keystone.api.auth module¶

class keystone.api.auth.AuthAPI(blueprint_url_prefix='', api_url_prefix='', default_mediatype='application/json', decorators=None, errors=None)[source]¶

Bases: APIBase

resource_mapping = [(<class 'keystone.api.auth.AuthProjectsResource'>, '/auth/projects', [{'json_home': ('https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/projects', 'stable', {}), 'url': '/OS-FEDERATION/projects'}], {}, ('https://docs.openstack.org/api/openstack-identity/3/rel/auth_projects', 'stable', {})), (<class 'keystone.api.auth.AuthDomainsResource'>, '/auth/domains', [{'json_home': ('https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/domains', 'stable', {}), 'url': '/OS-FEDERATION/domains'}], {}, ('https://docs.openstack.org/api/openstack-identity/3/rel/auth_domains', 'stable', {})), (<class 'keystone.api.auth.AuthSystemResource'>, '/auth/system', None, {}, ('https://docs.openstack.org/api/openstack-identity/3/rel/auth_system', 'stable', {})), (<class 'keystone.api.auth.AuthCatalogResource'>, '/auth/catalog', None, {}, ('https://docs.openstack.org/api/openstack-identity/3/rel/auth_catalog', 'stable', {})), (<class 'keystone.api.auth.AuthTokenOSPKIResource'>, '/auth/tokens/OS-PKI/revoked', None, {}, ('https://docs.openstack.org/api/openstack-identity/3/ext/OS-PKI/1.0/rel/revocations', 'stable', {})), (<class 'keystone.api.auth.AuthTokenResource'>, '/auth/tokens', None, {}, ('https://docs.openstack.org/api/openstack-identity/3/rel/auth_tokens', 'stable', {}))]¶

resources = []¶

class keystone.api.auth.AuthCatalogResource[source]¶

Bases: _AuthFederationWebSSOBase

get()[source]¶

Get service catalog for token.

GET/HEAD /v3/auth/catalog

methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶: The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class keystone.api.auth.AuthDomainsResource[source]¶

Bases: ResourceBase

collection_key = 'domains'¶

get()[source]¶

Get possible domain scopes for token.

GET/HEAD /v3/auth/domains GET/HEAD /v3/OS-FEDERATION/domains

member_key = 'domain'¶

methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶: The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class keystone.api.auth.AuthFederationAPI(blueprint_url_prefix='', api_url_prefix='', default_mediatype='application/json', decorators=None, errors=None)[source]¶

Bases: APIBase

resource_mapping = [(<class 'keystone.api.auth.AuthFederationSaml2Resource'>, '/auth/OS-FEDERATION/saml2', None, {}, ('https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/saml2', 'stable', {})), (<class 'keystone.api.auth.AuthFederationSaml2ECPResource'>, '/auth/OS-FEDERATION/saml2/ecp', None, {}, ('https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/ecp', 'stable', {})), (<class 'keystone.api.auth.AuthFederationWebSSOResource'>, '/auth/OS-FEDERATION/websso/<string:protocol_id>', None, {}, ('https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/websso', 'stable', {'protocol_id': 'https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/param/protocol_id'})), (<class 'keystone.api.auth.AuthFederationWebSSOIDPsResource'>, '/auth/OS-FEDERATION/identity_providers/<string:idp_id>/protocols/<string:protocol_id>/websso', None, {}, ('https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/rel/identity_providers_websso', 'stable', {'idp_id': 'https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/param/idp_id', 'protocol_id': 'https://docs.openstack.org/api/openstack-identity/3/ext/OS-FEDERATION/1.0/param/protocol_id'}))]¶

resources = []¶

class keystone.api.auth.AuthFederationSaml2ECPResource[source]¶

Bases: _AuthFederationWebSSOBase

get()[source]¶

methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶: The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post()[source]¶

Exchange a scoped token for an ECP assertion.

POST /v3/auth/OS-FEDERATION/saml2/ecp

class keystone.api.auth.AuthFederationSaml2Resource[source]¶

Bases: _AuthFederationWebSSOBase

get()[source]¶

methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶: The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post()[source]¶

Exchange a scoped token for a SAML assertion.

POST /v3/auth/OS-FEDERATION/saml2

class keystone.api.auth.AuthFederationWebSSOIDPsResource[source]¶

Bases: _AuthFederationWebSSOBase

get(idp_id, protocol_id)[source]¶

methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶: The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post(idp_id, protocol_id)[source]¶

class keystone.api.auth.AuthFederationWebSSOResource[source]¶

Bases: _AuthFederationWebSSOBase

get(protocol_id)[source]¶

methods: t.ClassVar[t.Collection[str] | None] = {'GET', 'POST'}¶: The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post(protocol_id)[source]¶

class keystone.api.auth.AuthProjectsResource[source]¶

Bases: ResourceBase

collection_key = 'projects'¶

get()[source]¶

Get possible project scopes for token.

GET/HEAD /v3/auth/projects GET/HEAD /v3/OS-FEDERATION/projects

member_key = 'project'¶

methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶: The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class keystone.api.auth.AuthSystemResource[source]¶

Bases: _AuthFederationWebSSOBase

get()[source]¶

Get possible system scopes for token.

GET/HEAD /v3/auth/system

methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶: The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class keystone.api.auth.AuthTokenOSPKIResource[source]¶

Bases: Resource

get()[source]¶

Deprecated; get revoked token list.

GET/HEAD /v3/auth/tokens/OS-PKI/revoked

methods: t.ClassVar[t.Collection[str] | None] = {'GET'}¶: The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

class keystone.api.auth.AuthTokenResource[source]¶

Bases: _AuthFederationWebSSOBase

delete()[source]¶

Revoke a token.

DELETE /v3/auth/tokens

get()[source]¶

Validate a token.

HEAD/GET /v3/auth/tokens

methods: t.ClassVar[t.Collection[str] | None] = {'DELETE', 'GET', 'POST'}¶: The methods this view is registered for. Uses the same default (["GET", "HEAD", "OPTIONS"]) as route and add_url_rule by default.

post()[source]¶

Issue a token.

POST /v3/auth/tokens

keystone.api.auth module

keystone.api.auth module¶

keystone 25.0.1.dev10

Page Contents