Ejemplo n.º 1
    def test_combination(self):
        memoize = cache.get_memoization_decorator('cache', region=self.region0)

        def func(value):
            return value + uuid.uuid4().hex

        key = uuid.uuid4().hex
        simple_value = uuid.uuid4().hex

        # test get/set using the decorator
        return_value = func(key)
        self.assertEqual(return_value, func(key))

        # test get/set using the singular methods
        self.region0.set(key, simple_value)
        self.assertEqual(simple_value, self.region0.get(key))

        # invalidating region1 should invalidate region0

        # ensure that the decorated function returns a new value
        new_value = func(key)
        self.assertNotEqual(return_value, new_value)

        # ensure that a get doesn't have a value
        self.assertIsInstance(self.region0.get(key), dogpile.NoValue)
Ejemplo n.º 2
    def test_combination(self):
        memoize = cache.get_memoization_decorator('cache', region=self.region0)

        def func(value):
            return value + uuid.uuid4().hex

        key = uuid.uuid4().hex
        simple_value = uuid.uuid4().hex

        # test get/set using the decorator
        return_value = func(key)
        self.assertEqual(return_value, func(key))

        # test get/set using the singular methods
        self.region0.set(key, simple_value)
        self.assertEqual(simple_value, self.region0.get(key))

        # invalidating region1 should invalidate region0

        # ensure that the decorated function returns a new value
        new_value = func(key)
        self.assertNotEqual(return_value, new_value)

        # ensure that a get doesn't have a value
        self.assertIsInstance(self.region0.get(key), dogpile.NoValue)
Ejemplo n.º 3
    def _get_cache_fallthrough_fn(self, cache_time):
        with mock.patch.object(cache.REGION, "cache_on_arguments", self.region.cache_on_arguments):
            memoize = cache.get_memoization_decorator(section="cache", expiration_section="assignment")

            class _test_obj(object):
                def __init__(self, value):
                    self.test_value = value

                def get_test_value(self):
                    return self.test_value

            def _do_test(value):

                test_obj = _test_obj(value)

                # Ensure the value has been cached
                # Get the now cached value
                cached_value = test_obj.get_test_value()
                self.assertEqual(value.value, cached_value.value)
                self.assertEqual(cached_value.value, test_obj.test_value.value)
                # Change the underlying value on the test object.
                test_obj.test_value = TestProxyValue(uuid.uuid4().hex)
                self.assertEqual(cached_value.value, test_obj.get_test_value().value)
                # override the system time to ensure the non-cached new value
                # is returned
                new_time = time.time() + (cache_time * 2)
                with mock.patch.object(time, "time", return_value=new_time):
                    overriden_cache_value = test_obj.get_test_value()
                    self.assertNotEqual(cached_value.value, overriden_cache_value.value)
                    self.assertEqual(test_obj.test_value.value, overriden_cache_value.value)

        return _do_test
Ejemplo n.º 4
    def _get_cacheable_function(self):
        with mock.patch.object(cache.REGION, "cache_on_arguments", self.region.cache_on_arguments):
            memoize = cache.get_memoization_decorator(section="cache")

            def cacheable_function(value):
                return value

        return cacheable_function
Ejemplo n.º 5
    def _get_cacheable_function(self):
        with mock.patch.object(cache.REGION, 'cache_on_arguments',
            memoize = cache.get_memoization_decorator(section='cache')

            def cacheable_function(value):
                return value

        return cacheable_function
Ejemplo n.º 6
    def test_memoize_decorator_when_invalidating_the_region(self):
        memoize = cache.get_memoization_decorator('cache', region=self.region0)

        def func(value):
            return value + uuid.uuid4().hex

        key = uuid.uuid4().hex

        # test get/set
        return_value = func(key)
        # the values should be the same since it comes from the cache
        self.assertEqual(return_value, func(key))

        # invalidating region1 should invalidate region0
        new_value = func(key)
        self.assertNotEqual(return_value, new_value)
Ejemplo n.º 7
    def test_memoize_decorator_when_invalidating_the_region(self):
        memoize = cache.get_memoization_decorator('cache', region=self.region0)

        def func(value):
            return value + uuid.uuid4().hex

        key = uuid.uuid4().hex

        # test get/set
        return_value = func(key)
        # the values should be the same since it comes from the cache
        self.assertEqual(return_value, func(key))

        # invalidating region1 should invalidate region0
        new_value = func(key)
        self.assertNotEqual(return_value, new_value)
Ejemplo n.º 8
    def _get_cache_fallthrough_fn(self, cache_time):
        with mock.patch.object(cache.REGION, 'cache_on_arguments',
            memoize = cache.get_memoization_decorator(
                section='cache', expiration_section='assignment')

            class _test_obj(object):
                def __init__(self, value):
                    self.test_value = value

                def get_test_value(self):
                    return self.test_value

            def _do_test(value):

                test_obj = _test_obj(value)

                # Ensure the value has been cached
                # Get the now cached value
                cached_value = test_obj.get_test_value()
                self.assertEqual(value.value, cached_value.value)
                self.assertEqual(cached_value.value, test_obj.test_value.value)
                # Change the underlying value on the test object.
                test_obj.test_value = TestProxyValue(uuid.uuid4().hex)
                # override the system time to ensure the non-cached new value
                # is returned
                new_time = time.time() + (cache_time * 2)
                with mock.patch.object(time, 'time', return_value=new_time):
                    overriden_cache_value = test_obj.get_test_value()

        return _do_test
Ejemplo n.º 9
from oslo_log import log

from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
from keystone.federation import utils
from keystone.i18n import _
from keystone import notifications

LOG = log.getLogger(__name__)

# This is a general cache region for service providers.
MEMOIZE = cache.get_memoization_decorator(group='federation')

CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs

class Manager(manager.Manager):
    """Default pivot point for the Federation backend.

    See :mod:`keystone.common.manager.Manager` for more details on how this
    dynamically calls the backend.


    driver_namespace = 'keystone.federation'
    _provides_api = 'federation_api'
Ejemplo n.º 10
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""List access rules config."""

from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf

CONF = keystone.conf.CONF
MEMOIZE = cache.get_memoization_decorator(group='access_rules_config')
PROVIDERS = provider_api.ProviderAPIs

class Manager(manager.Manager):

    driver_namespace = 'keystone.access_rules_config'
    _provides_api = 'access_rules_config_api'

    def __init__(self):
        super(Manager, self).__init__(CONF.access_rules_config.driver)

    def list_access_rules_config(self, service=None):
        """List access rules config.

        :param str service: filter by service type
Ejemplo n.º 11
from oslo_config import cfg
from oslo_log import log
from oslo_utils import timeutils
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _LW
from keystone.token import utils

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group="token")
REVOCATION_MEMOIZE = cache.get_memoization_decorator(group="token", expiration_group="revoke")

@dependency.requires("assignment_api", "identity_api", "resource_api", "token_provider_api", "trust_api")
class PersistenceManager(manager.Manager):
    """Default pivot point for the Token Persistence backend.

    See :mod:`keystone.common.manager.Manager` for more details on how this
    dynamically calls the backend.


    driver_namespace = "keystone.token.persistence"

    def __init__(self):
Ejemplo n.º 12
from oslo_config import cfg
from oslo_log import log
from oslo_utils import timeutils
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _LW
from keystone.token import utils

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group='token')
REVOCATION_MEMOIZE = cache.get_memoization_decorator(group='token',

@dependency.requires('assignment_api', 'identity_api', 'resource_api',
                     'token_provider_api', 'trust_api')
class PersistenceManager(manager.Manager):
    """Default pivot point for the Token Persistence backend.

    See :mod:`keystone.common.manager.Manager` for more details on how this
    dynamically calls the backend.


    driver_namespace = 'keystone.token.persistence'
Ejemplo n.º 13
# under the License.
"""Main entry point into the Federation service."""

import uuid

from keystone.common import cache
from keystone.common import extension
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
from keystone.federation import utils
from keystone.i18n import _

# This is a general cache region for service providers.
MEMOIZE = cache.get_memoization_decorator(group='federation')

CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs
    'OpenStack Federation APIs',
    'OpenStack Identity Providers Mechanism.',
Ejemplo n.º 14
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import utils
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LE
from keystone import notifications

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group='catalog')
    'tenant_id', 'user_id', 'public_bind_host', 'admin_bind_host',
    'compute_host', 'admin_port', 'public_port',
    'public_endpoint', 'admin_endpoint', ]

def format_url(url, substitutions, silent_keyerror_failures=None):
    """Formats a user-defined URL with the given substitutions.

    :param string url: the URL to be formatted
    :param dict substitutions: the dictionary used for substitution
    :param list silent_keyerror_failures: keys for which we should be silent
        if there is a KeyError exception on substitution attempt
    :returns: a formatted URL
Ejemplo n.º 15
from keystone.common import cache
from keystone.common import manager
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import revoke_model
from keystone import notifications

CONF = keystone.conf.CONF

# This builds a discrete cache region dedicated to revoke events. The API can
# return a filtered list based upon last fetchtime. This is deprecated but
# must be maintained.
REVOKE_REGION = cache.create_region(name='revoke')
MEMOIZE = cache.get_memoization_decorator(group='revoke', region=REVOKE_REGION)

class Manager(manager.Manager):
    """Default pivot point for the Revoke backend.

    Performs common logic for recording revocations.

    See :mod:`keystone.common.manager.Manager` for more details on
    how this dynamically calls the backend.


    driver_namespace = 'keystone.revoke'
    _provides_api = 'revoke_api'
Ejemplo n.º 16
from oslo_utils import timeutils
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _, _LE
from keystone.models import token_model
from keystone import notifications
from keystone.token import persistence
from keystone.token import utils

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group='token')

# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException

# supported token versions
V2 = token_model.V2
V3 = token_model.V3

def base64_encode(s):
    """Encode a URL-safe string.

    :type s: six.text_type
Ejemplo n.º 17
    'alias': 'OS-REVOKE',
    'updated': '2014-02-24T20:51:0-00:00',
    'description': 'OpenStack revoked token reporting mechanism.',
    'links': [
            'rel': 'describedby',
            'type': 'text/html',
            'href': ('https://github.com/openstack/identity-api/blob/master/'
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)

MEMOIZE = cache.get_memoization_decorator(group='revoke')

def revoked_before_cutoff_time():
    expire_delta = datetime.timedelta(
        seconds=CONF.token.expiration + CONF.revoke.expiration_buffer)
    oldest = timeutils.utcnow() - expire_delta
    return oldest

class Manager(manager.Manager):
    """Default pivot point for the Revoke backend.

    Performs common logic for recording revocations.
Ejemplo n.º 18
from keystone.common import dependency
from keystone.common import manager
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import token_model
from keystone import notifications
from keystone.token import persistence

CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)

TOKENS_REGION = cache.create_region(name='tokens')
MEMOIZE_TOKENS = cache.get_memoization_decorator(

# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException

# supported token versions
V2 = token_model.V2
V3 = token_model.V3

@dependency.requires('assignment_api', 'revoke_api')
class Manager(manager.Manager):
Ejemplo n.º 19
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception

CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs

MEMOIZE = cache.get_memoization_decorator(group='unified_limit')

class Manager(manager.Manager):

    driver_namespace = 'keystone.unified_limit'
    _provides_api = 'unified_limit_api'

    def __init__(self):
        unified_limit_driver = CONF.unified_limit.driver
        super(Manager, self).__init__(unified_limit_driver)

    def _assert_resource_exist(self, unified_limit, target):
            service_id = unified_limit.get('service_id')
            if service_id is not None:
Ejemplo n.º 20
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import utils
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LE
from keystone import notifications

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='catalog')
    'tenant_id', 'user_id', 'public_bind_host', 'admin_bind_host',
    'compute_host', 'admin_port', 'public_port',
    'public_endpoint', 'admin_endpoint', ]

def format_url(url, substitutions, silent_keyerror_failures=None):
    """Formats a user-defined URL with the given substitutions.

    :param string url: the URL to be formatted
    :param dict substitutions: the dictionary used for substitution
    :param list silent_keyerror_failures: keys for which we should be silent
        if there is a KeyError exception on substitution attempt
    :returns: a formatted URL
Ejemplo n.º 21
"""Main entry point into the Application Credential service."""

from oslo_log import log

from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
from keystone import notifications

CONF = keystone.conf.CONF
MEMOIZE = cache.get_memoization_decorator(group='application_credential')
LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs

class Manager(manager.Manager):
    """Default pivot point for the Application Credential backend.

    See :mod:`keystone.common.manager.Manager` for more details on how this
    dynamically calls the backend.


    driver_namespace = 'keystone.application_credential'
    _provides_api = 'application_credential_api'
Ejemplo n.º 22
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

"""List access rules config."""

from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf

CONF = keystone.conf.CONF
MEMOIZE = cache.get_memoization_decorator(group='access_rules_config')
PROVIDERS = provider_api.ProviderAPIs

class Manager(manager.Manager):

    driver_namespace = 'keystone.access_rules_config'
    _provides_api = 'access_rules_config_api'

    def __init__(self):
        super(Manager, self).__init__(CONF.access_rules_config.driver)

    def list_access_rules_config(self, service=None):
        """List access rules config.

        :param str service: filter by service type
Ejemplo n.º 23
    'OpenStack revoked token reporting mechanism.',
    'links': [{
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)

MEMOIZE = cache.get_memoization_decorator(group='revoke')

def revoked_before_cutoff_time():
    expire_delta = datetime.timedelta(seconds=CONF.token.expiration +
    oldest = timeutils.utcnow() - expire_delta
    return oldest

class Manager(manager.Manager):
    """Default pivot point for the Revoke backend.

    Performs common logic for recording revocations.
Ejemplo n.º 24
from oslo_log import log
import six

from keystone import clean
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone import exception
from keystone.i18n import _, _LE, _LW
from keystone import notifications

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='resource')

@dependency.requires('assignment_api', 'identity_api', 'revoke_api',
                     'policy_api', 'rule_api', 'role_api')
class Manager(manager.Manager):
    """Default pivot point for the resource backend.

    See :mod:`keystone.common.manager.Manager` for more details on how this
    dynamically calls the backend.

    _DOMAIN = 'domain'
    _PROJECT = 'project'
Ejemplo n.º 25
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone import notifications

CONF = keystone.conf.CONF

# This is a general cache region for catalog administration (CRUD operations).
MEMOIZE = cache.get_memoization_decorator(group='catalog')

# This builds a discrete cache region dedicated to complete service catalogs
# computed for a given user + project pair. Any write operation to create,
# modify or delete elements of the service catalog should invalidate this
# entire cache region.
COMPUTED_CATALOG_REGION = cache.create_region(name='computed catalog region')
MEMOIZE_COMPUTED_CATALOG = cache.get_memoization_decorator(

class Manager(manager.Manager):
    """Default pivot point for the Catalog backend.
Ejemplo n.º 26
from oslo_utils import timeutils
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _, _LE
from keystone.models import token_model
from keystone import notifications
from keystone.token import persistence

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='token')

# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException

# supported token versions
V3 = token_model.V3

def base64_encode(s):
    """Encode a URL-safe string."""
    return base64.urlsafe_b64encode(s).rstrip('=')

Ejemplo n.º 27
LOG = log.getLogger(__name__)

# This is a general cache region for catalog administration (CRUD operations).
MEMOIZE = cache.get_memoization_decorator(group='catalog')

# This builds a discrete cache region dedicated to complete service catalogs
# computed for a given user + project pair. Any write operation to create,
# modify or delete elements of the service catalog should invalidate this
# entire cache region.
COMPUTED_CATALOG_REGION = oslo_cache.create_region()
MEMOIZE_COMPUTED_CATALOG = cache.get_memoization_decorator(
    group='catalog', region=COMPUTED_CATALOG_REGION)

def format_url(url, substitutions, silent_keyerror_failures=None):
    """Formats a user-defined URL with the given substitutions.

    :param string url: the URL to be formatted
    :param dict substitutions: the dictionary used for substitution
Ejemplo n.º 28
from oslo_config import cfg
from oslo_log import log
from oslo_utils import timeutils
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _LW
from keystone.token import utils

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='token')
REVOCATION_MEMOIZE = cache.get_memoization_decorator(
    section='token', expiration_section='revoke')

@dependency.requires('assignment_api', 'identity_api', 'resource_api',
                     'token_provider_api', 'trust_api')
class PersistenceManager(manager.Manager):
    """Default pivot point for the Token Persistence backend.

    See :mod:`keystone.common.manager.Manager` for more details on how this
    dynamically calls the backend.


    driver_namespace = 'keystone.token.persistence'
Ejemplo n.º 29
# License for the specific language governing permissions and limitations
# under the License.
"""Main entry point into the Application Credential service."""

from oslo_log import log

from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
from keystone import notifications

CONF = keystone.conf.CONF
MEMOIZE = cache.get_memoization_decorator(group='application_credential')
LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs

class Manager(manager.Manager):
    """Default pivot point for the Application Credential backend.

    See :mod:`keystone.common.manager.Manager` for more details on how this
    dynamically calls the backend.


    driver_namespace = 'keystone.application_credential'
    _provides_api = 'application_credential_api'
Ejemplo n.º 30
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LI
from keystone import notifications
from keystone.openstack.common import versionutils

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='role')

def deprecated_to_role_api(f):
    """Specialized deprecation wrapper for assignment to role api.

    This wraps the standard deprecation wrapper and fills in the method
    names automatically.

    def wrapper(*args, **kwargs):
        x = versionutils.deprecated(
            what='assignment.' + f.__name__ + '()',
            in_favor_of='role.' + f.__name__ + '()')
Ejemplo n.º 31
from oslo_utils import timeutils
import six

from keystone.common import cache
from keystone.common import manager
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import token_model
from keystone import notifications

CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)

TOKENS_REGION = cache.create_region(name='tokens')
MEMOIZE_TOKENS = cache.get_memoization_decorator(group='token',

# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException

# supported token versions
V3 = token_model.V3

class Manager(manager.Manager):
    """Default pivot point for the token provider backend.

    See :mod:`keystone.common.manager.Manager` for more details on how this
    dynamically calls the backend.
Ejemplo n.º 32
from oslo_log import log
from oslo_utils import timeutils
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _, _LE
from keystone.models import token_model
from keystone import notifications
from keystone.token import persistence

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='token')

# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException

# supported token versions
V2 = token_model.V2
V3 = token_model.V3

def base64_encode(s):
    """Encode a URL-safe string."""
    return base64.urlsafe_b64encode(s).rstrip('=')
Ejemplo n.º 33
    "links": [
            "rel": "describedby",
            "type": "text/html",
            "href": (
extension.register_admin_extension(EXTENSION_DATA["alias"], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA["alias"], EXTENSION_DATA)

MEMOIZE = cache.get_memoization_decorator(section="revoke")

def revoked_before_cutoff_time():
    expire_delta = datetime.timedelta(seconds=CONF.token.expiration + CONF.revoke.expiration_buffer)
    oldest = timeutils.utcnow() - expire_delta
    return oldest

class Manager(manager.Manager):
    """Revoke API Manager.

    Performs common logic for recording revocations.

Ejemplo n.º 34
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception

CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs

MEMOIZE = cache.get_memoization_decorator(group='unified_limit')

class Manager(manager.Manager):

    driver_namespace = 'keystone.unified_limit'
    _provides_api = 'unified_limit_api'

    def __init__(self):
        unified_limit_driver = CONF.unified_limit.driver
        super(Manager, self).__init__(unified_limit_driver)

    def _assert_resource_exist(self, unified_limit, target):
            service_id = unified_limit.get('service_id')
            if service_id is not None:
Ejemplo n.º 35
            'rel': 'describedby',
            'type': 'text/html',
            'href': 'http://specs.openstack.org/openstack/keystone-specs/api/'
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)

# This builds a discrete cache region dedicated to revoke events. The API can
# return a filtered list based upon last fetchtime. This is deprecated but
# must be maintained.
REVOKE_REGION = oslo_cache.create_region()
MEMOIZE = cache.get_memoization_decorator(

class Manager(manager.Manager):
    """Default pivot point for the Revoke backend.

    Performs common logic for recording revocations.

    See :mod:`keystone.common.manager.Manager` for more details on
    how this dynamically calls the backend.


    driver_namespace = 'keystone.revoke'
Ejemplo n.º 36
from oslo_log import versionutils
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LI
from keystone import notifications

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='role')

def deprecated_to_role_api(f):
    """Specialized deprecation wrapper for assignment to role api.

    This wraps the standard deprecation wrapper and fills in the method
    names automatically.

    def wrapper(*args, **kwargs):
        x = versionutils.deprecated(
            what='assignment.' + f.__name__ + '()',
            in_favor_of='role.' + f.__name__ + '()')
Ejemplo n.º 37
from keystone.common import provider_api
from keystone.common import utils
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import receipt_model
from keystone import notifications

CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs

RECEIPTS_REGION = cache.create_region(name='receipts')
MEMOIZE_RECEIPTS = cache.get_memoization_decorator(

def default_expire_time():
    """Determine when a fresh receipt should expire.

    Expiration time varies based on configuration (see
    ``[receipt] expiration``).

    :returns: a naive UTC datetime.datetime object

    expire_delta = datetime.timedelta(seconds=CONF.receipt.expiration)
    expires_at = timeutils.utcnow() + expire_delta
    return expires_at.replace(microsecond=0)
Ejemplo n.º 38
from keystone import clean
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone import config
from keystone import exception
from keystone.i18n import _, _LW
from keystone import notifications


LOG = log.getLogger(__name__)

MEMOIZE = cache.get_memoization_decorator(section='identity')

DOMAIN_CONF_FHEAD = 'keystone.'

def filter_user(user_ref):
    """Filter out private items in a user dict.

    'password', 'tenants' and 'groups' are never returned.

    :returns: user_ref

    if user_ref:
        user_ref = user_ref.copy()
Ejemplo n.º 39
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _, _LE
from keystone.models import token_model
from keystone import notifications
from keystone.token import persistence
from keystone.token import utils

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group="token")

# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException

# supported token versions
V2 = token_model.V2
V3 = token_model.V3

def base64_encode(s):
    """Encode a URL-safe string."""
    return base64.urlsafe_b64encode(s).rstrip("=")
Ejemplo n.º 40
from oslo_log import log
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import utils
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LE
from keystone import notifications

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group='catalog')

def format_url(url, substitutions, silent_keyerror_failures=None):
    """Formats a user-defined URL with the given substitutions.
Ejemplo n.º 41
from oslo_log import log
import six

from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import utils
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LE
from keystone import notifications

LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='catalog')

def format_url(url, substitutions, silent_keyerror_failures=None):
    """Formats a user-defined URL with the given substitutions.

    :param string url: the URL to be formatted
    :param dict substitutions: the dictionary used for substitution
    :param list silent_keyerror_failures: keys for which we should be silent
        if there is a KeyError exception on substitution attempt
    :returns: a formatted URL


Ejemplo n.º 42
from keystone.common import cache
from keystone.common import manager
from keystone.common import provider_api
from keystone.common import utils
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import receipt_model
from keystone import notifications

CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs

RECEIPTS_REGION = cache.create_region(name='receipts')
MEMOIZE_RECEIPTS = cache.get_memoization_decorator(group='receipt',

def default_expire_time():
    """Determine when a fresh receipt should expire.

    Expiration time varies based on configuration (see
    ``[receipt] expiration``).

    :returns: a naive UTC datetime.datetime object

    expire_delta = datetime.timedelta(seconds=CONF.receipt.expiration)
    expires_at = timeutils.utcnow() + expire_delta
    return expires_at.replace(microsecond=0)