From 23bef62dabb4fe6c00a97d5f872e8098a548f19f Mon Sep 17 00:00:00 2001
From: Brant Knudson <bknudson@us.ibm.com>
Date: Tue, 1 Dec 2015 11:09:14 -0600
Subject: [PATCH 1/1] Add audit IDs to revocation events

The revoked tokens' audit IDs are added to the dict returned in the
revocation list.

Change-Id: Ifcf88f1158bebddc4f927121fbf4136fb53b659f
---
 keystone/tests/unit/test_backend.py        | 17 ++++++++++++-----
 keystone/tests/unit/test_backend_sql.py    |  3 ++-
 keystone/token/persistence/backends/sql.py | 12 +++++++++++-
 3 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/keystone/tests/unit/test_backend.py b/keystone/tests/unit/test_backend.py
index ebf0ffc..12ad804 100644
--- a/keystone/tests/unit/test_backend.py
+++ b/keystone/tests/unit/test_backend.py
@@ -4534,7 +4534,8 @@ class TokenTests(object):
     def delete_token(self):
         token_id = uuid.uuid4().hex
         data = {'id_hash': token_id, 'id': token_id, 'a': 'b',
-                'user': {'id': 'testuserid'}}
+                'user': {'id': 'testuserid'},
+                'token_data': {'token': {'audit_ids': [uuid.uuid4().hex]}}}
         data_ref = self.token_provider_api._persistence.create_token(token_id,
                                                                      data)
         self.token_provider_api._persistence.delete_token(token_id)
@@ -4597,12 +4598,16 @@ class TokenTests(object):
         token_data = {'id_hash': token_id, 'id': token_id, 'a': 'b',
                       'expires': expire_time,
                       'trust_id': None,
-                      'user': {'id': 'testuserid'}}
+                      'user': {'id': 'testuserid'},
+                      'token_data': {'token': {
+                          'audit_ids': [uuid.uuid4().hex]}}}
         token2_id = uuid.uuid4().hex
         token2_data = {'id_hash': token2_id, 'id': token2_id, 'a': 'b',
                        'expires': expire_time,
                        'trust_id': None,
-                       'user': {'id': 'testuserid'}}
+                       'user': {'id': 'testuserid'},
+                       'token_data': {'token': {
+                           'audit_ids': [uuid.uuid4().hex]}}}
         # Create 2 Tokens.
         self.token_provider_api._persistence.create_token(token_id,
                                                           token_data)
@@ -4637,7 +4642,8 @@ class TokenTests(object):
     def _test_predictable_revoked_pki_token_id(self, hash_fn):
         token_id = self._create_token_id()
         token_id_hash = hash_fn(token_id.encode('utf-8')).hexdigest()
-        token = {'user': {'id': uuid.uuid4().hex}}
+        token = {'user': {'id': uuid.uuid4().hex},
+                 'token_data': {'token': {'audit_ids': [uuid.uuid4().hex]}}}
 
         self.token_provider_api._persistence.create_token(token_id, token)
         self.token_provider_api._persistence.delete_token(token_id)
@@ -4659,7 +4665,8 @@ class TokenTests(object):
 
     def test_predictable_revoked_uuid_token_id(self):
         token_id = uuid.uuid4().hex
-        token = {'user': {'id': uuid.uuid4().hex}}
+        token = {'user': {'id': uuid.uuid4().hex},
+                 'token_data': {'token': {'audit_ids': [uuid.uuid4().hex]}}}
 
         self.token_provider_api._persistence.create_token(token_id, token)
         self.token_provider_api._persistence.delete_token(token_id)
diff --git a/keystone/tests/unit/test_backend_sql.py b/keystone/tests/unit/test_backend_sql.py
index 23b4453..577715f 100644
--- a/keystone/tests/unit/test_backend_sql.py
+++ b/keystone/tests/unit/test_backend_sql.py
@@ -431,7 +431,8 @@ class SqlToken(SqlTests, test_backend.TokenTests):
         # necessary.
 
         expected_query_args = (token_sql.TokenModel.id,
-                               token_sql.TokenModel.expires)
+                               token_sql.TokenModel.expires,
+                               token_sql.TokenModel.extra,)
 
         with mock.patch.object(token_sql, 'sql') as mock_sql:
             tok = token_sql.Token()
diff --git a/keystone/token/persistence/backends/sql.py b/keystone/token/persistence/backends/sql.py
index 45e9a7f..9180a10 100644
--- a/keystone/token/persistence/backends/sql.py
+++ b/keystone/token/persistence/backends/sql.py
@@ -226,13 +226,23 @@ class Token(token.persistence.TokenDriverV8):
         session = sql.get_session()
         tokens = []
         now = timeutils.utcnow()
-        query = session.query(TokenModel.id, TokenModel.expires)
+        query = session.query(TokenModel.id, TokenModel.expires,
+                              TokenModel.extra)
         query = query.filter(TokenModel.expires > now)
         token_references = query.filter_by(valid=False)
         for token_ref in token_references:
+            token_data = token_ref[2]['token_data']
+            if 'token' in token_data:
+                # It's a v3 token.
+                audit_ids = token_data['token']['audit_ids']
+            else:
+                # It's a v2 token.
+                audit_ids = token_data['access']['token']['audit_ids']
+
             record = {
                 'id': token_ref[0],
                 'expires': token_ref[1],
+                'audit_ids': audit_ids,
             }
             tokens.append(record)
         return tokens
-- 
1.9.1