def revoke_by_grant(self, role_id, user_id=None, domain_id=None, project_id=None): self.revoke( model.RevokeEvent(user_id=user_id, role_id=role_id, domain_id=domain_id, project_id=project_id))
def get_events(self, last_fetch=None): self._prune_expired_events() session = sql.get_session() query = session.query(RevocationEvent).order_by( RevocationEvent.revoked_at) if last_fetch: query.filter(RevocationEvent.revoked_at >= last_fetch) # While the query filter should handle this, it does not # appear to be working. It might be a SQLite artifact. events = [model.RevokeEvent(**e.to_dict()) for e in query if e.revoked_at > last_fetch] else: events = [model.RevokeEvent(**e.to_dict()) for e in query] return events
def test_past_expiry_are_removed(self): user_id = 1 self.revoke_api.revoke_by_expiration(user_id, _future_time()) self.assertEqual(1, len(self.revoke_api.get_events())) event = model.RevokeEvent() event.revoked_at = _past_time() self.revoke_api.revoke(event) self.assertEqual(1, len(self.revoke_api.get_events()))
def _revoke_by_grant(self, role_id, user_id=None, domain_id=None, project_id=None): event = self.tree.add_event( model.RevokeEvent(user_id=user_id, role_id=role_id, domain_id=domain_id, project_id=project_id)) self.events.append(event) return event
def _revoke_by_expiration(self, user_id, expires_at, project_id=None, domain_id=None): event = self.tree.add_event( model.RevokeEvent(user_id=user_id, expires_at=expires_at, project_id=project_id, domain_id=domain_id)) self.events.append(event) return event
def _revoke_by_audit_chain_id(self, audit_chain_id, project_id=None, domain_id=None): event = self.tree.add_event( model.RevokeEvent(audit_chain_id=audit_chain_id, project_id=project_id, domain_id=domain_id) ) self.events.append(event) return event
def revoke_by_audit_chain_id(self, audit_chain_id, project_id=None, domain_id=None): self._assert_not_domain_and_project_scoped(domain_id=domain_id, project_id=project_id) self.revoke(model.RevokeEvent(audit_chain_id=audit_chain_id, domain_id=domain_id, project_id=project_id))
def revoke_by_expiration(self, user_id, expires_at, domain_id=None, project_id=None): self._assert_not_domain_and_project_scoped(domain_id=domain_id, project_id=project_id) self.revoke( model.RevokeEvent(user_id=user_id, expires_at=expires_at, domain_id=domain_id, project_id=project_id))
def test_disabled_project_in_list(self): project_id = uuid.uuid4().hex sample = dict() sample['project_id'] = six.text_type(project_id) before_time = timeutils.utcnow() self.revoke_api.revoke(model.RevokeEvent(project_id=project_id)) resp = self.get('/OS-REVOKE/events') events = resp.json_body['events'] self.assertEqual(len(events), 1) self.assertReportedEventMatchesRecorded(events[0], sample, before_time)
def list_events(self, last_fetch=None): session = sql.get_session() query = session.query(RevocationEvent).order_by( RevocationEvent.revoked_at) if last_fetch: query = query.filter(RevocationEvent.revoked_at > last_fetch) events = [model.RevokeEvent(**e.to_dict()) for e in query] return events
def test_since_future_time_no_events(self): domain_id = uuid.uuid4().hex sample = dict() sample['domain_id'] = six.text_type(domain_id) self.revoke_api.revoke(model.RevokeEvent(domain_id=domain_id)) resp = self.get('/OS-REVOKE/events') events = resp.json_body['events'] self.assertEqual(len(events), 1) resp = self.get('/OS-REVOKE/events?since=%s' % _future_time_string()) events = resp.json_body['events'] self.assertEqual([], events)
def revoke_by_expiration(self, user_id, expires_at, domain_id=None, project_id=None): if domain_id is not None and project_id is not None: msg = _('The call to keystone.contrib.revoke.Manager ' 'revoke_by_expiration() must not have both domain_id and ' 'project_id. This is a bug in the keystone server. The ' 'current request is aborted.') raise exception.UnexpectedError(exception=msg) self.revoke( model.RevokeEvent(user_id=user_id, expires_at=expires_at, domain_id=domain_id, project_id=project_id))
def revoke_by_expiration(self, user_id, expires_at): self.revoke(model.RevokeEvent(user_id=user_id, expires_at=expires_at))
def _revoke_by_user(self, user_id): return self.tree.add_event(model.RevokeEvent(user_id=user_id))
def _consumer_callback(self, service, resource_type, operation, payload): self.revoke(model.RevokeEvent(consumer_id=payload['resource_info']))
def _revoke_by_audit_id(self, audit_id): event = self.tree.add_event(model.RevokeEvent(audit_id=audit_id)) self.events.append(event) return event
def revoke_by_domain_role_assignment(self, domain_id, role_id): self.revoke(model.RevokeEvent(domain_id=domain_id, role_id=role_id))
def _project_callback(self, service, resource_type, operation, payload): self.revoke(model.RevokeEvent(project_id=payload['resource_info']))
def revoke_by_user_and_project(self, user_id, project_id): self.revoke(model.RevokeEvent(project_id=project_id, user_id=user_id))
def revoke_by_project_role_assignment(self, project_id, role_id): self.revoke(model.RevokeEvent(project_id=project_id, role_id=role_id))
def revoke_by_audit_id(self, audit_id): self.revoke(model.RevokeEvent(audit_id=audit_id))
def revoke_by_user(self, user_id): return self.revoke(model.RevokeEvent(user_id=user_id))
def _revoke_by_expiration(self, user_id, expires_at): event = self.tree.add_event( model.RevokeEvent(user_id=user_id, expires_at=expires_at)) self.events.append(event) return event
def _revoke_by_domain_role_assignment(self, domain_id, role_id): event = self.tree.add_event( model.RevokeEvent(domain_id=domain_id, role_id=role_id)) self.events.append(event) return event
def _revoke_by_user_and_project(self, user_id, project_id): event = self.tree.add_event( model.RevokeEvent(project_id=project_id, user_id=user_id)) self.events.append(event) return event
def _revoke_by_project_role_assignment(self, project_id, role_id): event = self.tree.add_event( model.RevokeEvent(project_id=project_id, role_id=role_id)) self.events.append(event) return event
def _access_token_callback(self, service, resource_type, operation, payload): self.revoke( model.RevokeEvent(access_token_id=payload['resource_info']))
def _revoke_by_domain(self, domain_id): event = self.tree.add_event(model.RevokeEvent(domain_id=domain_id)) self.events.append(event)
def _group_callback(self, service, resource_type, operation, payload): user_ids = (u['id'] for u in self.identity_api.list_users_in_group( payload['resource_info'])) for uid in user_ids: self.revoke(model.RevokeEvent(user_id=uid))