The User Module

class openstack_auth.user.Token(auth_ref, unscoped_token=None)[source]

Encapsulates the AccessInfo object from keystoneclient.

Token object provides a consistent interface for accessing the keystone token information and service catalog.

Added for maintaining backward compatibility with horizon that expects Token object in the user object.

class openstack_auth.user.User(id=None, token=None, user=None, tenant_id=None, service_catalog=None, tenant_name=None, roles=None, authorized_tenants=None, endpoint=None, enabled=False, services_region=None, user_domain_id=None, user_domain_name=None, domain_id=None, domain_name=None, project_id=None, project_name=None, is_federated=False, unscoped_token=None, password=None, password_expires_at=None)[source]

A User class with some extra special sauce for Keystone.

In addition to the standard Django user attributes, this class also has the following:

token

The Keystone token object associated with the current user/tenant.

The token object is deprecated, user auth_ref instead.

tenant_id

The id of the Keystone tenant for the current user/token.

The tenant_id keyword argument is deprecated, use project_id instead.

tenant_name

The name of the Keystone tenant for the current user/token.

The tenant_name keyword argument is deprecated, use project_name instead.

project_id

The id of the Keystone project for the current user/token.

project_name

The name of the Keystone project for the current user/token.

service_catalog

The ServiceCatalog data returned by Keystone.

roles

A list of dictionaries containing role names and ids as returned by Keystone.

services_region

A list of non-identity service endpoint regions extracted from the service catalog.

user_domain_id

The domain id of the current user.

user_domain_name

The domain name of the current user.

domain_id

The id of the Keystone domain scoped for the current user/token.

is_federated

Whether user is federated Keystone user. (Boolean)

unscoped_token

Unscoped Keystone token.

password_expires_at

Password expiration date. This attribute could be None when using keystone version < 3.0 or if the feature is not enabled in keystone.

exception DoesNotExist
exception MultipleObjectsReturned
property authorized_tenants

Returns a memoized list of tenants this user may access.

property available_services_regions

Returns list of unique region name values in service catalog.

has_a_matching_perm(perm_list, obj=None)[source]

Returns True if the user has one of the specified permissions.

If object is passed, it checks if the user has any of the required perms for this object.

has_perms(perm_list, obj=None)[source]

Returns True if the user has all of the specified permissions.

Tuples in the list will possess the required permissions if the user has a permissions matching one of the elements of that tuple

property is_active

bool(x) -> bool

Returns True when the argument x is true, False otherwise. The builtins True and False are the only two instances of the class bool. The class bool is a subclass of the class int, and cannot be subclassed.

property is_anonymous

Return if the user is not authenticated.

Returns

True if not authenticated,``False`` otherwise.

property is_authenticated

Checks for a valid authentication.

property is_superuser

Evaluates whether this user has admin privileges.

Returns

True or False.

is_token_expired(margin=None)[source]

Determine if the token is expired.

Returns

True if the token is expired, False if not, and None if there is no token set.

Parameters

margin – A security time margin in seconds before real expiration. Will return True if the token expires in less than margin seconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.

save(*args, **kwargs)[source]

Save the current instance. Override this in a subclass if you want to control the saving process.

The ‘force_insert’ and ‘force_update’ parameters can be used to insist that the “save” must be an SQL insert or update (or equivalent for non-SQL backends), respectively. Normally, they should not be set.

time_until_expiration()[source]

Returns the number of remaining days until user’s password expires.

Calculates the number days until the user must change their password, once the password expires the user will not able to log in until an admin changes its password.