diff options
author | Chmouel Boudjnah <chmouel@enovance.com> | 2013-08-02 10:12:03 +0200 |
---|---|---|
committer | Chmouel Boudjnah <chmouel@enovance.com> | 2013-08-15 17:59:57 +0100 |
commit | 74f788aa9da0dabf54bd1f4718f9c0e0b9726757 (patch) | |
tree | 1d7b0455c9b94f3a83ffe1854eaafc49abef9ddd /keystone/common/controller.py | |
parent | 14e090154c10001550127628c2728013f15d4256 (diff) | |
download | keystone-74f788aa9da0dabf54bd1f4718f9c0e0b9726757.tar.gz keystone-74f788aa9da0dabf54bd1f4718f9c0e0b9726757.tar.xz keystone-74f788aa9da0dabf54bd1f4718f9c0e0b9726757.zip |
Revoke user tokens when disabling/delete a project
- Revoke tokens scoped to all users from a project when disabling or
deleting the project.
- Tests provided by Dolph.
Closes-Bug: #1179955
Change-Id: I8ab4713d513b26ced6c37ed026cec9e2df78a5e9
Signed-off-by: Chmouel Boudjnah <chmouel@enovance.com>
Diffstat (limited to 'keystone/common/controller.py')
-rw-r--r-- | keystone/common/controller.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/keystone/common/controller.py b/keystone/common/controller.py index affc34de..0252bcdc 100644 --- a/keystone/common/controller.py +++ b/keystone/common/controller.py @@ -169,6 +169,10 @@ class V2Controller(wsgi.Application): self._delete_tokens_for_trust(trust['trustee_user_id'], trust['id']) + def _delete_tokens_for_project(self, project_id): + for user_ref in self.identity_api.get_project_users(project_id): + self._delete_tokens_for_user(user_ref['id'], project_id=project_id) + def _require_attribute(self, ref, attr): """Ensures the reference contains the specified attribute.""" if ref.get(attr) is None or ref.get(attr) == '': |