x/swauth
Code Issues Proposed changes

Added ability to purge stored tokens. Fixes #5

Browse Source
This commit is contained in:
gholt 2011-06-06 00:06:59 +00:00
parent 96e1a78428
commit c6533ba327
2 changed files with 56 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
bin/swauth-cleanup-tokens
View File

@ -46,6 +46,11 @@ if __name__ == '__main__':
'subsystem (default: http://127.0.0.1:8080/auth/)') 'subsystem (default: http://127.0.0.1:8080/auth/)')
parser.add_option('-K', '--admin-key', dest='admin_key', parser.add_option('-K', '--admin-key', dest='admin_key',
help='The key for .super_admin.') help='The key for .super_admin.')
parser.add_option('', '--purge', dest='purge_account', help='Purges all '
'tokens for a given account whether the tokens have expired or not.')
parser.add_option('', '--purge-all', dest='purge_all', action='store_true',
default=False, help='Purges all tokens for all accounts and users '
'whether the tokens have expired or not.')
args = argv[1:] args = argv[1:]
if not args: if not args:
args.append('-h') args.append('-h')
@ -59,6 +64,38 @@ if __name__ == '__main__':
options.token_life = timedelta(0, float(options.token_life)) options.token_life = timedelta(0, float(options.token_life))
options.sleep = float(options.sleep) options.sleep = float(options.sleep)
conn = Connection(options.admin_url, options.admin_user, options.admin_key) conn = Connection(options.admin_url, options.admin_user, options.admin_key)
if options.purge_account:
marker = None
while True:
if options.verbose:
print 'GET %s?marker=%s' % (options.purge_account, marker)
objs = conn.get_container(options.purge_account, marker=marker)[1]
if objs:
marker = objs[-1]['name']
else:
if options.verbose:
print 'No more objects in %s' % options.purge_account
break
for obj in objs:
if options.verbose:
print 'HEAD %s/%s' % (options.purge_account, obj['name'])
headers = conn.head_object(options.purge_account, obj['name'])
if 'x-object-meta-auth-token' in headers:
token = headers['x-object-meta-auth-token']
container = '.token_%s' % token[-1]
if options.verbose:
print '%s/%s purge account %r; deleting' % \
(container, token, options.purge_account)
print 'DELETE %s/%s' % (container, token)
try:
conn.delete_object(container, token)
except ClientException, err:
if err.http_status != 404:
raise
continue
if options.verbose:
print 'Done.'
exit(0)
for x in xrange(16): for x in xrange(16):
container = '.token_%x' % x container = '.token_%x' % x
marker = None marker = None
@ -81,6 +118,17 @@ if __name__ == '__main__':
print 'No more objects in %s' % container print 'No more objects in %s' % container
break break
for obj in objs: for obj in objs:
if options.purge_all:
if options.verbose:
print '%s/%s purge all; deleting' % \
(container, obj['name'])
print 'DELETE %s/%s' % (container, obj['name'])
try:
conn.delete_object(container, obj['name'])
except ClientException, err:
if err.http_status != 404:
raise
continue
last_modified = datetime(*map(int, re.split('[^\d]', last_modified = datetime(*map(int, re.split('[^\d]',
obj['last_modified'])[:-1])) obj['last_modified'])[:-1]))
ago = datetime.utcnow() - last_modified ago = datetime.utcnow() - last_modified

8
doc/source/details.rst
View File

@ -6,6 +6,14 @@ The Swauth system is a scalable authentication and authorization system that
uses Swift itself as its backing store. This section will describe how it uses Swift itself as its backing store. This section will describe how it
stores its data. stores its data.
.. note::
You can access Swauth's internal .auth account by using the account:user of
.super_admin:.super_admin and the super admin key you have set in your
configuration. Here's an example using `st` on a standard SAIO: ``st -A
http://127.0.0.1:8080/auth/v1.0 -U .super_admin:.super_admin -K swauthkey
stat``
At the topmost level, the auth system has its own Swift account it stores its At the topmost level, the auth system has its own Swift account it stores its
own account information within. This Swift account is known as own account information within. This Swift account is known as
self.auth_account in the code and its name is in the format self.auth_account in the code and its name is in the format