diff options
author | Adam Young <ayoung@redhat.com> | 2013-03-08 21:19:25 -0500 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2013-03-15 15:21:36 -0400 |
commit | eb4dd4afbffaa15be0af70a317da7034ae28dfd6 (patch) | |
tree | 89f3b2b71b34b3627fe1d7893ad51578032f5afd /keystone/common/controller.py | |
parent | a79a7c1ddb6c7e3f71cc9791b318bdefbc1abeb8 (diff) | |
download | keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.tar.gz keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.tar.xz keystone-eb4dd4afbffaa15be0af70a317da7034ae28dfd6.zip |
extracting user and trust ids into normalized fields
These fields are used for queries, and may need to be indexed
Also moves the delete token for... functions into the base class
for controllers.
Removed the token API revoke token call as that needed access to other
APIs. Logic was moved into the controller.
Bug 1152801
Change-Id: I59c360fe5aef905dfa30cb55ee54ff1fbe64dc58
Diffstat (limited to 'keystone/common/controller.py')
-rw-r--r-- | keystone/common/controller.py | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/keystone/common/controller.py b/keystone/common/controller.py index 09da9d7b..c7425ae8 100644 --- a/keystone/common/controller.py +++ b/keystone/common/controller.py @@ -153,6 +153,32 @@ def filterprotected(*filters): class V2Controller(wsgi.Application): """Base controller class for Identity API v2.""" + def _delete_tokens_for_trust(self, context, user_id, trust_id): + try: + token_list = self.token_api.list_tokens(context, user_id, + trust_id=trust_id) + for token in token_list: + self.token_api.delete_token(context, token) + except exception.NotFound: + pass + + def _delete_tokens_for_user(self, context, user_id, project_id=None): + #First delete tokens that could get other tokens. + for token_id in self.token_api.list_tokens(context, + user_id, + tenant_id=project_id): + try: + self.token_api.delete_token(context, token_id) + except exception.NotFound: + pass + #delete tokens generated from trusts + for trust in self.trust_api.list_trusts_for_trustee(context, user_id): + self._delete_tokens_for_trust(context, user_id, trust['id']) + for trust in self.trust_api.list_trusts_for_trustor(context, user_id): + self._delete_tokens_for_trust(context, + trust['trustee_user_id'], + trust['id']) + def _require_attribute(self, ref, attr): """Ensures the reference contains the specified attribute.""" if ref.get(attr) is None or ref.get(attr) == '': @@ -188,6 +214,11 @@ class V3Controller(V2Controller): collection_name = 'entities' member_name = 'entity' + def _delete_tokens_for_group(self, context, group_id): + user_refs = self.identity_api.list_users_in_group(context, group_id) + for user in user_refs: + self._delete_tokens_for_user(context, user['id']) + @classmethod def base_url(cls, path=None): endpoint = CONF.public_endpoint % CONF |