diff options
Diffstat (limited to 'keystone-moon/keystone/contrib/revoke/backends')
-rw-r--r-- | keystone-moon/keystone/contrib/revoke/backends/kvs.py | 33 | ||||
-rw-r--r-- | keystone-moon/keystone/contrib/revoke/backends/sql.py | 4 |
2 files changed, 19 insertions, 18 deletions
diff --git a/keystone-moon/keystone/contrib/revoke/backends/kvs.py b/keystone-moon/keystone/contrib/revoke/backends/kvs.py index cc41fbee..349ed6e3 100644 --- a/keystone-moon/keystone/contrib/revoke/backends/kvs.py +++ b/keystone-moon/keystone/contrib/revoke/backends/kvs.py @@ -13,12 +13,12 @@ import datetime from oslo_config import cfg +from oslo_log import versionutils from oslo_utils import timeutils from keystone.common import kvs from keystone.contrib import revoke from keystone import exception -from keystone.openstack.common import versionutils CONF = cfg.CONF @@ -45,29 +45,30 @@ class Revoke(revoke.Driver): except exception.NotFound: return [] - def _prune_expired_events_and_get(self, last_fetch=None, new_event=None): - pruned = [] + def list_events(self, last_fetch=None): results = [] + + with self._store.get_lock(_EVENT_KEY): + events = self._list_events() + + for event in events: + revoked_at = event.revoked_at + if last_fetch is None or revoked_at > last_fetch: + results.append(event) + return results + + def revoke(self, event): + pruned = [] expire_delta = datetime.timedelta(seconds=CONF.token.expiration) oldest = timeutils.utcnow() - expire_delta - # TODO(ayoung): Store the time of the oldest event so that the - # prune process can be skipped if none of the events have timed out. + with self._store.get_lock(_EVENT_KEY) as lock: events = self._list_events() - if new_event is not None: - events.append(new_event) + if event: + events.append(event) for event in events: revoked_at = event.revoked_at if revoked_at > oldest: pruned.append(event) - if last_fetch is None or revoked_at > last_fetch: - results.append(event) self._store.set(_EVENT_KEY, pruned, lock) - return results - - def list_events(self, last_fetch=None): - return self._prune_expired_events_and_get(last_fetch=last_fetch) - - def revoke(self, event): - self._prune_expired_events_and_get(new_event=event) diff --git a/keystone-moon/keystone/contrib/revoke/backends/sql.py b/keystone-moon/keystone/contrib/revoke/backends/sql.py index 1b0cde1e..dd7fdd19 100644 --- a/keystone-moon/keystone/contrib/revoke/backends/sql.py +++ b/keystone-moon/keystone/contrib/revoke/backends/sql.py @@ -33,7 +33,7 @@ class RevocationEvent(sql.ModelBase, sql.ModelDictMixin): access_token_id = sql.Column(sql.String(64)) issued_before = sql.Column(sql.DateTime(), nullable=False) expires_at = sql.Column(sql.DateTime()) - revoked_at = sql.Column(sql.DateTime(), nullable=False) + revoked_at = sql.Column(sql.DateTime(), nullable=False, index=True) audit_id = sql.Column(sql.String(32)) audit_chain_id = sql.Column(sql.String(32)) @@ -81,7 +81,6 @@ class Revoke(revoke.Driver): session.flush() def list_events(self, last_fetch=None): - self._prune_expired_events() session = sql.get_session() query = session.query(RevocationEvent).order_by( RevocationEvent.revoked_at) @@ -102,3 +101,4 @@ class Revoke(revoke.Driver): session = sql.get_session() with session.begin(): session.add(record) + self._prune_expired_events() |