summaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/token/persistence
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/token/persistence')
-rw-r--r--keystone-moon/keystone/token/persistence/__init__.py2
-rw-r--r--keystone-moon/keystone/token/persistence/backends/kvs.py13
-rw-r--r--keystone-moon/keystone/token/persistence/backends/sql.py4
-rw-r--r--keystone-moon/keystone/token/persistence/core.py28
4 files changed, 24 insertions, 23 deletions
diff --git a/keystone-moon/keystone/token/persistence/__init__.py b/keystone-moon/keystone/token/persistence/__init__.py
index 29ad5653..89ec875d 100644
--- a/keystone-moon/keystone/token/persistence/__init__.py
+++ b/keystone-moon/keystone/token/persistence/__init__.py
@@ -13,4 +13,4 @@
from keystone.token.persistence.core import * # noqa
-__all__ = ['Manager', 'Driver', 'backends']
+__all__ = ['Manager', 'Driver']
diff --git a/keystone-moon/keystone/token/persistence/backends/kvs.py b/keystone-moon/keystone/token/persistence/backends/kvs.py
index b4807bf1..1bd08a31 100644
--- a/keystone-moon/keystone/token/persistence/backends/kvs.py
+++ b/keystone-moon/keystone/token/persistence/backends/kvs.py
@@ -22,6 +22,7 @@ from oslo_utils import timeutils
import six
from keystone.common import kvs
+from keystone.common import utils
from keystone import exception
from keystone.i18n import _, _LE, _LW
from keystone import token
@@ -56,10 +57,8 @@ class Token(token.persistence.Driver):
# is instantiated.
LOG.warn(_LW('It is recommended to only use the base '
'key-value-store implementation for the token driver '
- 'for testing purposes. Please use '
- 'keystone.token.persistence.backends.memcache.Token '
- 'or keystone.token.persistence.backends.sql.Token '
- 'instead.'))
+ "for testing purposes. Please use 'memcache' or "
+ "'sql' instead."))
def _prefix_token_id(self, token_id):
return 'token-%s' % token_id.encode('utf-8')
@@ -108,7 +107,7 @@ class Token(token.persistence.Driver):
# concern about the backend, always store the value(s) in the
# index as the isotime (string) version so this is where the string is
# built.
- expires_str = timeutils.isotime(data_copy['expires'], subsecond=True)
+ expires_str = utils.isotime(data_copy['expires'], subsecond=True)
self._set_key(ptk, data_copy)
user_id = data['user']['id']
@@ -207,8 +206,8 @@ class Token(token.persistence.Driver):
'revocation list.'), data['id'])
return
- revoked_token_data['expires'] = timeutils.isotime(expires,
- subsecond=True)
+ revoked_token_data['expires'] = utils.isotime(expires,
+ subsecond=True)
revoked_token_data['id'] = data['id']
token_list = self._get_key_or_default(self.revocation_key, default=[])
diff --git a/keystone-moon/keystone/token/persistence/backends/sql.py b/keystone-moon/keystone/token/persistence/backends/sql.py
index fc70fb92..08c3a216 100644
--- a/keystone-moon/keystone/token/persistence/backends/sql.py
+++ b/keystone-moon/keystone/token/persistence/backends/sql.py
@@ -127,6 +127,7 @@ class Token(token.persistence.Driver):
"""
session = sql.get_session()
+ token_list = []
with session.begin():
now = timeutils.utcnow()
query = session.query(TokenModel)
@@ -148,6 +149,9 @@ class Token(token.persistence.Driver):
continue
token_ref.valid = False
+ token_list.append(token_ref.id)
+
+ return token_list
def _tenant_matches(self, tenant_id, token_ref_dict):
return ((tenant_id is None) or
diff --git a/keystone-moon/keystone/token/persistence/core.py b/keystone-moon/keystone/token/persistence/core.py
index 19f0df35..15a58085 100644
--- a/keystone-moon/keystone/token/persistence/core.py
+++ b/keystone-moon/keystone/token/persistence/core.py
@@ -12,7 +12,7 @@
# License for the specific language governing permissions and limitations
# under the License.
-"""Main entry point into the Token persistence service."""
+"""Main entry point into the Token Persistence service."""
import abc
import copy
@@ -27,6 +27,7 @@ from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _LW
+from keystone.token import utils
CONF = cfg.CONF
@@ -39,13 +40,15 @@ REVOCATION_MEMOIZE = cache.get_memoization_decorator(
@dependency.requires('assignment_api', 'identity_api', 'resource_api',
'token_provider_api', 'trust_api')
class PersistenceManager(manager.Manager):
- """Default pivot point for the Token backend.
+ """Default pivot point for the Token Persistence backend.
See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend.
"""
+ driver_namespace = 'keystone.token.persistence'
+
def __init__(self):
super(PersistenceManager, self).__init__(CONF.token.driver)
@@ -62,7 +65,7 @@ class PersistenceManager(manager.Manager):
# context['token_id'] will in-fact be None. This also saves
# a round-trip to the backend if we don't have a token_id.
raise exception.TokenNotFound(token_id='')
- unique_id = self.token_provider_api.unique_id(token_id)
+ unique_id = utils.generate_unique_id(token_id)
token_ref = self._get_token(unique_id)
# NOTE(morganfainberg): Lift expired checking to the manager, there is
# no reason to make the drivers implement this check. With caching,
@@ -77,7 +80,7 @@ class PersistenceManager(manager.Manager):
return self.driver.get_token(token_id)
def create_token(self, token_id, data):
- unique_id = self.token_provider_api.unique_id(token_id)
+ unique_id = utils.generate_unique_id(token_id)
data_copy = copy.deepcopy(data)
data_copy['id'] = unique_id
ret = self.driver.create_token(unique_id, data_copy)
@@ -91,7 +94,7 @@ class PersistenceManager(manager.Manager):
def delete_token(self, token_id):
if not CONF.token.revoke_by_id:
return
- unique_id = self.token_provider_api.unique_id(token_id)
+ unique_id = utils.generate_unique_id(token_id)
self.driver.delete_token(unique_id)
self._invalidate_individual_token_cache(unique_id)
self.invalidate_revocation_list()
@@ -100,11 +103,10 @@ class PersistenceManager(manager.Manager):
consumer_id=None):
if not CONF.token.revoke_by_id:
return
- token_list = self.driver._list_tokens(user_id, tenant_id, trust_id,
- consumer_id)
- self.driver.delete_tokens(user_id, tenant_id, trust_id, consumer_id)
+ token_list = self.driver.delete_tokens(user_id, tenant_id, trust_id,
+ consumer_id)
for token_id in token_list:
- unique_id = self.token_provider_api.unique_id(token_id)
+ unique_id = utils.generate_unique_id(token_id)
self._invalidate_individual_token_cache(unique_id)
self.invalidate_revocation_list()
@@ -196,11 +198,6 @@ class PersistenceManager(manager.Manager):
self.token_provider_api.invalidate_individual_token_cache(token_id)
-# NOTE(morganfainberg): @dependency.optional() is required here to ensure the
-# class-level optional dependency control attribute is populated as empty
-# this is because of the override of .__getattr__ and ensures that if the
-# optional dependency injector changes attributes, this class doesn't break.
-@dependency.optional()
@dependency.requires('token_provider_api')
@dependency.provider('token_api')
class Manager(object):
@@ -306,7 +303,7 @@ class Driver(object):
:type trust_id: string
:param consumer_id: identity of the consumer
:type consumer_id: string
- :returns: None.
+ :returns: The tokens that have been deleted.
:raises: keystone.exception.TokenNotFound
"""
@@ -322,6 +319,7 @@ class Driver(object):
self.delete_token(token)
except exception.NotFound:
pass
+ return token_list
@abc.abstractmethod
def _list_tokens(self, user_id, tenant_id=None, trust_id=None,