def test_combination(self):
memoize = cache.get_memoization_decorator('cache', region=self.region0)
@memoize
def func(value):
return value + uuid.uuid4().hex
key = uuid.uuid4().hex
simple_value = uuid.uuid4().hex
# test get/set using the decorator
return_value = func(key)
self.assertEqual(return_value, func(key))
# test get/set using the singular methods
self.region0.set(key, simple_value)
self.assertEqual(simple_value, self.region0.get(key))
# invalidating region1 should invalidate region0
self.region1.invalidate()
# ensure that the decorated function returns a new value
new_value = func(key)
self.assertNotEqual(return_value, new_value)
# ensure that a get doesn't have a value
self.assertIsInstance(self.region0.get(key), dogpile.NoValue)
def test_combination(self):
memoize = cache.get_memoization_decorator('cache', region=self.region0)
@memoize
def func(value):
return value + uuid.uuid4().hex
key = uuid.uuid4().hex
simple_value = uuid.uuid4().hex
# test get/set using the decorator
return_value = func(key)
self.assertEqual(return_value, func(key))
# test get/set using the singular methods
self.region0.set(key, simple_value)
self.assertEqual(simple_value, self.region0.get(key))
# invalidating region1 should invalidate region0
self.region1.invalidate()
# ensure that the decorated function returns a new value
new_value = func(key)
self.assertNotEqual(return_value, new_value)
# ensure that a get doesn't have a value
self.assertIsInstance(self.region0.get(key), dogpile.NoValue)
def _get_cache_fallthrough_fn(self, cache_time):
with mock.patch.object(cache.REGION, "cache_on_arguments", self.region.cache_on_arguments):
memoize = cache.get_memoization_decorator(section="cache", expiration_section="assignment")
class _test_obj(object):
def __init__(self, value):
self.test_value = value
@memoize
def get_test_value(self):
return self.test_value
def _do_test(value):
test_obj = _test_obj(value)
# Ensure the value has been cached
test_obj.get_test_value()
# Get the now cached value
cached_value = test_obj.get_test_value()
self.assertTrue(cached_value.cached)
self.assertEqual(value.value, cached_value.value)
self.assertEqual(cached_value.value, test_obj.test_value.value)
# Change the underlying value on the test object.
test_obj.test_value = TestProxyValue(uuid.uuid4().hex)
self.assertEqual(cached_value.value, test_obj.get_test_value().value)
# override the system time to ensure the non-cached new value
# is returned
new_time = time.time() + (cache_time * 2)
with mock.patch.object(time, "time", return_value=new_time):
overriden_cache_value = test_obj.get_test_value()
self.assertNotEqual(cached_value.value, overriden_cache_value.value)
self.assertEqual(test_obj.test_value.value, overriden_cache_value.value)
return _do_test
def _get_cacheable_function(self):
with mock.patch.object(cache.REGION, "cache_on_arguments", self.region.cache_on_arguments):
memoize = cache.get_memoization_decorator(section="cache")
@memoize
def cacheable_function(value):
return value
return cacheable_function
def _get_cacheable_function(self):
with mock.patch.object(cache.REGION, 'cache_on_arguments',
self.region.cache_on_arguments):
memoize = cache.get_memoization_decorator(section='cache')
@memoize
def cacheable_function(value):
return value
return cacheable_function
def test_memoize_decorator_when_invalidating_the_region(self):
memoize = cache.get_memoization_decorator('cache', region=self.region0)
@memoize
def func(value):
return value + uuid.uuid4().hex
key = uuid.uuid4().hex
# test get/set
return_value = func(key)
# the values should be the same since it comes from the cache
self.assertEqual(return_value, func(key))
# invalidating region1 should invalidate region0
self.region1.invalidate()
new_value = func(key)
self.assertNotEqual(return_value, new_value)
def test_memoize_decorator_when_invalidating_the_region(self):
memoize = cache.get_memoization_decorator('cache', region=self.region0)
@memoize
def func(value):
return value + uuid.uuid4().hex
key = uuid.uuid4().hex
# test get/set
return_value = func(key)
# the values should be the same since it comes from the cache
self.assertEqual(return_value, func(key))
# invalidating region1 should invalidate region0
self.region1.invalidate()
new_value = func(key)
self.assertNotEqual(return_value, new_value)
def _get_cache_fallthrough_fn(self, cache_time):
with mock.patch.object(cache.REGION, 'cache_on_arguments',
self.region.cache_on_arguments):
memoize = cache.get_memoization_decorator(
section='cache', expiration_section='assignment')
class _test_obj(object):
def __init__(self, value):
self.test_value = value
@memoize
def get_test_value(self):
return self.test_value
def _do_test(value):
test_obj = _test_obj(value)
# Ensure the value has been cached
test_obj.get_test_value()
# Get the now cached value
cached_value = test_obj.get_test_value()
self.assertTrue(cached_value.cached)
self.assertEqual(value.value, cached_value.value)
self.assertEqual(cached_value.value, test_obj.test_value.value)
# Change the underlying value on the test object.
test_obj.test_value = TestProxyValue(uuid.uuid4().hex)
self.assertEqual(cached_value.value,
test_obj.get_test_value().value)
# override the system time to ensure the non-cached new value
# is returned
new_time = time.time() + (cache_time * 2)
with mock.patch.object(time, 'time', return_value=new_time):
overriden_cache_value = test_obj.get_test_value()
self.assertNotEqual(cached_value.value,
overriden_cache_value.value)
self.assertEqual(test_obj.test_value.value,
overriden_cache_value.value)
return _do_test
from oslo_log import log
from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
from keystone.federation import utils
from keystone.i18n import _
from keystone import notifications
LOG = log.getLogger(__name__)
# This is a general cache region for service providers.
MEMOIZE = cache.get_memoization_decorator(group='federation')
CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs
class Manager(manager.Manager):
"""Default pivot point for the Federation backend.
See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend.
"""
driver_namespace = 'keystone.federation'
_provides_api = 'federation_api'
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""List access rules config."""
from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
CONF = keystone.conf.CONF
MEMOIZE = cache.get_memoization_decorator(group='access_rules_config')
PROVIDERS = provider_api.ProviderAPIs
class Manager(manager.Manager):
driver_namespace = 'keystone.access_rules_config'
_provides_api = 'access_rules_config_api'
def __init__(self):
super(Manager, self).__init__(CONF.access_rules_config.driver)
def list_access_rules_config(self, service=None):
"""List access rules config.
:param str service: filter by service type
from oslo_config import cfg
from oslo_log import log
from oslo_utils import timeutils
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _LW
from keystone.token import utils
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group="token")
REVOCATION_MEMOIZE = cache.get_memoization_decorator(group="token", expiration_group="revoke")
@dependency.requires("assignment_api", "identity_api", "resource_api", "token_provider_api", "trust_api")
class PersistenceManager(manager.Manager):
"""Default pivot point for the Token Persistence backend.
See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend.
"""
driver_namespace = "keystone.token.persistence"
def __init__(self):
from oslo_config import cfg
from oslo_log import log
from oslo_utils import timeutils
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _LW
from keystone.token import utils
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group='token')
REVOCATION_MEMOIZE = cache.get_memoization_decorator(group='token',
expiration_group='revoke')
@dependency.requires('assignment_api', 'identity_api', 'resource_api',
'token_provider_api', 'trust_api')
class PersistenceManager(manager.Manager):
"""Default pivot point for the Token Persistence backend.
See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend.
"""
driver_namespace = 'keystone.token.persistence'
# under the License.
"""Main entry point into the Federation service."""
import uuid
from keystone.common import cache
from keystone.common import extension
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
from keystone.federation import utils
from keystone.i18n import _
# This is a general cache region for service providers.
MEMOIZE = cache.get_memoization_decorator(group='federation')
CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs
EXTENSION_DATA = {
'name':
'OpenStack Federation APIs',
'namespace':
'https://docs.openstack.org/identity/api/ext/'
'OS-FEDERATION/v1.0',
'alias':
'OS-FEDERATION',
'updated':
'2013-12-17T12:00:0-00:00',
'description':
'OpenStack Identity Providers Mechanism.',
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import utils
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LE
from keystone import notifications
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group='catalog')
WHITELISTED_PROPERTIES = [
'tenant_id', 'user_id', 'public_bind_host', 'admin_bind_host',
'compute_host', 'admin_port', 'public_port',
'public_endpoint', 'admin_endpoint', ]
def format_url(url, substitutions, silent_keyerror_failures=None):
"""Formats a user-defined URL with the given substitutions.
:param string url: the URL to be formatted
:param dict substitutions: the dictionary used for substitution
:param list silent_keyerror_failures: keys for which we should be silent
if there is a KeyError exception on substitution attempt
:returns: a formatted URL
from keystone.common import cache
from keystone.common import manager
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import revoke_model
from keystone import notifications
CONF = keystone.conf.CONF
# This builds a discrete cache region dedicated to revoke events. The API can
# return a filtered list based upon last fetchtime. This is deprecated but
# must be maintained.
REVOKE_REGION = cache.create_region(name='revoke')
MEMOIZE = cache.get_memoization_decorator(group='revoke', region=REVOKE_REGION)
class Manager(manager.Manager):
"""Default pivot point for the Revoke backend.
Performs common logic for recording revocations.
See :mod:`keystone.common.manager.Manager` for more details on
how this dynamically calls the backend.
"""
driver_namespace = 'keystone.revoke'
_provides_api = 'revoke_api'
from oslo_utils import timeutils
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _, _LE
from keystone.models import token_model
from keystone import notifications
from keystone.token import persistence
from keystone.token import utils
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group='token')
# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException
# supported token versions
V2 = token_model.V2
V3 = token_model.V3
VERSIONS = token_model.VERSIONS
def base64_encode(s):
"""Encode a URL-safe string.
:type s: six.text_type
'alias': 'OS-REVOKE',
'updated': '2014-02-24T20:51:0-00:00',
'description': 'OpenStack revoked token reporting mechanism.',
'links': [
{
'rel': 'describedby',
'type': 'text/html',
'href': ('https://github.com/openstack/identity-api/blob/master/'
'openstack-identity-api/v3/src/markdown/'
'identity-api-v3-os-revoke-ext.md'),
}
]}
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
MEMOIZE = cache.get_memoization_decorator(group='revoke')
def revoked_before_cutoff_time():
expire_delta = datetime.timedelta(
seconds=CONF.token.expiration + CONF.revoke.expiration_buffer)
oldest = timeutils.utcnow() - expire_delta
return oldest
@dependency.provider('revoke_api')
class Manager(manager.Manager):
"""Default pivot point for the Revoke backend.
Performs common logic for recording revocations.
from keystone.common import dependency
from keystone.common import manager
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import token_model
from keystone import notifications
from keystone.token import persistence
CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
TOKENS_REGION = cache.create_region(name='tokens')
MEMOIZE_TOKENS = cache.get_memoization_decorator(
group='token',
region=TOKENS_REGION)
# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException
# supported token versions
V2 = token_model.V2
V3 = token_model.V3
VERSIONS = token_model.VERSIONS
@dependency.provider('token_provider_api')
@dependency.requires('assignment_api', 'revoke_api')
class Manager(manager.Manager):
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs
MEMOIZE = cache.get_memoization_decorator(group='unified_limit')
class Manager(manager.Manager):
driver_namespace = 'keystone.unified_limit'
_provides_api = 'unified_limit_api'
def __init__(self):
unified_limit_driver = CONF.unified_limit.driver
super(Manager, self).__init__(unified_limit_driver)
def _assert_resource_exist(self, unified_limit, target):
try:
service_id = unified_limit.get('service_id')
if service_id is not None:
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import utils
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LE
from keystone import notifications
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='catalog')
WHITELISTED_PROPERTIES = [
'tenant_id', 'user_id', 'public_bind_host', 'admin_bind_host',
'compute_host', 'admin_port', 'public_port',
'public_endpoint', 'admin_endpoint', ]
def format_url(url, substitutions, silent_keyerror_failures=None):
"""Formats a user-defined URL with the given substitutions.
:param string url: the URL to be formatted
:param dict substitutions: the dictionary used for substitution
:param list silent_keyerror_failures: keys for which we should be silent
if there is a KeyError exception on substitution attempt
:returns: a formatted URL
"""Main entry point into the Application Credential service."""
from oslo_log import log
from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
from keystone import notifications
CONF = keystone.conf.CONF
MEMOIZE = cache.get_memoization_decorator(group='application_credential')
LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs
class Manager(manager.Manager):
"""Default pivot point for the Application Credential backend.
See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend.
"""
driver_namespace = 'keystone.application_credential'
_provides_api = 'application_credential_api'
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
"""List access rules config."""
from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
CONF = keystone.conf.CONF
MEMOIZE = cache.get_memoization_decorator(group='access_rules_config')
PROVIDERS = provider_api.ProviderAPIs
class Manager(manager.Manager):
driver_namespace = 'keystone.access_rules_config'
_provides_api = 'access_rules_config_api'
def __init__(self):
super(Manager, self).__init__(CONF.access_rules_config.driver)
def list_access_rules_config(self, service=None):
"""List access rules config.
:param str service: filter by service type
'description':
'OpenStack revoked token reporting mechanism.',
'links': [{
'rel':
'describedby',
'type':
'text/html',
'href':
'http://specs.openstack.org/openstack/keystone-specs/api/'
'v3/identity-api-v3-os-revoke-ext.html',
}]
}
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
MEMOIZE = cache.get_memoization_decorator(group='revoke')
def revoked_before_cutoff_time():
expire_delta = datetime.timedelta(seconds=CONF.token.expiration +
CONF.revoke.expiration_buffer)
oldest = timeutils.utcnow() - expire_delta
return oldest
@dependency.provider('revoke_api')
class Manager(manager.Manager):
"""Default pivot point for the Revoke backend.
Performs common logic for recording revocations.
from oslo_log import log
import six
from keystone import clean
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone import exception
from keystone.i18n import _, _LE, _LW
from keystone import notifications
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='resource')
@dependency.provider('resource_api')
@dependency.requires('assignment_api', 'identity_api', 'revoke_api',
'policy_api', 'rule_api', 'role_api')
class Manager(manager.Manager):
"""Default pivot point for the resource backend.
See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend.
"""
_DOMAIN = 'domain'
_PROJECT = 'project'
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone import notifications
CONF = keystone.conf.CONF
# This is a general cache region for catalog administration (CRUD operations).
MEMOIZE = cache.get_memoization_decorator(group='catalog')
# This builds a discrete cache region dedicated to complete service catalogs
# computed for a given user + project pair. Any write operation to create,
# modify or delete elements of the service catalog should invalidate this
# entire cache region.
COMPUTED_CATALOG_REGION = cache.create_region(name='computed catalog region')
MEMOIZE_COMPUTED_CATALOG = cache.get_memoization_decorator(
group='catalog',
region=COMPUTED_CATALOG_REGION)
@dependency.provider('catalog_api')
@dependency.requires('resource_api')
class Manager(manager.Manager):
"""Default pivot point for the Catalog backend.
from oslo_utils import timeutils
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _, _LE
from keystone.models import token_model
from keystone import notifications
from keystone.token import persistence
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='token')
# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException
# supported token versions
V3 = token_model.V3
VERSIONS = token_model.VERSIONS
def base64_encode(s):
"""Encode a URL-safe string."""
return base64.urlsafe_b64encode(s).rstrip('=')
CONF = cfg.CONF
LOG = log.getLogger(__name__)
WHITELISTED_PROPERTIES = [
'tenant_id',
'user_id',
'public_bind_host',
'admin_bind_host',
'compute_host',
'admin_port',
'public_port',
'public_endpoint',
'admin_endpoint',
]
# This is a general cache region for catalog administration (CRUD operations).
MEMOIZE = cache.get_memoization_decorator(group='catalog')
# This builds a discrete cache region dedicated to complete service catalogs
# computed for a given user + project pair. Any write operation to create,
# modify or delete elements of the service catalog should invalidate this
# entire cache region.
COMPUTED_CATALOG_REGION = oslo_cache.create_region()
MEMOIZE_COMPUTED_CATALOG = cache.get_memoization_decorator(
group='catalog', region=COMPUTED_CATALOG_REGION)
def format_url(url, substitutions, silent_keyerror_failures=None):
"""Formats a user-defined URL with the given substitutions.
:param string url: the URL to be formatted
:param dict substitutions: the dictionary used for substitution
from oslo_config import cfg
from oslo_log import log
from oslo_utils import timeutils
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _LW
from keystone.token import utils
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='token')
REVOCATION_MEMOIZE = cache.get_memoization_decorator(
section='token', expiration_section='revoke')
@dependency.requires('assignment_api', 'identity_api', 'resource_api',
'token_provider_api', 'trust_api')
class PersistenceManager(manager.Manager):
"""Default pivot point for the Token Persistence backend.
See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend.
"""
driver_namespace = 'keystone.token.persistence'
# License for the specific language governing permissions and limitations
# under the License.
"""Main entry point into the Application Credential service."""
from oslo_log import log
from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
from keystone import notifications
CONF = keystone.conf.CONF
MEMOIZE = cache.get_memoization_decorator(group='application_credential')
LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs
class Manager(manager.Manager):
"""Default pivot point for the Application Credential backend.
See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend.
"""
driver_namespace = 'keystone.application_credential'
_provides_api = 'application_credential_api'
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LI
from keystone import notifications
from keystone.openstack.common import versionutils
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='role')
def deprecated_to_role_api(f):
"""Specialized deprecation wrapper for assignment to role api.
This wraps the standard deprecation wrapper and fills in the method
names automatically.
"""
@six.wraps(f)
def wrapper(*args, **kwargs):
x = versionutils.deprecated(
what='assignment.' + f.__name__ + '()',
as_of=versionutils.deprecated.KILO,
in_favor_of='role.' + f.__name__ + '()')
from oslo_utils import timeutils
import six
from keystone.common import cache
from keystone.common import manager
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import token_model
from keystone import notifications
CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
TOKENS_REGION = cache.create_region(name='tokens')
MEMOIZE_TOKENS = cache.get_memoization_decorator(group='token',
region=TOKENS_REGION)
# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException
# supported token versions
V3 = token_model.V3
VERSIONS = token_model.VERSIONS
class Manager(manager.Manager):
"""Default pivot point for the token provider backend.
See :mod:`keystone.common.manager.Manager` for more details on how this
dynamically calls the backend.
from oslo_log import log
from oslo_utils import timeutils
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _, _LE
from keystone.models import token_model
from keystone import notifications
from keystone.token import persistence
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='token')
# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException
# supported token versions
V2 = token_model.V2
V3 = token_model.V3
VERSIONS = token_model.VERSIONS
def base64_encode(s):
"""Encode a URL-safe string."""
return base64.urlsafe_b64encode(s).rstrip('=')
"links": [
{
"rel": "describedby",
"type": "text/html",
"href": (
"https://github.com/openstack/identity-api/blob/master/"
"openstack-identity-api/v3/src/markdown/"
"identity-api-v3-os-revoke-ext.md"
),
}
],
}
extension.register_admin_extension(EXTENSION_DATA["alias"], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA["alias"], EXTENSION_DATA)
MEMOIZE = cache.get_memoization_decorator(section="revoke")
def revoked_before_cutoff_time():
expire_delta = datetime.timedelta(seconds=CONF.token.expiration + CONF.revoke.expiration_buffer)
oldest = timeutils.utcnow() - expire_delta
return oldest
@dependency.provider("revoke_api")
class Manager(manager.Manager):
"""Revoke API Manager.
Performs common logic for recording revocations.
"""
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
CONF = keystone.conf.CONF
PROVIDERS = provider_api.ProviderAPIs
MEMOIZE = cache.get_memoization_decorator(group='unified_limit')
class Manager(manager.Manager):
driver_namespace = 'keystone.unified_limit'
_provides_api = 'unified_limit_api'
def __init__(self):
unified_limit_driver = CONF.unified_limit.driver
super(Manager, self).__init__(unified_limit_driver)
def _assert_resource_exist(self, unified_limit, target):
try:
service_id = unified_limit.get('service_id')
if service_id is not None:
{
'rel': 'describedby',
'type': 'text/html',
'href': 'http://specs.openstack.org/openstack/keystone-specs/api/'
'v3/identity-api-v3-os-revoke-ext.html',
}
]}
extension.register_admin_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
extension.register_public_extension(EXTENSION_DATA['alias'], EXTENSION_DATA)
# This builds a discrete cache region dedicated to revoke events. The API can
# return a filtered list based upon last fetchtime. This is deprecated but
# must be maintained.
REVOKE_REGION = oslo_cache.create_region()
MEMOIZE = cache.get_memoization_decorator(
group='revoke',
region=REVOKE_REGION)
@dependency.provider('revoke_api')
class Manager(manager.Manager):
"""Default pivot point for the Revoke backend.
Performs common logic for recording revocations.
See :mod:`keystone.common.manager.Manager` for more details on
how this dynamically calls the backend.
"""
driver_namespace = 'keystone.revoke'
from oslo_log import versionutils
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LI
from keystone import notifications
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='role')
def deprecated_to_role_api(f):
"""Specialized deprecation wrapper for assignment to role api.
This wraps the standard deprecation wrapper and fills in the method
names automatically.
"""
@six.wraps(f)
def wrapper(*args, **kwargs):
x = versionutils.deprecated(
what='assignment.' + f.__name__ + '()',
as_of=versionutils.deprecated.KILO,
in_favor_of='role.' + f.__name__ + '()')
from keystone.common import provider_api
from keystone.common import utils
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import receipt_model
from keystone import notifications
CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs
RECEIPTS_REGION = cache.create_region(name='receipts')
MEMOIZE_RECEIPTS = cache.get_memoization_decorator(
group='receipt',
region=RECEIPTS_REGION)
def default_expire_time():
"""Determine when a fresh receipt should expire.
Expiration time varies based on configuration (see
``[receipt] expiration``).
:returns: a naive UTC datetime.datetime object
"""
expire_delta = datetime.timedelta(seconds=CONF.receipt.expiration)
expires_at = timeutils.utcnow() + expire_delta
return expires_at.replace(microsecond=0)
from keystone import clean
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone import config
from keystone import exception
from keystone.i18n import _, _LW
from keystone import notifications
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='identity')
DOMAIN_CONF_FHEAD = 'keystone.'
DOMAIN_CONF_FTAIL = '.conf'
def filter_user(user_ref):
"""Filter out private items in a user dict.
'password', 'tenants' and 'groups' are never returned.
:returns: user_ref
"""
if user_ref:
user_ref = user_ref.copy()
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import manager
from keystone import exception
from keystone.i18n import _, _LE
from keystone.models import token_model
from keystone import notifications
from keystone.token import persistence
from keystone.token import utils
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group="token")
# NOTE(morganfainberg): This is for compatibility in case someone was relying
# on the old location of the UnsupportedTokenVersionException for their code.
UnsupportedTokenVersionException = exception.UnsupportedTokenVersionException
# supported token versions
V2 = token_model.V2
V3 = token_model.V3
VERSIONS = token_model.VERSIONS
def base64_encode(s):
"""Encode a URL-safe string."""
return base64.urlsafe_b64encode(s).rstrip("=")
from oslo_log import log
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import utils
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LE
from keystone import notifications
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(group='catalog')
WHITELISTED_PROPERTIES = [
'tenant_id',
'user_id',
'public_bind_host',
'admin_bind_host',
'compute_host',
'admin_port',
'public_port',
'public_endpoint',
'admin_endpoint',
]
def format_url(url, substitutions, silent_keyerror_failures=None):
"""Formats a user-defined URL with the given substitutions.
from oslo_log import log
import six
from keystone.common import cache
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import utils
from keystone import exception
from keystone.i18n import _
from keystone.i18n import _LE
from keystone import notifications
CONF = cfg.CONF
LOG = log.getLogger(__name__)
MEMOIZE = cache.get_memoization_decorator(section='catalog')
def format_url(url, substitutions, silent_keyerror_failures=None):
"""Formats a user-defined URL with the given substitutions.
:param string url: the URL to be formatted
:param dict substitutions: the dictionary used for substitution
:param list silent_keyerror_failures: keys for which we should be silent
if there is a KeyError exception on substitution attempt
:returns: a formatted URL
"""
WHITELISTED_PROPERTIES = [
'tenant_id',
from keystone.common import cache
from keystone.common import manager
from keystone.common import provider_api
from keystone.common import utils
import keystone.conf
from keystone import exception
from keystone.i18n import _
from keystone.models import receipt_model
from keystone import notifications
CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs
RECEIPTS_REGION = cache.create_region(name='receipts')
MEMOIZE_RECEIPTS = cache.get_memoization_decorator(group='receipt',
region=RECEIPTS_REGION)
def default_expire_time():
"""Determine when a fresh receipt should expire.
Expiration time varies based on configuration (see
``[receipt] expiration``).
:returns: a naive UTC datetime.datetime object
"""
expire_delta = datetime.timedelta(seconds=CONF.receipt.expiration)
expires_at = timeutils.utcnow() + expire_delta
return expires_at.replace(microsecond=0)
