keystone.token.persistence package¶

Subpackages¶

Submodules¶

keystone.token.persistence.core module¶

Main entry point into the Token Persistence service.

class keystone.token.persistence.core.Manager(*args, **kwargs)[source]¶

Bases: object

The token_api provider.

This class is a proxy class to the token_provider_api’s persistence manager.

class keystone.token.persistence.core.PersistenceManager(*args, **kwargs)[source]¶

Bases: keystone.common.manager.Manager

Default pivot point for the Token Persistence backend.

See keystone.common.manager.Manager for more details on how this dynamically calls the backend.

create_token(*args, **kwargs)[source]¶

delete_token(*args, **kwargs)[source]¶

delete_tokens(*args, **kwargs)[source]¶

delete_tokens_for_domain(*args, **kwargs)[source]¶

Delete all tokens for a given domain.

It will delete all the project-scoped tokens for the projects that are owned by the given domain, as well as any tokens issued to users that are owned by this domain.

However, deletion of domain_scoped tokens will still need to be implemented as stated in TODO below.

delete_tokens_for_user(*args, **kwargs)[source]¶

Delete all tokens for a given user or user-project combination.

This method adds in the extra logic for handling trust-scoped token revocations in a single call instead of needing to explicitly handle trusts in the caller’s logic.

delete_tokens_for_users(*args, **kwargs)[source]¶

Delete all tokens for a list of user_ids.

Parameters:	user_ids – list of user identifiers project_id – optional project identifier

driver_namespace = ‘keystone.token.persistence’¶

get_token(*args, **kwargs)[source]¶

invalidate_revocation_list(*args, **kwargs)[source]¶

list_revoked_tokens(*args, **kwargs)[source]¶

class keystone.token.persistence.core.TokenDriverBase[source]¶

Bases: object

Interface description for a Token driver.

create_token(token_id, data)[source]¶

Create a token by id and data.

Parameters:	token_id (string) – identity of the token data – dictionary with additional reference information

{
    expires=''
    id=token_id,
    user=user_ref,
    tenant=tenant_ref,
}

Returns:	token_ref or None.

delete_token(token_id)[source]¶

Delete a token by id.

Parameters:	token_id (string) – identity of the token
Returns:	None.
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

delete_tokens(user_id, tenant_id=None, trust_id=None, consumer_id=None)[source]¶

Delete tokens by user.

If the tenant_id is not None, only delete the tokens by user id under the specified tenant.

If the trust_id is not None, it will be used to query tokens and the user_id will be ignored.

If the consumer_id is not None, only delete the tokens by consumer id that match the specified consumer id.

Parameters:	user_id (string) – identity of user tenant_id (string) – identity of the tenant trust_id (string) – identity of the trust consumer_id (string) – identity of the consumer
Returns:	The tokens that have been deleted.
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

flush_expired_tokens()[source]¶

Archive or delete tokens that have expired.

get_token(token_id)[source]¶

Get a token by id.

Parameters:	token_id (string) – identity of the token
Returns:	token_ref
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

list_revoked_tokens()[source]¶

Return a list of all revoked tokens.

Returns:	list of token_id’s

Module contents¶

class keystone.token.persistence.Manager(*args, **kwargs)[source]¶

Bases: object

The token_api provider.

This class is a proxy class to the token_provider_api’s persistence manager.

class keystone.token.persistence.TokenDriverBase[source]¶

Bases: object

Interface description for a Token driver.

create_token(token_id, data)[source]¶

Create a token by id and data.

Parameters:	token_id (string) – identity of the token data – dictionary with additional reference information

{
    expires=''
    id=token_id,
    user=user_ref,
    tenant=tenant_ref,
}

Returns:	token_ref or None.

delete_token(token_id)[source]¶

Delete a token by id.

Parameters:	token_id (string) – identity of the token
Returns:	None.
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

delete_tokens(user_id, tenant_id=None, trust_id=None, consumer_id=None)[source]¶

Delete tokens by user.

If the tenant_id is not None, only delete the tokens by user id under the specified tenant.

If the trust_id is not None, it will be used to query tokens and the user_id will be ignored.

If the consumer_id is not None, only delete the tokens by consumer id that match the specified consumer id.

Parameters:	user_id (string) – identity of user tenant_id (string) – identity of the tenant trust_id (string) – identity of the trust consumer_id (string) – identity of the consumer
Returns:	The tokens that have been deleted.
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

flush_expired_tokens()[source]¶

Archive or delete tokens that have expired.

get_token(token_id)[source]¶

Get a token by id.

Parameters:	token_id (string) – identity of the token
Returns:	token_ref
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

list_revoked_tokens()[source]¶

Return a list of all revoked tokens.

Returns:	list of token_id’s