Switch fernet to be the default token provider.
Make Fernet the default token provider in keystone. Co-Authored-By: Raildo Mascena <raildo@lsd.ufcg.edu.br> Co-Authored-By: Adam Young <ayoung@redhat.com> Depends-On: I3b819ae8d2924f3bece03902e05d1a8c5e5923f1 Depends-On: I7bb6c2fa1fe83b70cb147e6ca4c68bea3028706b Depends-On: Ia51f28a70ae099f1ec93851d271db8556aced836 Change-Id: I29b22be75525aed5c50b34dc343af36c9b94c18c Closes-Bug: 1561054
This commit is contained in:
parent
142e9e760a
commit
57cc1e332f
|
@ -428,18 +428,17 @@ The drivers keystone provides are:
|
|||
Token Provider
|
||||
--------------
|
||||
|
||||
Keystone supports customizable token provider and it is specified in the
|
||||
``[token]`` section of the configuration file. Keystone provides both UUID and
|
||||
PKI token providers. However, users may register their own token provider by
|
||||
configuring the following property.
|
||||
Keystone supports customizable token providers and it is specified in the
|
||||
``[token]`` section of the configuration file. Keystone provides a UUID and
|
||||
Fernet token provider. However, users may register their own token
|
||||
provider by configuring the following property.
|
||||
|
||||
* ``provider`` - token provider driver. Defaults to ``uuid``. Implemented by
|
||||
:class:`keystone.token.providers.uuid.Provider`
|
||||
* ``provider`` - token provider driver. Defaults to ``fernet``. Implemented by
|
||||
:class:`keystone.token.providers.fernet.Provider`
|
||||
|
||||
|
||||
UUID or Fernet?
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
Each token format uses different technologies to achieve various performance,
|
||||
scaling and architectural requirements.
|
||||
|
||||
|
|
|
@ -59,7 +59,7 @@ potential security impact of a compromised token.
|
|||
|
||||
provider = cfg.StrOpt(
|
||||
'provider',
|
||||
default='uuid',
|
||||
default='fernet',
|
||||
help=utils.fmt("""
|
||||
Entry point for the token provider in the `keystone.token.provider` namespace.
|
||||
The token provider controls the token construction, validation, and revocation
|
||||
|
|
|
@ -626,6 +626,13 @@ class TestCase(BaseTestCase):
|
|||
'keystone.notifications=INFO',
|
||||
'keystone.identity.backends.ldap.common=INFO',
|
||||
])
|
||||
self.useFixture(
|
||||
ksfixtures.KeyRepository(
|
||||
self.config_fixture,
|
||||
'fernet_tokens',
|
||||
CONF.fernet_tokens.max_active_keys
|
||||
)
|
||||
)
|
||||
|
||||
def _assert_config_overrides_called(self):
|
||||
assert self.__config_overrides_called is True
|
||||
|
|
|
@ -750,7 +750,7 @@ class TestTokenProvider(unit.TestCase):
|
|||
|
||||
dependency.reset()
|
||||
self.assertIsInstance(token.provider.Manager().driver,
|
||||
uuid.Provider)
|
||||
fernet.Provider)
|
||||
|
||||
dependency.reset()
|
||||
self.config_fixture.config(group='token', provider='uuid')
|
||||
|
|
Loading…
Reference in New Issue