diff options
| author |   asteroide <thomas.duval@orange.com> | 2015-09-01 16:03:26 +0200 |
|---|---|---|
| committer | asteroide <thomas.duval@orange.com> | 2015-09-01 16:04:53 +0200 |
| commit | 92fd2dbfb672d7b2b1cdfd5dd5cf89f7716b3e12 (patch) | |
| tree | 7ba22297042019e7363fa1d4ad26d1c32c5908c6 /keystone-moon/keystone/contrib/revoke/core.py | |
| parent | 26e753254f3e43399cc76e62892908b7742415e8 (diff) | |
Update Keystone code from official Github repository with branch Master on 09/01/2015.
Change-Id: I0ff6099e6e2580f87f502002a998bbfe12673498
Diffstat (limited to 'keystone-moon/keystone/contrib/revoke/core.py')
| -rw-r--r-- | keystone-moon/keystone/contrib/revoke/core.py | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/keystone-moon/keystone/contrib/revoke/core.py b/keystone-moon/keystone/contrib/revoke/core.py index c7335690..e1ab87c8 100644 --- a/keystone-moon/keystone/contrib/revoke/core.py +++ b/keystone-moon/keystone/contrib/revoke/core.py @@ -10,11 +10,14 @@ # License for the specific language governing permissions and limitations # under the License. +"""Main entry point into the Revoke service.""" + import abc import datetime from oslo_config import cfg from oslo_log import log +from oslo_log import versionutils from oslo_utils import timeutils import six @@ -26,7 +29,6 @@ from keystone.contrib.revoke import model from keystone import exception from keystone.i18n import _ from keystone import notifications -from keystone.openstack.common import versionutils CONF = cfg.CONF @@ -64,12 +66,17 @@ def revoked_before_cutoff_time(): @dependency.provider('revoke_api') class Manager(manager.Manager): - """Revoke API Manager. + """Default pivot point for the Revoke backend. Performs common logic for recording revocations. + See :mod:`keystone.common.manager.Manager` for more details on + how this dynamically calls the backend. + """ + driver_namespace = 'keystone.revoke' + def __init__(self): super(Manager, self).__init__(CONF.revoke.driver) self._register_listeners() @@ -109,11 +116,12 @@ class Manager(manager.Manager): self.revoke( model.RevokeEvent(access_token_id=payload['resource_info'])) - def _group_callback(self, service, resource_type, operation, payload): - user_ids = (u['id'] for u in self.identity_api.list_users_in_group( - payload['resource_info'])) - for uid in user_ids: - self.revoke(model.RevokeEvent(user_id=uid)) + def _role_assignment_callback(self, service, resource_type, operation, + payload): + info = payload['resource_info'] + self.revoke_by_grant(role_id=info['role_id'], user_id=info['user_id'], + domain_id=info.get('domain_id'), + project_id=info.get('project_id')) def _register_listeners(self): callbacks = { @@ -124,6 +132,7 @@ class Manager(manager.Manager): ['role', self._role_callback], ['user', self._user_callback], ['project', self._project_callback], + ['role_assignment', self._role_assignment_callback] ], notifications.ACTIONS.disabled: [ ['user', self._user_callback], @@ -136,7 +145,7 @@ class Manager(manager.Manager): ] } - for event, cb_info in six.iteritems(callbacks): + for event, cb_info in callbacks.items(): for resource_type, callback_fns in cb_info: notifications.register_event_callback(event, resource_type, callback_fns) |