The User Module¶
- class openstack_auth.user.Token(auth_ref, unscoped_token=None)¶
Encapsulates the AccessInfo object from keystoneclient.
Token object provides a consistent interface for accessing the keystone token information and service catalog.
Added for maintaining backward compatibility with horizon that expects Token object in the user object.
- class openstack_auth.user.User(id=None, token=None, user=None, tenant_id=None, service_catalog=None, tenant_name=None, roles=None, authorized_tenants=None, endpoint=None, enabled=False, services_region=None, user_domain_id=None, user_domain_name=None, domain_id=None, domain_name=None, project_id=None, project_name=None, is_federated=False, unscoped_token=None, password=None, password_expires_at=None, system_scoped=False)¶
A User class with some extra special sauce for Keystone.
In addition to the standard Django user attributes, this class also has the following:
The Keystone token object associated with the current user/tenant.
The token object is deprecated, user auth_ref instead.
The id of the Keystone tenant for the current user/token.
The tenant_id keyword argument is deprecated, use project_id instead.
The name of the Keystone tenant for the current user/token.
The tenant_name keyword argument is deprecated, use project_name instead.
The id of the Keystone project for the current user/token.
The name of the Keystone project for the current user/token.
ServiceCatalogdata returned by Keystone.
A list of dictionaries containing role names and ids as returned by Keystone.
A list of non-identity service endpoint regions extracted from the service catalog.
The domain id of the current user.
The domain name of the current user.
The id of the Keystone domain scoped for the current user/token.
Whether user is federated Keystone user. (Boolean)
Unscoped Keystone token.
Password expiration date.
- exception DoesNotExist¶
- exception MultipleObjectsReturned¶
Returns a memoized list of tenants this user may access.
- property available_services_regions¶
Returns list of unique region name values in service catalog.
- has_a_matching_perm(perm_list, obj=None)¶
Returns True if the user has one of the specified permissions.
If object is passed, it checks if the user has any of the required perms for this object.
- has_perms(perm_list, obj=None)¶
Returns True if the user has all of the specified permissions.
Tuples in the list will possess the required permissions if the user has a permissions matching one of the elements of that tuple
- property is_active¶
bool(x) -> bool
Returns True when the argument x is true, False otherwise. The builtins True and False are the only two instances of the class bool. The class bool is a subclass of the class int, and cannot be subclassed.
- property is_anonymous¶
Return if the user is not authenticated.
Trueif not authenticated,``False`` otherwise.
- property is_authenticated¶
Checks for a valid authentication.
- property is_superuser¶
Evaluates whether this user has admin privileges.
- property is_system_user¶
Check if the user has access to the system scope.
Determine if the token is expired.
Trueif the token is expired,
Falseif not, and
Noneif there is no token set.
margin – A security time margin in seconds before real expiration. Will return
Trueif the token expires in less than
marginseconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.
- save(*args, **kwargs)¶
Save the current instance. Override this in a subclass if you want to control the saving process.
The ‘force_insert’ and ‘force_update’ parameters can be used to insist that the “save” must be an SQL insert or update (or equivalent for non-SQL backends), respectively. Normally, they should not be set.
Returns the number of remaining days until user’s password expires.
Calculates the number days until the user must change their password, once the password expires the user will not able to log in until an admin changes its password.