Remove v2 token value model

Since v2.0 apis had been removed, this functionality was only used with v2 token and no longer needed. Change-Id: I450245120adf3184808386ba2c669080f2b23d1b
2017-10-24 15:48:03 +08:00 · 2017-10-24 15:48:03 +08:00 · 64fdb17921
parent 8954c27cb1
commit 64fdb17921
4 changed files with 4 additions and 71 deletions
--- a/keystone/models/revoke_model.py
+++ b/keystone/models/revoke_model.py
@ -204,56 +204,6 @@ def matches(event, token_values):
    return True


-def build_token_values_v2(access, default_domain_id):
-    token_data = access['token']
-
-    token_expires_at = timeutils.parse_isotime(token_data['expires'])
-
-    # Trim off the microseconds because the revocation event only has
-    # expirations accurate to the second.
-    token_expires_at = token_expires_at.replace(microsecond=0)
-
-    token_values = {
-        'expires_at': timeutils.normalize_time(token_expires_at),
-        'issued_at': timeutils.normalize_time(
-            timeutils.parse_isotime(token_data['issued_at'])),
-        'audit_id': token_data.get('audit_ids', [None])[0],
-        'audit_chain_id': token_data.get('audit_ids', [None])[-1],
-    }
-
-    token_values['user_id'] = access.get('user', {}).get('id')
-
-    project = token_data.get('tenant')
-    if project is not None:
-        token_values['project_id'] = project['id']
-    else:
-        token_values['project_id'] = None
-
-    token_values['identity_domain_id'] = default_domain_id
-    token_values['assignment_domain_id'] = default_domain_id
-
-    trust = access.get('trust')
-    if trust is None:
-        token_values['trust_id'] = None
-        token_values['trustor_id'] = None
-        token_values['trustee_id'] = None
-    else:
-        token_values['trust_id'] = trust['id']
-        token_values['trustor_id'] = trust['trustor_user_id']
-        token_values['trustee_id'] = trust['trustee_user_id']
-
-    token_values['consumer_id'] = None
-    token_values['access_token_id'] = None
-
-    role_list = []
-    # Roles are by ID in metadata and by name in the user section
-    roles = access.get('metadata', {}).get('roles', [])
-    for role in roles:
-        role_list.append(role)
-    token_values['roles'] = role_list
-    return token_values
-
-
 def build_token_values(token_data):

    token_expires_at = timeutils.parse_isotime(token_data['expires_at'])
--- a/keystone/models/token_model.py
+++ b/keystone/models/token_model.py
@ -21,9 +21,8 @@ from keystone.federation import constants
 from keystone.i18n import _

 # supported token versions
-V2 = 'v2.0'
 V3 = 'v3.0'
-VERSIONS = frozenset([V2, V3])
+VERSIONS = frozenset([V3])


 def _parse_and_normalize_time(time_data):
@ -33,7 +32,7 @@ def _parse_and_normalize_time(time_data):


 class KeystoneToken(dict):
-    """An in-memory representation that unifies v2 and v3 tokens."""
+    """An in-memory representation that unifies v3 tokens."""

    # TODO(morganfainberg): Align this in-memory representation with the
    # objects in keystoneclient. This object should be eventually updated
--- a/keystone/tests/unit/token/test_backends.py
+++ b/keystone/tests/unit/token/test_backends.py
@ -97,7 +97,7 @@ class TokenTests(object):
            # the cases of impersonation and therefore should not match the
            # token's user_id.
            data['access']['trust']['trustee_user_id'] = 'testuserid2'
-        data['token_version'] = provider.V2
+        data['token_version'] = provider.V3
        # Issue token stores a copy of all token data at token['token_data'].
        # This emulates that assumption as part of the test.
        data['token_data'] = copy.deepcopy(data)
--- a/keystone/token/provider.py
+++ b/keystone/token/provider.py
@ -45,7 +45,6 @@ MEMOIZE_TOKENS = cache.get_memoization_decorator(
 UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException

 # supported token versions
-V2 = token_model.V2
 V3 = token_model.V3
 VERSIONS = token_model.VERSIONS

@ -62,7 +61,6 @@ class Manager(manager.Manager):

    driver_namespace = 'keystone.token.provider'

-    V2 = V2
    V3 = V3
    VERSIONS = VERSIONS
    INVALIDATE_PROJECT_TOKEN_PERSISTENCE = 'invalidate_project_tokens'
@ -131,16 +129,6 @@ class Manager(manager.Manager):
            except exception.TokenNotFound:
                six.reraise(*exc_info)

-    def check_revocation_v2(self, token):
-        try:
-            token_data = token['access']
-        except KeyError:
-            raise exception.TokenNotFound(_('Failed to validate token'))
-
-        token_values = self.revoke_api.model.build_token_values_v2(
-            token_data, CONF.identity.default_domain_id)
-        self.revoke_api.check_token(token_values)
-
    def check_revocation_v3(self, token):
        try:
            token_data = token['token']
@ -150,11 +138,7 @@ class Manager(manager.Manager):
        self.revoke_api.check_token(token_values)

    def check_revocation(self, token):
-        version = self.get_token_version(token)
-        if version == V2:
-            return self.check_revocation_v2(token)
-        else:
-            return self.check_revocation_v3(token)
+        return self.check_revocation_v3(token)

    def validate_token(self, token_id, window_seconds=0):
        if not token_id: