glance.common.auth module

This auth module is intended to allow OpenStack client-tools to select from a variety of authentication strategies, including NoAuth (the default), and Keystone (an identity management system).

> auth_plugin = AuthPlugin(creds)

> auth_plugin.authenticate()

> auth_plugin.auth_token abcdefg

> auth_plugin.management_url http://service_endpoint/

class glance.common.auth.BaseStrategy[source]

Bases: object

authenticate()[source]
property is_authenticated
property strategy
class glance.common.auth.KeystoneStrategy(creds, insecure=False, configure_via_auth=True)[source]

Bases: glance.common.auth.BaseStrategy

MAX_REDIRECTS = 10
authenticate()[source]

Authenticate with the Keystone service.

There are a few scenarios to consider here:

  1. Which version of Keystone are we using? v1 which uses headers to pass the credentials, or v2 which uses a JSON encoded request body?

  2. Keystone may respond back with a redirection using a 305 status code.

  3. We may attempt a v1 auth when v2 is what’s called for. In this case, we rewrite the url to contain /v2.0/ and retry using the v2 protocol.

check_auth_params()[source]
property is_authenticated
property strategy
class glance.common.auth.NoAuthStrategy[source]

Bases: glance.common.auth.BaseStrategy

authenticate()[source]
property is_authenticated
property strategy
glance.common.auth.get_endpoint(service_catalog, service_type='image', endpoint_region=None, endpoint_type='publicURL')[source]

Select an endpoint from the service catalog

We search the full service catalog for services matching both type and region. If the client supplied no region then any ‘image’ endpoint is considered a match. There must be one – and only one – successful match in the catalog, otherwise we will raise an exception.

glance.common.auth.get_plugin_from_strategy(strategy, creds=None, insecure=False, configure_via_auth=True)[source]