Implement Token Flush via keystone-manage.

Creates a cli entry 'token_flush' which removes all expired tokens.

Fixes: bug 1032633
Implements: blueprint keystone-manage-token-flush
Change-Id: I47eab99b577ff9e9ee74fee08e18fd07c4af5aad

3 files changed, 20 insertions, 0 deletions

diff --git a/keystone/token/backends/kvs.py b/keystone/token/backends/kvs.py
index 361416b7..75c14eec 100644
--- a/keystone/token/backends/kvs.py
+++ b/keystone/token/backends/kvs.py
@@ -116,3 +116,9 @@ class Token(kvs.Base, token.Driver):
             record['expires'] = token_ref['expires']
             tokens.append(record)
         return tokens
+
+    def flush_expired_tokens(self):
+        now = timeutils.utcnow()
+        for token, token_ref in self.db.items():
+            if self.is_expired(now, token_ref):
+                self.db.delete(token)
diff --git a/keystone/token/backends/sql.py b/keystone/token/backends/sql.py
index 2e68bdc9..ac567d7f 100644
--- a/keystone/token/backends/sql.py
+++ b/keystone/token/backends/sql.py
@@ -131,3 +131,12 @@ class Token(sql.Base, token.Driver):
             }
             tokens.append(record)
         return tokens
+
+    def flush_expired_tokens(self):
+        session = self.get_session()
+
+        query = session.query(TokenModel)
+        query = query.filter(TokenModel.expires < timeutils.utcnow())
+        query.delete(synchronize_session=False)
+
+        session.flush()
diff --git a/keystone/token/core.py b/keystone/token/core.py
index 5c3830da..5a47d027 100644
--- a/keystone/token/core.py
+++ b/keystone/token/core.py
@@ -187,3 +187,8 @@ class Driver(object):
 
         """
         raise exception.NotImplemented()
+
+    def flush_expired_tokens(self):
+        """Archive or delete tokens that have expired.
+        """
+        raise exception.NotImplemented()