TokenDatabaseStore¶
- class gafaelfawr.storage.token.TokenDatabaseStore(session)¶
Bases:
object
Stores and manipulates tokens in the database.
Tokens exist in both Redis and in the database. Redis is the source of truth for the validity of the token and the only data store that holds the supplemental user information that will eventually be replaced by an identity management system. The database is the canonical store for user-given token names and for the relationship between tokens.
- Parameters:
session (
async_scoped_session
) – The database session proxy.
Methods Summary
add
(data, *[, token_name, parent])Store a new token.
Count the number of unique users with active session tokens.
Count the number of unexpired user tokens.
delete
(key)Delete a token.
Delete entries for expired tokens from the database.
get_children
(key)Return all children (recursively) of a token.
get_info
(key)Return information about a token.
get_internal_token_key
(token_data, service, ...)Retrieve an existing internal child token.
get_notebook_token_key
(token_data, min_expires)Retrieve an existing notebook child token.
List all orphaned tokens.
list_tokens
(*[, username, token_type, limit])List tokens.
List all tokens including parent information.
modify
(key, *[, token_name, scopes, ...])Modify a token.
Methods Documentation
- async add(data, *, token_name=None, parent=None)¶
Store a new token.
- Parameters:
- Raises:
DuplicateTokenNameError – Raised if the user already has a token by that name.
- Return type:
- async count_unique_sessions()¶
Count the number of unique users with active session tokens.
- Returns:
Count of users.
- Return type:
- async count_user_tokens()¶
Count the number of unexpired user tokens.
- Returns:
Count of user tokens.
- Return type:
- async delete(key)¶
Delete a token.
- async delete_expired()¶
Delete entries for expired tokens from the database.
- async get_children(key)¶
Return all children (recursively) of a token.
- async get_info(key)¶
Return information about a token.
- async get_internal_token_key(token_data, service, scopes, min_expires)¶
Retrieve an existing internal child token.
- async get_notebook_token_key(token_data, min_expires)¶
Retrieve an existing notebook child token.
- async list_orphaned()¶
List all orphaned tokens.
Tokens are orphaned if they appear in the subtoken table but their parent column is null.
- async list_tokens(*, username=None, token_type=None, limit=None)¶
List tokens.
- Parameters:
- Returns:
Information about the tokens.
- Return type:
- async list_with_parents()¶
List all tokens including parent information.
This is a slower and more expensive query than
list
, used for audits.
- async modify(key, *, token_name=None, scopes=None, expires=None, no_expire=False)¶
Modify a token.
- Parameters:
token – Token to modify.
token_name (
str
|None
, default:None
) – New name for the token.scopes (
set
[str
] |None
, default:None
) – New scopes for the token.expires (
datetime
|None
, default:None
) – New expiration time for the token.no_expire (
bool
, default:False
) – If set, the token should not expire. This is a separate parameter because passingNone
toexpires
is ambiguous.key (
str
)
- Returns:
Information for the updated token or
None
if it was not found.- Return type:
TokenInfo or None
- Raises:
DuplicateTokenNameError – Raised if the user already has a token by that name.