keystone.token.persistence package

Submodules

keystone.token.persistence.core module

Main entry point into the Token Persistence service.

class keystone.token.persistence.core.Manager(*args, **kwargs)[source]

Bases: object

The token_api provider.

This class is a proxy class to the token_provider_api’s persistence manager.

class keystone.token.persistence.core.PersistenceManager(*args, **kwargs)[source]

Bases: keystone.common.manager.Manager

Default pivot point for the Token Persistence backend.

See keystone.common.manager.Manager for more details on how this dynamically calls the backend.

create_token(*args, **kwargs)[source]
delete_token(*args, **kwargs)[source]
delete_tokens(*args, **kwargs)[source]
delete_tokens_for_domain(*args, **kwargs)[source]

Delete all tokens for a given domain.

It will delete all the project-scoped tokens for the projects that are owned by the given domain, as well as any tokens issued to users that are owned by this domain.

However, deletion of domain_scoped tokens will still need to be implemented as stated in TODO below.

delete_tokens_for_user(*args, **kwargs)[source]

Delete all tokens for a given user or user-project combination.

This method adds in the extra logic for handling trust-scoped token revocations in a single call instead of needing to explicitly handle trusts in the caller’s logic.

delete_tokens_for_users(*args, **kwargs)[source]

Delete all tokens for a list of user_ids.

Parameters:
  • user_ids – list of user identifiers
  • project_id – optional project identifier
driver_namespace = 'keystone.token.persistence'
get_token(*args, **kwargs)[source]
invalidate_revocation_list(*args, **kwargs)[source]
list_revoked_tokens(*args, **kwargs)[source]
class keystone.token.persistence.core.TokenDriverBase[source]

Bases: object

Interface description for a Token driver.

create_token(token_id, data)[source]

Create a token by id and data.

Parameters:
  • token_id (string) – identity of the token
  • data – dictionary with additional reference information
{
    expires=''
    id=token_id,
    user=user_ref,
    tenant=tenant_ref,
}
Returns:token_ref or None.
delete_token(token_id)[source]

Delete a token by id.

Parameters:token_id (string) – identity of the token
Returns:None.
Raises:keystone.exception.TokenNotFound – If the token doesn’t exist.
delete_tokens(user_id, tenant_id=None, trust_id=None, consumer_id=None)[source]

Delete tokens by user.

If the tenant_id is not None, only delete the tokens by user id under the specified tenant.

If the trust_id is not None, it will be used to query tokens and the user_id will be ignored.

If the consumer_id is not None, only delete the tokens by consumer id that match the specified consumer id.

Parameters:
  • user_id (string) – identity of user
  • tenant_id (string) – identity of the tenant
  • trust_id (string) – identity of the trust
  • consumer_id (string) – identity of the consumer
Returns:

The tokens that have been deleted.

Raises:

keystone.exception.TokenNotFound – If the token doesn’t exist.

flush_expired_tokens()[source]

Archive or delete tokens that have expired.

get_token(token_id)[source]

Get a token by id.

Parameters:token_id (string) – identity of the token
Returns:token_ref
Raises:keystone.exception.TokenNotFound – If the token doesn’t exist.
list_revoked_tokens()[source]

Return a list of all revoked tokens.

Returns:list of token_id’s

Module contents

class keystone.token.persistence.Manager(*args, **kwargs)[source]

Bases: object

The token_api provider.

This class is a proxy class to the token_provider_api’s persistence manager.

class keystone.token.persistence.TokenDriverBase[source]

Bases: object

Interface description for a Token driver.

create_token(token_id, data)[source]

Create a token by id and data.

Parameters:
  • token_id (string) – identity of the token
  • data – dictionary with additional reference information
{
    expires=''
    id=token_id,
    user=user_ref,
    tenant=tenant_ref,
}
Returns:token_ref or None.
delete_token(token_id)[source]

Delete a token by id.

Parameters:token_id (string) – identity of the token
Returns:None.
Raises:keystone.exception.TokenNotFound – If the token doesn’t exist.
delete_tokens(user_id, tenant_id=None, trust_id=None, consumer_id=None)[source]

Delete tokens by user.

If the tenant_id is not None, only delete the tokens by user id under the specified tenant.

If the trust_id is not None, it will be used to query tokens and the user_id will be ignored.

If the consumer_id is not None, only delete the tokens by consumer id that match the specified consumer id.

Parameters:
  • user_id (string) – identity of user
  • tenant_id (string) – identity of the tenant
  • trust_id (string) – identity of the trust
  • consumer_id (string) – identity of the consumer
Returns:

The tokens that have been deleted.

Raises:

keystone.exception.TokenNotFound – If the token doesn’t exist.

flush_expired_tokens()[source]

Archive or delete tokens that have expired.

get_token(token_id)[source]

Get a token by id.

Parameters:token_id (string) – identity of the token
Returns:token_ref
Raises:keystone.exception.TokenNotFound – If the token doesn’t exist.
list_revoked_tokens()[source]

Return a list of all revoked tokens.

Returns:list of token_id’s