Merge pull request #3002 from coreos-inc/joseph.schorr/QUAY-822/gc-app-tokens

Add a worker to automatically GC expired app specific tokens

data/model/appspecifictoken.py

@@ -64,11 +64,11 @@ def get_expiring_tokens(user, soon):
                  AppSpecificAuthToken.expiration > datetime.now()))
 
 
-def gc_expired_tokens(user):
-  """ Deletes all expired tokens owned by the given user. """
+def gc_expired_tokens(expiration_window):
+  """ Deletes all expired tokens outside of the expiration window. """
   (AppSpecificAuthToken
    .delete()
-   .where(AppSpecificAuthToken.user == user, AppSpecificAuthToken.expiration < datetime.now())
+   .where(AppSpecificAuthToken.expiration < (datetime.now() - expiration_window))
    .execute())
 
 

data/model/test/test_appspecifictoken.py

@@ -1,4 +1,4 @@
-from datetime import datetime
+from datetime import datetime, timedelta
 from mock import patch
 
 import pytest
@@ -36,7 +36,7 @@ def test_gc(expiration, initialized_db):
   token = create_token(user, 'Some token', expiration=expiration_date)
 
   # GC tokens.
-  gc_expired_tokens(user)
+  gc_expired_tokens(timedelta(seconds=0))
 
   # Ensure the token was GCed if expired and not if it wasn't.
   assert (access_valid_token(token.token_code) is None) == is_expired