extracting user and trust ids into normalized fields

These fields are used for queries, and may need to be indexed Also moves the delete token for... functions into the base class for controllers. Removed the token API revoke token call as that needed access to other APIs. Logic was moved into the controller. Bug 1152801 Change-Id: I59c360fe5aef905dfa30cb55ee54ff1fbe64dc58
author: Adam Young <ayoung@redhat.com> 2013-03-08 21:19:25 -0500
committer: Adam Young <ayoung@redhat.com> 2013-03-15 15:21:36 -0400
commit: eb4dd4afbffaa15be0af70a317da7034ae28dfd6 (patch)
tree: 89f3b2b71b34b3627fe1d7893ad51578032f5afd /keystone/common/controller.py
parent: a79a7c1ddb6c7e3f71cc9791b318bdefbc1abeb8 (diff)
download: keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.tar.gz
keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.tar.xz
keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.zip
1 files changed, 31 insertions, 0 deletions
diff --git a/keystone/common/controller.py b/keystone/common/controller.py
index 09da9d7b..c7425ae8 100644
--- a/keystone/common/controller.py
+++ b/keystone/common/controller.py
@@ -153,6 +153,32 @@ def filterprotected(*filters):
 class V2Controller(wsgi.Application):
     """Base controller class for Identity API v2."""
 
+    def _delete_tokens_for_trust(self, context, user_id, trust_id):
+        try:
+            token_list = self.token_api.list_tokens(context, user_id,
+                                                    trust_id=trust_id)
+            for token in token_list:
+                self.token_api.delete_token(context, token)
+        except exception.NotFound:
+            pass
+
+    def _delete_tokens_for_user(self, context, user_id, project_id=None):
+        #First delete tokens that could get other tokens.
+        for token_id in self.token_api.list_tokens(context,
+                                                   user_id,
+                                                   tenant_id=project_id):
+            try:
+                self.token_api.delete_token(context, token_id)
+            except exception.NotFound:
+                pass
+        #delete tokens generated from trusts
+        for trust in self.trust_api.list_trusts_for_trustee(context, user_id):
+            self._delete_tokens_for_trust(context, user_id, trust['id'])
+        for trust in self.trust_api.list_trusts_for_trustor(context, user_id):
+            self._delete_tokens_for_trust(context,
+                                          trust['trustee_user_id'],
+                                          trust['id'])
+
     def _require_attribute(self, ref, attr):
         """Ensures the reference contains the specified attribute."""
         if ref.get(attr) is None or ref.get(attr) == '':
@@ -188,6 +214,11 @@ class V3Controller(V2Controller):
     collection_name = 'entities'
     member_name = 'entity'
 
+    def _delete_tokens_for_group(self, context, group_id):
+        user_refs = self.identity_api.list_users_in_group(context, group_id)
+        for user in user_refs:
+            self._delete_tokens_for_user(context, user['id'])
+
     @classmethod
     def base_url(cls, path=None):
         endpoint = CONF.public_endpoint % CONF
author	Adam Young <ayoung@redhat.com>	2013-03-08 21:19:25 -0500
committer	Adam Young <ayoung@redhat.com>	2013-03-15 15:21:36 -0400
commit	eb4dd4afbffaa15be0af70a317da7034ae28dfd6 (patch)
tree	89f3b2b71b34b3627fe1d7893ad51578032f5afd /keystone/common/controller.py
parent	a79a7c1ddb6c7e3f71cc9791b318bdefbc1abeb8 (diff)
download	keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.tar.gz keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.tar.xz keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.zip