keystone.models package

Submodules

keystone.models.revoke_model module

class keystone.models.revoke_model.RevokeEvent(**kwargs)[source]

Bases: object

key_for_name(name)[source]
to_dict()[source]
class keystone.models.revoke_model.RevokeTree(revoke_events=None)[source]

Bases: object

Fast Revocation Checking Tree Structure

The Tree is an index to quickly match tokens against events. Each node is a hashtable of key=value combinations from revocation events. The

add_event(event)[source]

Updates the tree based on a revocation event.

Creates any necessary internal nodes in the tree corresponding to the fields of the revocation event. The leaf node will always be set to the latest ‘issued_before’ for events that are otherwise identical.

Param:Event to add to the tree
Returns:the event that was passed in.
add_events(revoke_events)[source]
is_revoked(token_data)[source]

Check if a token matches the revocation event

Compare the values for each level of the tree with the values from the token, accounting for attributes that have alternative keys, and for wildcard matches. if there is a match, continue down the tree. if there is no match, exit early.

token_data is a map based on a flattened view of token. The required fields are:

‘expires_at’,’user_id’, ‘project_id’, ‘identity_domain_id’, ‘assignment_domain_id’, ‘trust_id’, ‘trustor_id’, ‘trustee_id’ ‘consumer_id’, ‘access_token_id’
remove_event(event)[source]

Update the tree based on the removal of a Revocation Event

Removes empty nodes from the tree from the leaf back to the root.

If multiple events trace the same path, but have different ‘issued_before’ values, only the last is ever stored in the tree. So only an exact match on ‘issued_before’ ever triggers a removal

Param:Event to remove from the tree
keystone.models.revoke_model.attr_keys(event)[source]
keystone.models.revoke_model.blank_token_data(issued_at)[source]
keystone.models.revoke_model.build_token_values(token_data)[source]
keystone.models.revoke_model.build_token_values_v2(access, default_domain_id)[source]

keystone.models.token_model module

Unified in-memory token model.

class keystone.models.token_model.KeystoneToken(token_id, token_data)[source]

Bases: dict

An in-memory representation that unifies v2 and v3 tokens.

audit_chain_id
audit_id
auth_token
bind
domain_id
domain_name
domain_scoped
expires
federation_group_ids
federation_idp_id
federation_protocol_id
is_federated_user
issued
metadata
methods
oauth_access_token_id
oauth_consumer_id
oauth_scoped
project_domain_id
project_domain_name
project_id
project_name
project_scoped
role_ids
role_names
scoped
trust_id
trust_impersonation
trust_scoped
trustee_user_id
trustor_user_id
user_domain_id
user_domain_name
user_id
user_name

Module contents