openstack_keystone_core/revoke/backend.rs
1// Licensed under the Apache License, Version 2.0 (the "License");
2// you may not use this file except in compliance with the License.
3// You may obtain a copy of the License at
4//
5// http://www.apache.org/licenses/LICENSE-2.0
6//
7// Unless required by applicable law or agreed to in writing, software
8// distributed under the License is distributed on an "AS IS" BASIS,
9// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10// See the License for the specific language governing permissions and
11// limitations under the License.
12//
13// SPDX-License-Identifier: Apache-2.0
14//! Token revocation: Backends.
15//! Revocation provider Backend trait.
16use async_trait::async_trait;
17
18use crate::keystone::ServiceState;
19use crate::revoke::{RevokeProviderError, types::*};
20use crate::token::types::Token;
21
22//pub mod error;
23
24/// RevokeBackend trait.
25///
26/// Backend driver interface expected by the revocation provider.
27#[cfg_attr(test, mockall::automock)]
28#[async_trait]
29pub trait RevokeBackend: Send + Sync {
30 /// Create revocation event.
31 async fn create_revocation_event(
32 &self,
33 state: &ServiceState,
34 event: RevocationEventCreate,
35 ) -> Result<RevocationEvent, RevokeProviderError>;
36
37 /// Check token revocation.
38 ///
39 /// Check whether there are existing revocation records that invalidate the
40 /// token.
41 async fn is_token_revoked(
42 &self,
43 state: &ServiceState,
44 token: &Token,
45 ) -> Result<bool, RevokeProviderError>;
46
47 /// Revoke the token.
48 ///
49 /// Mark the token as revoked to prohibit from being used even while not
50 /// expired.
51 async fn revoke_token(
52 &self,
53 state: &ServiceState,
54 token: &Token,
55 ) -> Result<(), RevokeProviderError>;
56}