Switch fernet to be the default token provider.

Make Fernet the default token provider in keystone. Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br> Co-Authored-By: Adam Young <ayoung@redhat.com> Depends-On: I3b819ae8d2924f3bece03902e05d1a8c5e5923f1 Depends-On: I7bb6c2fa1fe83b70cb147e6ca4c68bea3028706b Depends-On: Ia51f28a70ae099f1ec93851d271db8556aced836 Change-Id: I29b22be75525aed5c50b34dc343af36c9b94c18c Closes-Bug: 1561054
2016-07-21 21:54:18 +00:00 · 2016-07-21 21:54:18 +00:00 · 57cc1e332f
parent 142e9e760a
commit 57cc1e332f
4 changed files with 15 additions and 9 deletions
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@ -428,18 +428,17 @@ The drivers keystone provides are:
 Token Provider
 --------------

-Keystone supports customizable token provider and it is specified in the
-``[token]`` section of the configuration file. Keystone provides both UUID and
-PKI token providers. However, users may register their own token provider by
-configuring the following property.
+Keystone supports customizable token providers and it is specified in the
+``[token]`` section of the configuration file. Keystone provides a UUID and
+Fernet token provider. However, users may register their own token
+provider by configuring the following property.

-* ``provider`` - token provider driver. Defaults to ``uuid``. Implemented by
-  :class:`keystone.token.providers.uuid.Provider`
+* ``provider`` - token provider driver. Defaults to ``fernet``. Implemented by
+  :class:`keystone.token.providers.fernet.Provider`


 UUID or Fernet?
 ^^^^^^^^^^^^^^^
-
 Each token format uses different technologies to achieve various performance,
 scaling and architectural requirements.

--- a/keystone/conf/token.py
+++ b/keystone/conf/token.py
@ -59,7 +59,7 @@ potential security impact of a compromised token.

 provider = cfg.StrOpt(
    'provider',
-    default='uuid',
+    default='fernet',
    help=utils.fmt("""
 Entry point for the token provider in the `keystone.token.provider` namespace.
 The token provider controls the token construction, validation, and revocation
--- a/keystone/tests/unit/core.py
+++ b/keystone/tests/unit/core.py
@ -626,6 +626,13 @@ class TestCase(BaseTestCase):
                'keystone.notifications=INFO',
                'keystone.identity.backends.ldap.common=INFO',
            ])
+        self.useFixture(
+            ksfixtures.KeyRepository(
+                self.config_fixture,
+                'fernet_tokens',
+                CONF.fernet_tokens.max_active_keys
+            )
+        )

    def _assert_config_overrides_called(self):
        assert self.__config_overrides_called is True
--- a/keystone/tests/unit/test_token_provider.py
+++ b/keystone/tests/unit/test_token_provider.py
@ -750,7 +750,7 @@ class TestTokenProvider(unit.TestCase):

        dependency.reset()
        self.assertIsInstance(token.provider.Manager().driver,
-                              uuid.Provider)
+                              fernet.Provider)

        dependency.reset()
        self.config_fixture.config(group='token', provider='uuid')