aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/contrib/revoke/backends
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/contrib/revoke/backends')
-rw-r--r--keystone-moon/keystone/contrib/revoke/backends/kvs.py33
-rw-r--r--keystone-moon/keystone/contrib/revoke/backends/sql.py4
2 files changed, 19 insertions, 18 deletions
diff --git a/keystone-moon/keystone/contrib/revoke/backends/kvs.py b/keystone-moon/keystone/contrib/revoke/backends/kvs.py
index cc41fbee..349ed6e3 100644
--- a/keystone-moon/keystone/contrib/revoke/backends/kvs.py
+++ b/keystone-moon/keystone/contrib/revoke/backends/kvs.py
@@ -13,12 +13,12 @@
import datetime
from oslo_config import cfg
+from oslo_log import versionutils
from oslo_utils import timeutils
from keystone.common import kvs
from keystone.contrib import revoke
from keystone import exception
-from keystone.openstack.common import versionutils
CONF = cfg.CONF
@@ -45,29 +45,30 @@ class Revoke(revoke.Driver):
except exception.NotFound:
return []
- def _prune_expired_events_and_get(self, last_fetch=None, new_event=None):
- pruned = []
+ def list_events(self, last_fetch=None):
results = []
+
+ with self._store.get_lock(_EVENT_KEY):
+ events = self._list_events()
+
+ for event in events:
+ revoked_at = event.revoked_at
+ if last_fetch is None or revoked_at > last_fetch:
+ results.append(event)
+ return results
+
+ def revoke(self, event):
+ pruned = []
expire_delta = datetime.timedelta(seconds=CONF.token.expiration)
oldest = timeutils.utcnow() - expire_delta
- # TODO(ayoung): Store the time of the oldest event so that the
- # prune process can be skipped if none of the events have timed out.
+
with self._store.get_lock(_EVENT_KEY) as lock:
events = self._list_events()
- if new_event is not None:
- events.append(new_event)
+ if event:
+ events.append(event)
for event in events:
revoked_at = event.revoked_at
if revoked_at > oldest:
pruned.append(event)
- if last_fetch is None or revoked_at > last_fetch:
- results.append(event)
self._store.set(_EVENT_KEY, pruned, lock)
- return results
-
- def list_events(self, last_fetch=None):
- return self._prune_expired_events_and_get(last_fetch=last_fetch)
-
- def revoke(self, event):
- self._prune_expired_events_and_get(new_event=event)
diff --git a/keystone-moon/keystone/contrib/revoke/backends/sql.py b/keystone-moon/keystone/contrib/revoke/backends/sql.py
index 1b0cde1e..dd7fdd19 100644
--- a/keystone-moon/keystone/contrib/revoke/backends/sql.py
+++ b/keystone-moon/keystone/contrib/revoke/backends/sql.py
@@ -33,7 +33,7 @@ class RevocationEvent(sql.ModelBase, sql.ModelDictMixin):
access_token_id = sql.Column(sql.String(64))
issued_before = sql.Column(sql.DateTime(), nullable=False)
expires_at = sql.Column(sql.DateTime())
- revoked_at = sql.Column(sql.DateTime(), nullable=False)
+ revoked_at = sql.Column(sql.DateTime(), nullable=False, index=True)
audit_id = sql.Column(sql.String(32))
audit_chain_id = sql.Column(sql.String(32))
@@ -81,7 +81,6 @@ class Revoke(revoke.Driver):
session.flush()
def list_events(self, last_fetch=None):
- self._prune_expired_events()
session = sql.get_session()
query = session.query(RevocationEvent).order_by(
RevocationEvent.revoked_at)
@@ -102,3 +101,4 @@ class Revoke(revoke.Driver):
session = sql.get_session()
with session.begin():
session.add(record)
+ self._prune_expired_events()