expose the revoke token for V3

Implement the v3 revoke token method for CLI.

Change-Id: Ib01f6341e087866ca05862c200e6c783fb1a8ff5
Closes-Bug: #1331972

keystoneclient/tests/v3/test_tokens.py

@@ -0,0 +1,35 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import uuid
+
+from keystoneclient import access
+from keystoneclient.tests import client_fixtures
+from keystoneclient.tests.v3 import utils
+
+
+class TokenTests(utils.TestCase):
+
+    def test_revoke_token_with_token_id(self):
+        token_id = uuid.uuid4().hex
+        self.stub_url('DELETE', ['/auth/tokens'], status_code=204)
+        self.client.tokens.revoke_token(token_id)
+        self.assertRequestHeaderEqual('X-Subject-Token', token_id)
+
+    def test_revoke_token_with_access_info_instance(self):
+        token_id = uuid.uuid4().hex
+        examples = self.useFixture(client_fixtures.Examples())
+        token_ref = examples.TOKEN_RESPONSES[examples.v3_UUID_TOKEN_DEFAULT]
+        token = access.AccessInfoV3(token_id, token_ref['token'])
+        self.stub_url('DELETE', ['/auth/tokens'], status_code=204)
+        self.client.tokens.revoke_token(token)
+        self.assertRequestHeaderEqual('X-Subject-Token', token_id)

keystoneclient/v3/client.py

@@ -33,6 +33,7 @@ from keystoneclient.v3 import regions
 from keystoneclient.v3 import role_assignments
 from keystoneclient.v3 import roles
 from keystoneclient.v3 import services
+from keystoneclient.v3 import tokens
 from keystoneclient.v3 import users
 
 
@@ -144,6 +145,10 @@ EndpointFilterManager`
 
         :py:class:`keystoneclient.v3.users.UserManager`
 
+    .. py:attribute:: tokens
+
+        :py:class:`keystoneclient.v3.tokens.TokenManager`
+
     .. py:attribute:: trusts
 
         :py:class:`keystoneclient.v3.contrib.trusts.TrustManager`
@@ -170,6 +175,7 @@ EndpointFilterManager`
         self.roles = roles.RoleManager(self)
         self.services = services.ServiceManager(self)
         self.users = users.UserManager(self)
+        self.tokens = tokens.TokenManager(self)
         self.trusts = trusts.TrustManager(self)
 
         # DEPRECATED: if session is passed then we go to the new behaviour of

keystoneclient/v3/tokens.py

@@ -0,0 +1,36 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneclient import access
+from keystoneclient import base
+
+
+class TokenManager(object):
+    """Manager class for manipulating Identity tokens."""
+
+    def __init__(self, client):
+        self._client = client
+
+    def revoke_token(self, token):
+        """Revoke a token.
+
+        :param token: Token to be revoked. This can be an instance of
+                      :py:class:`keystoneclient.access.AccessInfo` or a string
+                      token_id.
+        """
+
+        if isinstance(token, access.AccessInfo):
+            token_id = token.auth_token
+        else:
+            token_id = base.getid(token)
+        headers = {'X-Subject-Token': token_id}
+        return self._client.delete('/auth/tokens', headers=headers)