keystone.token.persistence package¶

Subpackages¶

keystone.token.persistence.backends package

Submodules¶

keystone.token.persistence.core module¶

Main entry point into the Token Persistence service.

class keystone.token.persistence.core.Manager(*args, **kwargs)[source]¶

Bases: object

The token_api provider.

This class is a proxy class to the token_provider_api’s persistence manager.

class keystone.token.persistence.core.PersistenceManager(*args, **kwargs)[source]¶

Bases: keystone.common.manager.Manager

Default pivot point for the Token Persistence backend.

See keystone.common.manager.Manager for more details on how this dynamically calls the backend.

create_token(*args, **kwargs)[source]¶

delete_token(*args, **kwargs)[source]¶

delete_tokens(*args, **kwargs)[source]¶

delete_tokens_for_domain(*args, **kwargs)[source]¶

Delete all tokens for a given domain.

It will delete all the project-scoped tokens for the projects that are owned by the given domain, as well as any tokens issued to users that are owned by this domain.

However, deletion of domain_scoped tokens will still need to be implemented as stated in TODO below.

delete_tokens_for_user(*args, **kwargs)[source]¶

Delete all tokens for a given user or user-project combination.

This method adds in the extra logic for handling trust-scoped token revocations in a single call instead of needing to explicitly handle trusts in the caller’s logic.

delete_tokens_for_users(*args, **kwargs)[source]¶

Delete all tokens for a list of user_ids.

Parameters:	user_ids – list of user identifiers project_id – optional project identifier

driver_namespace = ‘keystone.token.persistence’¶

get_token(*args, **kwargs)[source]¶

invalidate_revocation_list(*args, **kwargs)[source]¶

list_revoked_tokens(*args, **kwargs)[source]¶

class keystone.token.persistence.core.TokenDriverBase[source]¶

Bases: object

Interface description for a Token driver.

create_token(token_id, data)[source]¶

Create a token by id and data.

Parameters:	token_id (string) – identity of the token data – dictionary with additional reference information

{
    expires=''
    id=token_id,
    user=user_ref,
    tenant=tenant_ref,
}

Returns:	token_ref or None.

delete_token(token_id)[source]¶

Delete a token by id.

Parameters:	token_id (string) – identity of the token
Returns:	None.
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

delete_tokens(user_id, tenant_id=None, trust_id=None, consumer_id=None)[source]¶

Delete tokens by user.

If the tenant_id is not None, only delete the tokens by user id under the specified tenant.

If the trust_id is not None, it will be used to query tokens and the user_id will be ignored.

If the consumer_id is not None, only delete the tokens by consumer id that match the specified consumer id.

Parameters:	user_id (string) – identity of user tenant_id (string) – identity of the tenant trust_id (string) – identity of the trust consumer_id (string) – identity of the consumer
Returns:	The tokens that have been deleted.
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

flush_expired_tokens()[source]¶: Archive or delete tokens that have expired.

get_token(token_id)[source]¶

Get a token by id.

Parameters:	token_id (string) – identity of the token
Returns:	token_ref
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

list_revoked_tokens()[source]¶

Return a list of all revoked tokens.

Returns:	list of token_id’s

Module contents¶

class keystone.token.persistence.Manager(*args, **kwargs)[source]¶

Bases: object

The token_api provider.

This class is a proxy class to the token_provider_api’s persistence manager.

class keystone.token.persistence.TokenDriverBase[source]¶

Bases: object

Interface description for a Token driver.

create_token(token_id, data)[source]¶

Create a token by id and data.

Parameters:	token_id (string) – identity of the token data – dictionary with additional reference information

{
    expires=''
    id=token_id,
    user=user_ref,
    tenant=tenant_ref,
}

Returns:	token_ref or None.

delete_token(token_id)[source]¶

Delete a token by id.

Parameters:	token_id (string) – identity of the token
Returns:	None.
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

delete_tokens(user_id, tenant_id=None, trust_id=None, consumer_id=None)[source]¶

Delete tokens by user.

If the tenant_id is not None, only delete the tokens by user id under the specified tenant.

If the trust_id is not None, it will be used to query tokens and the user_id will be ignored.

If the consumer_id is not None, only delete the tokens by consumer id that match the specified consumer id.

Parameters:	user_id (string) – identity of user tenant_id (string) – identity of the tenant trust_id (string) – identity of the trust consumer_id (string) – identity of the consumer
Returns:	The tokens that have been deleted.
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

flush_expired_tokens()[source]¶: Archive or delete tokens that have expired.

get_token(token_id)[source]¶

Get a token by id.

Parameters:	token_id (string) – identity of the token
Returns:	token_ref
Raises:	keystone.exception.TokenNotFound – If the token doesn’t exist.

list_revoked_tokens()[source]¶

Return a list of all revoked tokens.

Returns:	list of token_id’s

OpenStack

keystone.token.persistence package¶

Subpackages¶

Submodules¶

keystone.token.persistence.core module¶

Module contents¶

Table Of Contents

Previous topic

Next topic

Project Source

This Page

OpenStack

keystone.token.persistence package¶

Subpackages¶

Submodules¶

keystone.token.persistence.core module¶

Module contents¶

Table Of Contents

Previous topic

Next topic

Project Source

This Page

Quick search