66 lines
2.3 KiB
Python
66 lines
2.3 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import datetime
|
|
|
|
from keystone.common import kvs
|
|
from keystone import config
|
|
from keystone.contrib import revoke
|
|
from keystone import exception
|
|
from keystone.openstack.common import timeutils
|
|
|
|
|
|
CONF = config.CONF
|
|
|
|
_EVENT_KEY = 'os-revoke-events'
|
|
_KVS_BACKEND = 'openstack.kvs.Memory'
|
|
|
|
|
|
class Revoke(revoke.Driver):
|
|
def __init__(self, **kwargs):
|
|
super(Revoke, self).__init__()
|
|
self._store = kvs.get_key_value_store('os-revoke-driver')
|
|
self._store.configure(backing_store=_KVS_BACKEND, **kwargs)
|
|
|
|
def _get_event(self):
|
|
try:
|
|
return self._store.get(_EVENT_KEY)
|
|
except exception.NotFound:
|
|
return []
|
|
|
|
def _prune_expired_events_and_get(self, last_fetch=None, new_event=None):
|
|
pruned = []
|
|
results = []
|
|
expire_delta = datetime.timedelta(seconds=CONF.token.expiration)
|
|
oldest = timeutils.utcnow() - expire_delta
|
|
# TODO(ayoung): Store the time of the oldest event so that the
|
|
# prune process can be skipped if none of the events have timed out.
|
|
with self._store.get_lock(_EVENT_KEY) as lock:
|
|
events = self._get_event()
|
|
if new_event is not None:
|
|
events.append(new_event)
|
|
|
|
for event in events:
|
|
revoked_at = event.revoked_at
|
|
if revoked_at > oldest:
|
|
pruned.append(event)
|
|
if last_fetch is None or revoked_at > last_fetch:
|
|
results.append(event)
|
|
self._store.set(_EVENT_KEY, pruned, lock)
|
|
return results
|
|
|
|
def get_events(self, last_fetch=None):
|
|
return self._prune_expired_events_and_get(last_fetch=last_fetch)
|
|
|
|
def revoke(self, event):
|
|
self._prune_expired_events_and_get(new_event=event)
|