diff options
Diffstat (limited to 'keystone')
| -rw-r--r-- | keystone/cli.py | 13 | ||||
| -rw-r--r-- | keystone/token/backends/kvs.py | 6 | ||||
| -rw-r--r-- | keystone/token/backends/sql.py | 9 | ||||
| -rw-r--r-- | keystone/token/core.py | 5 |
4 files changed, 33 insertions, 0 deletions
diff --git a/keystone/cli.py b/keystone/cli.py index b635878e..dfa38c7f 100644 --- a/keystone/cli.py +++ b/keystone/cli.py @@ -26,6 +26,7 @@ from keystone import config from keystone.openstack.common import importutils from keystone.openstack.common import jsonutils from keystone.openstack.common import version +from keystone import token CONF = config.CONF @@ -111,6 +112,17 @@ class SSLSetup(BaseCertificateSetup): conf_ssl.run() +class TokenFlush(BaseApp): + """Flush expired tokens from the backend.""" + + name = 'token_flush' + + @classmethod + def main(cls): + token_manager = token.Manager() + token_manager.driver.flush_expired_tokens() + + class ImportLegacy(BaseApp): """Import a legacy database.""" @@ -173,6 +185,7 @@ CMDS = [ ImportNovaAuth, PKISetup, SSLSetup, + TokenFlush, ] diff --git a/keystone/token/backends/kvs.py b/keystone/token/backends/kvs.py index 361416b7..75c14eec 100644 --- a/keystone/token/backends/kvs.py +++ b/keystone/token/backends/kvs.py @@ -116,3 +116,9 @@ class Token(kvs.Base, token.Driver): record['expires'] = token_ref['expires'] tokens.append(record) return tokens + + def flush_expired_tokens(self): + now = timeutils.utcnow() + for token, token_ref in self.db.items(): + if self.is_expired(now, token_ref): + self.db.delete(token) diff --git a/keystone/token/backends/sql.py b/keystone/token/backends/sql.py index 2e68bdc9..ac567d7f 100644 --- a/keystone/token/backends/sql.py +++ b/keystone/token/backends/sql.py @@ -131,3 +131,12 @@ class Token(sql.Base, token.Driver): } tokens.append(record) return tokens + + def flush_expired_tokens(self): + session = self.get_session() + + query = session.query(TokenModel) + query = query.filter(TokenModel.expires < timeutils.utcnow()) + query.delete(synchronize_session=False) + + session.flush() diff --git a/keystone/token/core.py b/keystone/token/core.py index 5c3830da..5a47d027 100644 --- a/keystone/token/core.py +++ b/keystone/token/core.py @@ -187,3 +187,8 @@ class Driver(object): """ raise exception.NotImplemented() + + def flush_expired_tokens(self): + """Archive or delete tokens that have expired. + """ + raise exception.NotImplemented() |