Refactor: extract and rename unique_id method

The unique_id method wasn't using any instance variables so it
was very easy to extract. The extraction is important because
it starts to limit the dependencies between unrelated objects.

Change-Id: Id4fb9a0fe5a9b176a4b479a05e0edc77fb9058d4

keystone/token/persistence/core.py

@@ -27,6 +27,7 @@
 from keystone.common import manager
 from keystone import exception
 from keystone.i18n import _LW
+from keystone.token import utils
 
 
 CONF = cfg.CONF
@@ -62,7 +63,7 @@ def get_token(self, token_id):
             # context['token_id'] will in-fact be None. This also saves
             # a round-trip to the backend if we don't have a token_id.
             raise exception.TokenNotFound(token_id='')
-        unique_id = self.token_provider_api.unique_id(token_id)
+        unique_id = utils.generate_unique_id(token_id)
         token_ref = self._get_token(unique_id)
         # NOTE(morganfainberg): Lift expired checking to the manager, there is
         # no reason to make the drivers implement this check. With caching,
@@ -77,7 +78,7 @@ def _get_token(self, token_id):
         return self.driver.get_token(token_id)
 
     def create_token(self, token_id, data):
-        unique_id = self.token_provider_api.unique_id(token_id)
+        unique_id = utils.generate_unique_id(token_id)
         data_copy = copy.deepcopy(data)
         data_copy['id'] = unique_id
         ret = self.driver.create_token(unique_id, data_copy)
@@ -91,7 +92,7 @@ def create_token(self, token_id, data):
     def delete_token(self, token_id):
         if not CONF.token.revoke_by_id:
             return
-        unique_id = self.token_provider_api.unique_id(token_id)
+        unique_id = utils.generate_unique_id(token_id)
         self.driver.delete_token(unique_id)
         self._invalidate_individual_token_cache(unique_id)
         self.invalidate_revocation_list()
@@ -104,7 +105,7 @@ def delete_tokens(self, user_id, tenant_id=None, trust_id=None,
                                               consumer_id)
         self.driver.delete_tokens(user_id, tenant_id, trust_id, consumer_id)
         for token_id in token_list:
-            unique_id = self.token_provider_api.unique_id(token_id)
+            unique_id = utils.generate_unique_id(token_id)
             self._invalidate_individual_token_cache(unique_id)
         self.invalidate_revocation_list()
 

keystone/token/provider.py

@@ -20,7 +20,6 @@
 import sys
 import uuid
 
-from keystoneclient.common import cms
 from oslo_config import cfg
 from oslo_log import log
 from oslo_utils import timeutils
@@ -34,6 +33,7 @@
 from keystone.models import token_model
 from keystone import notifications
 from keystone.token import persistence
+from keystone.token import utils
 
 
 CONF = cfg.CONF
@@ -164,18 +164,6 @@ def _persistence(self):
             self._persistence_manager = persistence.PersistenceManager()
         return self._persistence_manager
 
-    def unique_id(self, token_id):
-        """Return a unique ID for a token.
-
-        The returned value is useful as the primary key of a database table,
-        memcache store, or other lookup table.
-
-        :returns: Given a PKI token, returns it's hashed value. Otherwise,
-                  returns the passed-in value (such as a UUID token ID or an
-                  existing hash).
-        """
-        return cms.cms_hash_token(token_id, mode=CONF.token.hash_algorithm)
-
     def _create_token(self, token_id, token_data):
         try:
             if isinstance(token_data['expires'], six.string_types):
@@ -192,7 +180,7 @@ def _create_token(self, token_id, token_data):
                 six.reraise(*exc_info)
 
     def validate_token(self, token_id, belongs_to=None):
-        unique_id = self.unique_id(token_id)
+        unique_id = utils.generate_unique_id(token_id)
         # NOTE(morganfainberg): Ensure we never use the long-form token_id
         # (PKI) as part of the cache_key.
         token = self._validate_token(unique_id)
@@ -211,7 +199,7 @@ def check_revocation_v2(self, token):
         self.revoke_api.check_token(token_values)
 
     def validate_v2_token(self, token_id, belongs_to=None):
-        unique_id = self.unique_id(token_id)
+        unique_id = utils.generate_unique_id(token_id)
         if self._needs_persistence:
             # NOTE(morganfainberg): Ensure we never use the long-form token_id
             # (PKI) as part of the cache_key.
@@ -239,7 +227,7 @@ def check_revocation(self, token):
             return self.check_revocation_v3(token)
 
     def validate_v3_token(self, token_id):
-        unique_id = self.unique_id(token_id)
+        unique_id = utils.generate_unique_id(token_id)
         # NOTE(lbragstad): Only go to persistent storage if we have a token to
         # fetch from the backend. If the Fernet token provider is being used
         # this step isn't necessary. The Fernet token reference is persisted in

keystone/token/utils.py

@@ -0,0 +1,27 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneclient.common import cms
+from oslo_config import cfg
+
+
+def generate_unique_id(token_id):
+    """Return a unique ID for a token.
+
+    The returned value is useful as the primary key of a database table,
+    memcache store, or other lookup table.
+
+    :returns: Given a PKI token, returns it's hashed value. Otherwise,
+              returns the passed-in value (such as a UUID token ID or an
+              existing hash).
+    """
+    return cms.cms_hash_token(token_id, mode=cfg.CONF.token.hash_algorithm)