keystone.token package

updated: 2021-10-01 03:16

keystone.token package¶

Submodules¶

keystone.token.provider module¶

Token provider interface.

class keystone.token.provider.Manager[source]¶

Bases: keystone.common.manager.Manager

Default pivot point for the token provider backend.

See keystone.common.manager.Manager for more details on how this dynamically calls the backend.

INVALIDATE_PROJECT_TOKEN_PERSISTENCE = 'invalidate_project_tokens'¶

INVALIDATE_USER_TOKEN_PERSISTENCE = 'invalidate_user_tokens'¶

V3 = 'v3.0'¶

VERSIONS = frozenset(['v3.0'])¶

check_revocation(*args, **kwargs)[source]¶

check_revocation_v3(*args, **kwargs)[source]¶

driver_namespace = 'keystone.token.provider'¶

invalidate_individual_token_cache(*args, **kwargs)[source]¶

issue_token(*args, **kwargs)[source]¶

list_revoked_tokens(*args, **kwargs)[source]¶

revoke_token(*args, **kwargs)[source]¶

validate_token(*args, **kwargs)[source]¶

keystone.token.token_formatters module¶

class keystone.token.token_formatters.ApplicationCredentialScopedPayload[source]¶

Bases: keystone.token.token_formatters.BasePayload

classmethod assemble(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id)[source]¶

classmethod create_arguments_apply(**kwargs)[source]¶

classmethod disassemble(payload)[source]¶

version = 9¶

class keystone.token.token_formatters.BasePayload[source]¶

Bases: object

classmethod assemble(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id)[source]¶

Assemble the payload of a token.

Parameters:

Parameters:	user_id – identifier of the user in the token request methods – list of authentication methods used system – a string including system scope information project_id – ID of the project to scope to domain_id – ID of the domain to scope to expires_at – datetime of the token’s expiration audit_ids – list of the token’s audit IDs trust_id – ID of the trust in effect federated_info – dictionary containing group IDs, the identity provider ID, protocol ID, and federated domain ID access_token_id – ID of the secret in OAuth1 authentication app_cred_id – ID of the application credential in effect
Returns:	the payload of a token

user_id – identifier of the user in the token request
methods – list of authentication methods used
system – a string including system scope information
project_id – ID of the project to scope to
domain_id – ID of the domain to scope to
expires_at – datetime of the token’s expiration
audit_ids – list of the token’s audit IDs
trust_id – ID of the trust in effect
federated_info – dictionary containing group IDs, the identity provider ID, protocol ID, and federated domain ID
access_token_id – ID of the secret in OAuth1 authentication
app_cred_id – ID of the application credential in effect

Returns:

the payload of a token

classmethod attempt_convert_uuid_hex_to_bytes(value)[source]¶

Attempt to convert value to bytes or return value.

Parameters:	value – value to attempt to convert to bytes
Returns:	tuple containing boolean indicating whether user_id was stored as bytes and uuid value as bytes or the original value

classmethod base64_encode(s)[source]¶

Encode a URL-safe string.

Return type:	six.text_type

classmethod convert_uuid_bytes_to_hex(uuid_byte_string)[source]¶

Generate uuid.hex format based on byte string.

Parameters:	uuid_byte_string – uuid string to generate from
Returns:	uuid hex formatted string

classmethod convert_uuid_hex_to_bytes(uuid_string)[source]¶

Compress UUID formatted strings to bytes.

Parameters:	uuid_string – uuid string to compress to bytes
Returns:	a byte representation of the uuid

classmethod create_arguments_apply(**kwargs)[source]¶

Check the arguments to see if they apply to this payload variant.

Returns:	True if the arguments indicate that this payload class is needed for the token otherwise returns False.
Return type:	bool

classmethod disassemble(payload)[source]¶

Disassemble an unscoped payload into the component data.

The tuple consists of:

(user_id, methods, system, project_id, domain_id,
 expires_at_str, audit_ids, trust_id, federated_info,
 access_token_id, app_cred_id)

methods are the auth methods.
federated_info is a dict contains the group IDs, the identity provider ID, the protocol ID, and the federated domain ID

Fields will be set to None if they didn’t apply to this payload type.

Parameters:	payload – this variant of payload
Returns:	a tuple of the payloads component data

classmethod random_urlsafe_str_to_bytes(s)[source]¶

Convert a string from random_urlsafe_str() to six.binary_type.

Return type:	six.binary_type

version = None¶

class keystone.token.token_formatters.DomainScopedPayload[source]¶

Bases: keystone.token.token_formatters.BasePayload

classmethod assemble(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id)[source]¶

classmethod create_arguments_apply(**kwargs)[source]¶

classmethod disassemble(payload)[source]¶

version = 1¶

class keystone.token.token_formatters.FederatedDomainScopedPayload[source]¶

Bases: keystone.token.token_formatters.FederatedScopedPayload

classmethod create_arguments_apply(**kwargs)[source]¶

version = 6¶

class keystone.token.token_formatters.FederatedProjectScopedPayload[source]¶

Bases: keystone.token.token_formatters.FederatedScopedPayload

classmethod create_arguments_apply(**kwargs)[source]¶

version = 5¶

class keystone.token.token_formatters.FederatedScopedPayload[source]¶

Bases: keystone.token.token_formatters.FederatedUnscopedPayload

classmethod assemble(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id)[source]¶

classmethod disassemble(payload)[source]¶

version = None¶

class keystone.token.token_formatters.FederatedUnscopedPayload[source]¶

Bases: keystone.token.token_formatters.BasePayload

classmethod assemble(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id)[source]¶

classmethod create_arguments_apply(**kwargs)[source]¶

classmethod disassemble(payload)[source]¶

classmethod pack_group_id(group_dict)[source]¶

classmethod unpack_group_id(group_id_in_bytes)[source]¶

version = 4¶

class keystone.token.token_formatters.OauthScopedPayload[source]¶

Bases: keystone.token.token_formatters.BasePayload

classmethod assemble(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id)[source]¶

classmethod create_arguments_apply(**kwargs)[source]¶

classmethod disassemble(payload)[source]¶

version = 7¶

class keystone.token.token_formatters.ProjectScopedPayload[source]¶

Bases: keystone.token.token_formatters.BasePayload

classmethod assemble(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id)[source]¶

classmethod create_arguments_apply(**kwargs)[source]¶

classmethod disassemble(payload)[source]¶

version = 2¶

class keystone.token.token_formatters.SystemScopedPayload[source]¶

Bases: keystone.token.token_formatters.BasePayload

classmethod assemble(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id)[source]¶

classmethod create_arguments_apply(**kwargs)[source]¶

classmethod disassemble(payload)[source]¶

version = 8¶

class keystone.token.token_formatters.TokenFormatter[source]¶

Bases: object

Packs and unpacks payloads into tokens for transport.

create_token(user_id, expires_at, audit_ids, methods=None, system=None, domain_id=None, project_id=None, trust_id=None, federated_info=None, access_token_id=None, app_cred_id=None)[source]¶: Given a set of payload attributes, generate a Fernet token.

classmethod creation_time(fernet_token)[source]¶

Return the creation time of a valid Fernet token.

crypto¶

Return a cryptography instance.

You can extend this class with a custom crypto @property to provide your own token encoding / decoding. For example, using a different cryptography library (e.g. python-keyczar) or to meet arbitrary security requirements.

This @property just needs to return an object that implements encrypt(plaintext) and decrypt(ciphertext).

pack(payload)[source]¶

Pack a payload for transport as a token.

Return type:	six.text_type

classmethod restore_padding(token)[source]¶

Restore padding based on token size.

Parameters:	token (six.text_type) – token to restore padding on
Returns:	token with correct padding

unpack(token)[source]¶

Unpack a token, and validate the payload.

Return type:	six.binary_type

validate_token(token)[source]¶

Validate a Fernet token and returns the payload attributes.

class keystone.token.token_formatters.TrustScopedPayload[source]¶

Bases: keystone.token.token_formatters.BasePayload

classmethod assemble(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id)[source]¶

classmethod create_arguments_apply(**kwargs)[source]¶

classmethod disassemble(payload)[source]¶

version = 3¶

class keystone.token.token_formatters.UnscopedPayload[source]¶

Bases: keystone.token.token_formatters.BasePayload

classmethod assemble(user_id, methods, system, project_id, domain_id, expires_at, audit_ids, trust_id, federated_info, access_token_id, app_cred_id)[source]¶

classmethod create_arguments_apply(**kwargs)[source]¶

classmethod disassemble(payload)[source]¶

version = 0¶

Module contents¶

updated: 2021-10-01 03:16

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.