aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/contrib/revoke
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/contrib/revoke')
-rw-r--r--keystone-moon/keystone/contrib/revoke/__init__.py13
-rw-r--r--keystone-moon/keystone/contrib/revoke/backends/sql.py96
-rw-r--r--keystone-moon/keystone/contrib/revoke/migrate_repo/versions/001_revoke_table.py23
-rw-r--r--keystone-moon/keystone/contrib/revoke/migrate_repo/versions/002_add_audit_id_and_chain_to_revoke_table.py15
-rw-r--r--keystone-moon/keystone/contrib/revoke/routers.py26
5 files changed, 28 insertions, 145 deletions
diff --git a/keystone-moon/keystone/contrib/revoke/__init__.py b/keystone-moon/keystone/contrib/revoke/__init__.py
index 58ba68db..e69de29b 100644
--- a/keystone-moon/keystone/contrib/revoke/__init__.py
+++ b/keystone-moon/keystone/contrib/revoke/__init__.py
@@ -1,13 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from keystone.contrib.revoke.core import * # noqa
diff --git a/keystone-moon/keystone/contrib/revoke/backends/sql.py b/keystone-moon/keystone/contrib/revoke/backends/sql.py
index 82e05194..0bf493ae 100644
--- a/keystone-moon/keystone/contrib/revoke/backends/sql.py
+++ b/keystone-moon/keystone/contrib/revoke/backends/sql.py
@@ -10,95 +10,19 @@
# License for the specific language governing permissions and limitations
# under the License.
-import uuid
+from oslo_log import versionutils
-from keystone.common import sql
-from keystone.contrib import revoke
-from keystone.contrib.revoke import model
+from keystone.revoke.backends import sql
-class RevocationEvent(sql.ModelBase, sql.ModelDictMixin):
- __tablename__ = 'revocation_event'
- attributes = model.REVOKE_KEYS
+_OLD = "keystone.contrib.revoke.backends.sql.Revoke"
+_NEW = "sql"
- # The id field is not going to be exposed to the outside world.
- # It is, however, necessary for SQLAlchemy.
- id = sql.Column(sql.String(64), primary_key=True)
- domain_id = sql.Column(sql.String(64))
- project_id = sql.Column(sql.String(64))
- user_id = sql.Column(sql.String(64))
- role_id = sql.Column(sql.String(64))
- trust_id = sql.Column(sql.String(64))
- consumer_id = sql.Column(sql.String(64))
- access_token_id = sql.Column(sql.String(64))
- issued_before = sql.Column(sql.DateTime(), nullable=False)
- expires_at = sql.Column(sql.DateTime())
- revoked_at = sql.Column(sql.DateTime(), nullable=False, index=True)
- audit_id = sql.Column(sql.String(32))
- audit_chain_id = sql.Column(sql.String(32))
+class Revoke(sql.Revoke):
-class Revoke(revoke.RevokeDriverV8):
- def _flush_batch_size(self, dialect):
- batch_size = 0
- if dialect == 'ibm_db_sa':
- # This functionality is limited to DB2, because
- # it is necessary to prevent the transaction log
- # from filling up, whereas at least some of the
- # other supported databases do not support update
- # queries with LIMIT subqueries nor do they appear
- # to require the use of such queries when deleting
- # large numbers of records at once.
- batch_size = 100
- # Limit of 100 is known to not fill a transaction log
- # of default maximum size while not significantly
- # impacting the performance of large token purges on
- # systems where the maximum transaction log size has
- # been increased beyond the default.
- return batch_size
-
- def _prune_expired_events(self):
- oldest = revoke.revoked_before_cutoff_time()
-
- session = sql.get_session()
- dialect = session.bind.dialect.name
- batch_size = self._flush_batch_size(dialect)
- if batch_size > 0:
- query = session.query(RevocationEvent.id)
- query = query.filter(RevocationEvent.revoked_at < oldest)
- query = query.limit(batch_size).subquery()
- delete_query = (session.query(RevocationEvent).
- filter(RevocationEvent.id.in_(query)))
- while True:
- rowcount = delete_query.delete(synchronize_session=False)
- if rowcount == 0:
- break
- else:
- query = session.query(RevocationEvent)
- query = query.filter(RevocationEvent.revoked_at < oldest)
- query.delete(synchronize_session=False)
-
- session.flush()
-
- def list_events(self, last_fetch=None):
- session = sql.get_session()
- query = session.query(RevocationEvent).order_by(
- RevocationEvent.revoked_at)
-
- if last_fetch:
- query = query.filter(RevocationEvent.revoked_at > last_fetch)
-
- events = [model.RevokeEvent(**e.to_dict()) for e in query]
-
- return events
-
- def revoke(self, event):
- kwargs = dict()
- for attr in model.REVOKE_KEYS:
- kwargs[attr] = getattr(event, attr)
- kwargs['id'] = uuid.uuid4().hex
- record = RevocationEvent(**kwargs)
- session = sql.get_session()
- with session.begin():
- session.add(record)
- self._prune_expired_events()
+ @versionutils.deprecated(versionutils.deprecated.MITAKA,
+ in_favor_of=_NEW,
+ what=_OLD)
+ def __init__(self, *args, **kwargs):
+ super(Revoke, self).__init__(*args, **kwargs)
diff --git a/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/001_revoke_table.py b/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/001_revoke_table.py
index 8b59010e..81c535e1 100644
--- a/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/001_revoke_table.py
+++ b/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/001_revoke_table.py
@@ -10,27 +10,8 @@
# License for the specific language governing permissions and limitations
# under the License.
-import sqlalchemy as sql
+from keystone import exception
def upgrade(migrate_engine):
- # Upgrade operations go here. Don't create your own engine; bind
- # migrate_engine to your metadata
- meta = sql.MetaData()
- meta.bind = migrate_engine
-
- service_table = sql.Table(
- 'revocation_event',
- meta,
- sql.Column('id', sql.String(64), primary_key=True),
- sql.Column('domain_id', sql.String(64)),
- sql.Column('project_id', sql.String(64)),
- sql.Column('user_id', sql.String(64)),
- sql.Column('role_id', sql.String(64)),
- sql.Column('trust_id', sql.String(64)),
- sql.Column('consumer_id', sql.String(64)),
- sql.Column('access_token_id', sql.String(64)),
- sql.Column('issued_before', sql.DateTime(), nullable=False),
- sql.Column('expires_at', sql.DateTime()),
- sql.Column('revoked_at', sql.DateTime(), index=True, nullable=False))
- service_table.create(migrate_engine, checkfirst=True)
+ raise exception.MigrationMovedFailure(extension='revoke')
diff --git a/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/002_add_audit_id_and_chain_to_revoke_table.py b/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/002_add_audit_id_and_chain_to_revoke_table.py
index b6d821d7..81c535e1 100644
--- a/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/002_add_audit_id_and_chain_to_revoke_table.py
+++ b/keystone-moon/keystone/contrib/revoke/migrate_repo/versions/002_add_audit_id_and_chain_to_revoke_table.py
@@ -10,19 +10,8 @@
# License for the specific language governing permissions and limitations
# under the License.
-import sqlalchemy as sql
-
-
-_TABLE_NAME = 'revocation_event'
+from keystone import exception
def upgrade(migrate_engine):
- meta = sql.MetaData()
- meta.bind = migrate_engine
-
- event_table = sql.Table(_TABLE_NAME, meta, autoload=True)
- audit_id_column = sql.Column('audit_id', sql.String(32), nullable=True)
- audit_chain_column = sql.Column('audit_chain_id', sql.String(32),
- nullable=True)
- event_table.create_column(audit_id_column)
- event_table.create_column(audit_chain_column)
+ raise exception.MigrationMovedFailure(extension='revoke')
diff --git a/keystone-moon/keystone/contrib/revoke/routers.py b/keystone-moon/keystone/contrib/revoke/routers.py
index 4d2edfc0..a44c6194 100644
--- a/keystone-moon/keystone/contrib/revoke/routers.py
+++ b/keystone-moon/keystone/contrib/revoke/routers.py
@@ -10,20 +10,22 @@
# License for the specific language governing permissions and limitations
# under the License.
-from keystone.common import json_home
+from oslo_log import log
+from oslo_log import versionutils
+
from keystone.common import wsgi
-from keystone.contrib.revoke import controllers
+from keystone.i18n import _
+
+LOG = log.getLogger(__name__)
-class RevokeExtension(wsgi.V3ExtensionRouter):
- PATH_PREFIX = '/OS-REVOKE'
+class RevokeExtension(wsgi.Middleware):
- def add_routes(self, mapper):
- revoke_controller = controllers.RevokeController()
- self._add_resource(
- mapper, revoke_controller,
- path=self.PATH_PREFIX + '/events',
- get_action='list_revoke_events',
- rel=json_home.build_v3_extension_resource_relation(
- 'OS-REVOKE', '1.0', 'events'))
+ def __init__(self, *args, **kwargs):
+ super(RevokeExtension, self).__init__(*args, **kwargs)
+ msg = _("Remove revoke_extension from the paste pipeline, the "
+ "revoke extension is now always available. Update the "
+ "[pipeline:api_v3] section in keystone-paste.ini accordingly, "
+ "as it will be removed in the O release.")
+ versionutils.report_deprecated_feature(LOG, msg)