keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

core.py
Go to the documentation of this file.
1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
2 # not use this file except in compliance with the License. You may obtain
3 # a copy of the License at
4 #
5 # http://www.apache.org/licenses/LICENSE-2.0
6 #
7 # Unless required by applicable law or agreed to in writing, software
8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10 # License for the specific language governing permissions and limitations
11 # under the License.
12 
13 """Main entry point into the Revoke service."""
14 
15 from keystone.common import cache
16 from keystone.common import manager
17 import keystone.conf
18 from keystone import exception
19 from keystone.i18n import _
20 from keystone.models import revoke_model
21 from keystone import notifications
22 
23 
24 CONF = keystone.conf.CONF
25 
26 # This builds a discrete cache region dedicated to revoke events. The API can
27 # return a filtered list based upon last fetchtime. This is deprecated but
28 # must be maintained.
29 REVOKE_REGION = cache.create_region(name='revoke')
30 MEMOIZE = cache.get_memoization_decorator(
31  group='revoke',
32  region=REVOKE_REGION)
33 
34 
35 class Manager(manager.Manager):
36  """Default pivot point for the Revoke backend.
37 
38  Performs common logic for recording revocations.
39 
40  See :mod:`keystone.common.manager.Manager` for more details on
41  how this dynamically calls the backend.
42 
43  """
44 
45  driver_namespace = 'keystone.revoke'
46  _provides_api = 'revoke_api'
47 
48  def __init__(self):
49  super(Manager, self).__init__(CONF.revoke.driver)
50  self._register_listeners()
51  self.model = revoke_model
52 
53  @MEMOIZE
54  def _list_events(self, last_fetch):
55  return self.driver.list_events(last_fetch)
56 
57  def list_events(self, last_fetch=None):
58  return self._list_events(last_fetch)
59 
60  def _user_callback(self, service, resource_type, operation,
61  payload):
62  self.revoke_by_user(payload['resource_info'])
63 
64  def _project_callback(self, service, resource_type, operation,
65  payload):
66  self.revoke(
67  revoke_model.RevokeEvent(project_id=payload['resource_info']))
68 
69  def _trust_callback(self, service, resource_type, operation,
70  payload):
71  self.revoke(
72  revoke_model.RevokeEvent(trust_id=payload['resource_info']))
73 
74  def _consumer_callback(self, service, resource_type, operation,
75  payload):
76  self.revoke(
77  revoke_model.RevokeEvent(consumer_id=payload['resource_info']))
78 
80  callbacks = {
81  notifications.ACTIONS.deleted: [
82  ['OS-TRUST:trust', self._trust_callback],
83  ['OS-OAUTH1:consumer', self._consumer_callback],
84  ['user', self._user_callback],
85  ['project', self._project_callback],
86  ],
87  notifications.ACTIONS.disabled: [
88  ['user', self._user_callback]
89  ],
90  notifications.ACTIONS.internal: [
91  [notifications.PERSIST_REVOCATION_EVENT_FOR_USER,
92  self._user_callback],
93  ]
94  }
95 
96  for event, cb_info in callbacks.items():
97  for resource_type, callback_fns in cb_info:
98  notifications.register_event_callback(event, resource_type,
99  callback_fns)
100 
101  def revoke_by_user(self, user_id):
102  return self.revoke(revoke_model.RevokeEvent(user_id=user_id))
103 
104  def _assert_not_domain_and_project_scoped(self, domain_id=None,
105  project_id=None):
106  if domain_id is not None and project_id is not None:
107  msg = _('The revoke call must not have both domain_id and '
108  'project_id. This is a bug in the Keystone server. The '
109  'current request is aborted.')
110  raise exception.UnexpectedError(exception=msg)
111 
112  def revoke_by_audit_id(self, audit_id):
113  self.revoke(revoke_model.RevokeEvent(audit_id=audit_id))
114 
115  def revoke_by_audit_chain_id(self, audit_chain_id, project_id=None,
116  domain_id=None):
117 
118  self._assert_not_domain_and_project_scoped(domain_id=domain_id,
119  project_id=project_id)
120 
121  self.revoke(revoke_model.RevokeEvent(audit_chain_id=audit_chain_id,
122  domain_id=domain_id,
123  project_id=project_id))
124 
125  def check_token(self, token):
126  """Check the values from a token against the revocation list.
127 
128  :param token: dictionary of values from a token, normalized for
129  differences between v2 and v3. The checked values
130  are a subset of the attributes of model.TokenEvent
131 
132  :raises keystone.exception.TokenNotFound: If the token is invalid.
133 
134  """
135  if revoke_model.is_revoked(self.driver.list_events(token=token),
136  token):
137  raise exception.TokenNotFound(_('Failed to validate token'))
138 
139  def revoke(self, event):
140  self.driver.revoke(event)
141  REVOKE_REGION.invalidate()
keystone.revoke.core.Manager.revoke_by_audit_id
def revoke_by_audit_id(self, audit_id)
Definition: core.py:112
keystone.revoke.core.Manager._user_callback
def _user_callback(self, service, resource_type, operation, payload)
Definition: core.py:61
keystone.revoke.core.Manager.list_events
def list_events(self, last_fetch=None)
Definition: core.py:57
keystone.revoke.core.Manager.check_token
def check_token(self, token)
Definition: core.py:125
keystone.revoke.core.Manager.model
model
Definition: core.py:51
keystone.exception.UnexpectedError
Definition: exception.py:566
keystone.revoke.core.Manager._trust_callback
def _trust_callback(self, service, resource_type, operation, payload)
Definition: core.py:70
keystone.revoke.core.Manager._consumer_callback
def _consumer_callback(self, service, resource_type, operation, payload)
Definition: core.py:75
keystone.revoke.core.Manager.revoke_by_audit_chain_id
def revoke_by_audit_chain_id(self, audit_chain_id, project_id=None, domain_id=None)
Definition: core.py:116
keystone.revoke.core.Manager._project_callback
def _project_callback(self, service, resource_type, operation, payload)
Definition: core.py:65
keystone.revoke.core.Manager.revoke
def revoke(self, event)
Definition: core.py:139
keystone.revoke.core.Manager.revoke_by_user
def revoke_by_user(self, user_id)
Definition: core.py:101
keystone.exception.TokenNotFound
Definition: exception.py:465
keystone.revoke.core.Manager
Definition: core.py:35
keystone.revoke.core.Manager._assert_not_domain_and_project_scoped
def _assert_not_domain_and_project_scoped(self, domain_id=None, project_id=None)
Definition: core.py:105
keystone.conf
Definition: __init__.py:1
keystone.models
Definition: __init__.py:1
keystone.i18n._
_
Definition: i18n.py:29
keystone.common
Definition: __init__.py:1
keystone.i18n
Definition: i18n.py:1
keystone.revoke.core.Manager._register_listeners
def _register_listeners(self)
Definition: core.py:79
keystone.revoke.core.Manager.__init__
def __init__(self)
Definition: core.py:48
keystone.revoke.core.Manager._list_events
def _list_events(self, last_fetch)
Definition: core.py:54