From 07d45effefcf9716d6d1a3387c9b921c662338d5 Mon Sep 17 00:00:00 2001 From: wanghong Date: Thu, 26 Jun 2014 10:47:23 +0800 Subject: [PATCH] expose the revoke token for V3 Implement the v3 revoke token method for CLI. Change-Id: Ib01f6341e087866ca05862c200e6c783fb1a8ff5 Closes-Bug: #1331972 --- keystoneclient/tests/v3/test_tokens.py | 35 +++++++++++++++++++++++++ keystoneclient/v3/client.py | 6 +++++ keystoneclient/v3/tokens.py | 36 ++++++++++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 keystoneclient/tests/v3/test_tokens.py create mode 100644 keystoneclient/v3/tokens.py diff --git a/keystoneclient/tests/v3/test_tokens.py b/keystoneclient/tests/v3/test_tokens.py new file mode 100644 index 000000000..f608d6d4a --- /dev/null +++ b/keystoneclient/tests/v3/test_tokens.py @@ -0,0 +1,35 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +import uuid + +from keystoneclient import access +from keystoneclient.tests import client_fixtures +from keystoneclient.tests.v3 import utils + + +class TokenTests(utils.TestCase): + + def test_revoke_token_with_token_id(self): + token_id = uuid.uuid4().hex + self.stub_url('DELETE', ['/auth/tokens'], status_code=204) + self.client.tokens.revoke_token(token_id) + self.assertRequestHeaderEqual('X-Subject-Token', token_id) + + def test_revoke_token_with_access_info_instance(self): + token_id = uuid.uuid4().hex + examples = self.useFixture(client_fixtures.Examples()) + token_ref = examples.TOKEN_RESPONSES[examples.v3_UUID_TOKEN_DEFAULT] + token = access.AccessInfoV3(token_id, token_ref['token']) + self.stub_url('DELETE', ['/auth/tokens'], status_code=204) + self.client.tokens.revoke_token(token) + self.assertRequestHeaderEqual('X-Subject-Token', token_id) diff --git a/keystoneclient/v3/client.py b/keystoneclient/v3/client.py index f632840af..dcb1aef3d 100644 --- a/keystoneclient/v3/client.py +++ b/keystoneclient/v3/client.py @@ -33,6 +33,7 @@ from keystoneclient.v3 import regions from keystoneclient.v3 import role_assignments from keystoneclient.v3 import roles from keystoneclient.v3 import services +from keystoneclient.v3 import tokens from keystoneclient.v3 import users @@ -144,6 +145,10 @@ EndpointFilterManager` :py:class:`keystoneclient.v3.users.UserManager` + .. py:attribute:: tokens + + :py:class:`keystoneclient.v3.tokens.TokenManager` + .. py:attribute:: trusts :py:class:`keystoneclient.v3.contrib.trusts.TrustManager` @@ -170,6 +175,7 @@ EndpointFilterManager` self.roles = roles.RoleManager(self) self.services = services.ServiceManager(self) self.users = users.UserManager(self) + self.tokens = tokens.TokenManager(self) self.trusts = trusts.TrustManager(self) # DEPRECATED: if session is passed then we go to the new behaviour of diff --git a/keystoneclient/v3/tokens.py b/keystoneclient/v3/tokens.py new file mode 100644 index 000000000..85735bfc2 --- /dev/null +++ b/keystoneclient/v3/tokens.py @@ -0,0 +1,36 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystoneclient import access +from keystoneclient import base + + +class TokenManager(object): + """Manager class for manipulating Identity tokens.""" + + def __init__(self, client): + self._client = client + + def revoke_token(self, token): + """Revoke a token. + + :param token: Token to be revoked. This can be an instance of + :py:class:`keystoneclient.access.AccessInfo` or a string + token_id. + """ + + if isinstance(token, access.AccessInfo): + token_id = token.auth_token + else: + token_id = base.getid(token) + headers = {'X-Subject-Token': token_id} + return self._client.delete('/auth/tokens', headers=headers)