default token format/provider handling

The Keystone server would print a warning when both the token format and provider were set to the default. Also, the Keystone server would not start if the format was commented out and the provider was set to the uuid.Provider. Fixes: bug 1204314 Change-Id: Id7db33a1f27c4986af153efc73b22db8c6a8942e
openstack · Jul 24, 2013 · 7b4fede · 7b4fede
1 parent c6b7dd8
commit 7b4fede
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 11 deletions.
diff --git a/etc/keystone.conf.sample b/etc/keystone.conf.sample
@@ -128,7 +128,8 @@
 # driver = keystone.token.backends.sql.Token
 
 # Controls the token construction, validation, and revocation operations.
-# provider = keystone.token.providers.pki.Provider
+# Core providers are keystone.token.providers.[pki|uuid].Provider
+# provider =
 
 # Amount of time a token should remain valid (in seconds)
 # expiration = 86400
@@ -165,7 +166,8 @@
 
 [signing]
 # Deprecated in favor of provider in the [token] section
-#token_format = PKI
+# Allowed values are PKI or UUID
+#token_format =
 
 #certfile = /etc/keystone/pki/certs/signing_cert.pem
 #keyfile = /etc/keystone/pki/private/signing_key.pem

diff --git a/keystone/common/config.py b/keystone/common/config.py
@@ -240,7 +240,7 @@ def configure():
 
     # signing
     register_str(
-        'token_format', group='signing', default="PKI")
+        'token_format', group='signing', default=None)
     register_str(
         'certfile',
         group='signing',

diff --git a/keystone/token/provider.py b/keystone/token/provider.py
@@ -77,6 +77,10 @@ def get_token_provider(cls):
                       'conflicts with keystone.conf [token] provider'))
             return CONF.token.provider
         else:
+            if not CONF.signing.token_format:
+                # No token provider and no format, so use default (PKI)
+                return PKI_PROVIDER
+
             msg = _('keystone.conf [signing] token_format is deprecated in '
                     'favor of keystone.conf [token] provider')
             if CONF.signing.token_format == 'PKI':

diff --git a/tests/test_pki_token_provider.conf b/tests/test_pki_token_provider.conf
@@ -1,5 +1,2 @@
-[signing]
-token_format = PKI
-
 [token]
 provider = keystone.token.providers.pki.Provider
diff --git a/tests/test_token_provider.py b/tests/test_token_provider.py
@@ -410,11 +410,16 @@ def test_unsupported_token_format(self):
         self.assertRaises(exception.UnexpectedError,
                           token.provider.Manager.get_token_provider)
 
+    def test_uuid_provider(self):
+        self.opt_in_group('token', provider=token.provider.UUID_PROVIDER)
+        self.assertEqual(token.provider.Manager.get_token_provider(),
+                         token.provider.UUID_PROVIDER)
+
     def test_provider_override_token_format(self):
         self.opt_in_group('token',
                           provider='keystone.token.providers.pki.Test')
-        self.assertRaises(exception.UnexpectedError,
-                          token.provider.Manager.get_token_provider)
+        self.assertEqual(token.provider.Manager.get_token_provider(),
+                         'keystone.token.providers.pki.Test')
 
         self.opt_in_group('signing', token_format='UUID')
         self.opt_in_group('token',

diff --git a/tests/test_uuid_token_provider.conf b/tests/test_uuid_token_provider.conf
@@ -1,5 +1,2 @@
-[signing]
-token_format = UUID
-
 [token]
 provider = keystone.token.providers.uuid.Provider