2e51473138
Base API for reporting revocation events. The KVS Backend uses the Dogpile backed KVS stores. Modifies the places that were directly deleting tokens to also generate revocation events. Where possible the revocations are triggered by listening to the notifications. Some places, the callers have been modified instead. This is usually due to the need to iterate through a collection, such as users in a group. Adds a config file option to disable the existing mechanisms that support revoking a token by that token's id: revoke_by_id. This flag is necessary to test that the revocation mechanism is working as defined, but will also be part of the phased removal of the older mechanisms. TokenRevoke tests have been extended to test both with and without revoke-by-id enabled. Note: The links aren't populated in the list_events response. SQL Backend for Revocation Events Initializes the SQL Database for the revocation backend. This patch refactors the sql migration call from the CLI so that the test framework can use it as well. The sql backend for revcations is exercized by test_notifications and must be properly initialized. Revoke By Search Tree Co-Authored-By: Yuriy Taraday (Yoriksar) create a set of nested maps for the events. Look up revocation by traversing down the tree. Blueprint: revocation-events Change-Id: If76c8cd5d01a5b991c58a4d1a9d534b2a3da875a |
||
---|---|---|
.. | ||
default_catalog.templates | ||
keystone-paste.ini | ||
keystone.conf.sample | ||
logging.conf.sample | ||
policy.json | ||
policy.v3cloudsample.json |