diff options
author | DUVAL Thomas <thomas.duval@orange.com> | 2016-06-09 09:11:50 +0200 |
---|---|---|
committer | DUVAL Thomas <thomas.duval@orange.com> | 2016-06-09 09:11:50 +0200 |
commit | 2e7b4f2027a1147ca28301e4f88adf8274b39a1f (patch) | |
tree | 8b8d94001ebe6cc34106cf813b538911a8d66d9a /keystone-moon/keystone/contrib/revoke | |
parent | a33bdcb627102a01244630a54cb4b5066b385a6a (diff) |
Update Keystone core to Mitaka.
Change-Id: Ia10d6add16f4a9d25d1f42d420661c46332e69db
Diffstat (limited to 'keystone-moon/keystone/contrib/revoke')
5 files changed, 28 insertions, 145 deletions
diff --git a/keystone-moon/keystone/contrib/revoke/__init__.py b/keystone-moon/keystone/contrib/revoke/__init__.py index 58ba68db..e69de29b 100644 --- a/keystone-moon/keystone/contrib/revoke/__init__.py +++ b/keystone-moon/keystone/contrib/revoke/__init__.py @@ -1,13 +0,0 @@ -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from keystone.contrib.revoke.core import * # noqa diff --git a/keystone-moon/keystone/contrib/revoke/backends/sql.py b/keystone-moon/keystone/contrib/revoke/backends/sql.py index 82e05194..0bf493ae 100644 --- a/keystone-moon/keystone/contrib/revoke/backends/sql.py +++ b/keystone-moon/keystone/contrib/revoke/backends/sql.py @@ -10,95 +10,19 @@ # License for the specific language governing permissions and limitations # under the License. -import uuid +from oslo_log import versionutils -from keystone.common import sql -from keystone.contrib import revoke -from keystone.contrib.revoke import model +from keystone.revoke.backends import sql -class RevocationEvent(sql.ModelBase, sql.ModelDictMixin): - __tablename__ = 'revocation_event' - attributes = model.REVOKE_KEYS +_OLD = "keystone.contrib.revoke.backends.sql.Revoke" +_NEW = "sql" - # The id field is not going to be exposed to the outside world. - # It is, however, necessary for SQLAlchemy. - id = sql.Column(sql.String(64), primary_key=True) - domain_id = sql.Column(sql.String(64)) - project_id = sql.Column(sql.String(64)) - user_id = sql.Column(sql.String(64)) - role_id = sql.Column(sql.String(64)) - trust_id = sql.Column(sql.String(64)) - consumer_id = sql.Column(sql.String(64)) - access_token_id = sql.Column(sql.String(64)) - issued_before = sql.Column(sql.DateTime(), nullable=False) - expires_at = sql.Column(sql.DateTime()) - revoked_at = sql.Column(sql.DateTime(), nullable=False, index=True) - audit_id = sql.Column(sql.String(32)) - audit_chain_id = sql.Column(sql.String(32)) +class Revoke(sql.Revoke): -class Revoke(revoke.RevokeDriverV8): - def _flush_batch_size(self, dialect): - batch_size = 0 - if dialect == 'ibm_db_sa': - # This functionality is limited to DB2, because - # it is necessary to prevent the transaction log - # from filling up, whereas at least some of the - # other supported databases do not support update - # queries with LIMIT subqueries nor do they appear - # to require the use of such queries when deleting - # large numbers of records at once. - batch_size = 100 - # Limit of 100 is known to not fill a transaction log - # of default maximum size while not significantly - # impacting the performance of large token purges on - # systems where the maximum transaction log size has - # been increased beyond the default. - return batch_size - - def _prune_expired_events(self): - oldest = revoke.revoked_before_cutoff_time() - - session = sql.get_session() - dialect = session.bind.dialect.name - batch_size = self._flush_batch_size(dialect) - if batch_size > 0: - query = session.query(RevocationEvent.id) - query = query.filter(RevocationEvent.revoked_at < oldest) - query = query.limit(batch_size).subquery() - delete_query = (session.query(RevocationEvent). - filter(RevocationEvent.id.in_(query))) - while True: - rowcount = delete_query.delete(synchronize_session=False) - if rowcount == 0: - break - else: - query = session.query(RevocationEvent) - query = query.filter(RevocationEvent.revoked_at < oldest) - query.delete(synchronize_session=False) - - session.flush() - - def list_events(self, last_fetch=None): - session = sql.get_session() - query = session.query(RevocationEvent).order_by( - RevocationEvent.revoked_at) - - if last_fetch: - query = query.filter(RevocationEvent.revoked_at > last_fetch) - - events = [model.RevokeEvent(**e.to_dict()) for e in query] - - return events - - def revoke(self, event): - kwargs = dict() - for attr in model.REVOKE_KEYS: - kwargs[attr] = getattr(event, attr) - kwargs['id'] = uuid.uuid4().hex - record = RevocationEvent(**kwargs) - session = sql.get_session() - with session.begin(): - session.add(record) - self._prune_expired_events() + @versionutils.deprecated(versionutils.deprecated.MITAKA, + in_favor_of=_NEW, + what=_OLD) + def __init__(self, *args, **kwargs): + super(Revoke, self).__init__(*args, **kwargs) diff --git a/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/001_revoke_table.py b/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/001_revoke_table.py index 8b59010e..81c535e1 100644 --- a/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/001_revoke_table.py +++ b/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/001_revoke_table.py @@ -10,27 +10,8 @@ # License for the specific language governing permissions and limitations # under the License. -import sqlalchemy as sql +from keystone import exception def upgrade(migrate_engine): - # Upgrade operations go here. Don't create your own engine; bind - # migrate_engine to your metadata - meta = sql.MetaData() - meta.bind = migrate_engine - - service_table = sql.Table( - 'revocation_event', - meta, - sql.Column('id', sql.String(64), primary_key=True), - sql.Column('domain_id', sql.String(64)), - sql.Column('project_id', sql.String(64)), - sql.Column('user_id', sql.String(64)), - sql.Column('role_id', sql.String(64)), - sql.Column('trust_id', sql.String(64)), - sql.Column('consumer_id', sql.String(64)), - sql.Column('access_token_id', sql.String(64)), - sql.Column('issued_before', sql.DateTime(), nullable=False), - sql.Column('expires_at', sql.DateTime()), - sql.Column('revoked_at', sql.DateTime(), index=True, nullable=False)) - service_table.create(migrate_engine, checkfirst=True) + raise exception.MigrationMovedFailure(extension='revoke') diff --git a/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/002_add_audit_id_and_chain_to_revoke_table.py b/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/002_add_audit_id_and_chain_to_revoke_table.py index b6d821d7..81c535e1 100644 --- a/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/002_add_audit_id_and_chain_to_revoke_table.py +++ b/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/002_add_audit_id_and_chain_to_revoke_table.py @@ -10,19 +10,8 @@ # License for the specific language governing permissions and limitations # under the License. -import sqlalchemy as sql - - -_TABLE_NAME = 'revocation_event' +from keystone import exception def upgrade(migrate_engine): - meta = sql.MetaData() - meta.bind = migrate_engine - - event_table = sql.Table(_TABLE_NAME, meta, autoload=True) - audit_id_column = sql.Column('audit_id', sql.String(32), nullable=True) - audit_chain_column = sql.Column('audit_chain_id', sql.String(32), - nullable=True) - event_table.create_column(audit_id_column) - event_table.create_column(audit_chain_column) + raise exception.MigrationMovedFailure(extension='revoke') diff --git a/keystone-moon/keystone/contrib/revoke/routers.py b/keystone-moon/keystone/contrib/revoke/routers.py index 4d2edfc0..a44c6194 100644 --- a/keystone-moon/keystone/contrib/revoke/routers.py +++ b/keystone-moon/keystone/contrib/revoke/routers.py @@ -10,20 +10,22 @@ # License for the specific language governing permissions and limitations # under the License. -from keystone.common import json_home +from oslo_log import log +from oslo_log import versionutils + from keystone.common import wsgi -from keystone.contrib.revoke import controllers +from keystone.i18n import _ + +LOG = log.getLogger(__name__) -class RevokeExtension(wsgi.V3ExtensionRouter): - PATH_PREFIX = '/OS-REVOKE' +class RevokeExtension(wsgi.Middleware): - def add_routes(self, mapper): - revoke_controller = controllers.RevokeController() - self._add_resource( - mapper, revoke_controller, - path=self.PATH_PREFIX + '/events', - get_action='list_revoke_events', - rel=json_home.build_v3_extension_resource_relation( - 'OS-REVOKE', '1.0', 'events')) + def __init__(self, *args, **kwargs): + super(RevokeExtension, self).__init__(*args, **kwargs) + msg = _("Remove revoke_extension from the paste pipeline, the " + "revoke extension is now always available. Update the " + "[pipeline:api_v3] section in keystone-paste.ini accordingly, " + "as it will be removed in the O release.") + versionutils.report_deprecated_feature(LOG, msg) |