.token_hash in FakeAuthDatabase.data:
+            del FakeAuthDatabase.data[token.token_hash]
+            del FakeAuthDatabase.data['id_%i' % token_id]
 
 
 class FakeAuthManager(object):
diff --git a/nova/tests/api/openstack/test_auth.py b/nova/tests/api/openstack/test_auth.py
index 13f6c3a1c..86dfb110f 100644
--- a/nova/tests/api/openstack/test_auth.py
+++ b/nova/tests/api/openstack/test_auth.py
@@ -99,10 +99,10 @@ class Test(test.TestCase):
                     token_hash=token_hash,
                     created_at=datetime.datetime(1990, 1, 1))
 
-        self.stubs.Set(fakes.FakeAuthDatabase, 'auth_destroy_token',
+        self.stubs.Set(fakes.FakeAuthDatabase, 'auth_token_destroy',
             destroy_token_mock)
 
-        self.stubs.Set(fakes.FakeAuthDatabase, 'auth_get_token',
+        self.stubs.Set(fakes.FakeAuthDatabase, 'auth_token_get',
             bad_token)
 
         req = webob.Request.blank('/v1.0/')