keystone.token.providers package¶
Subpackages¶
Submodules¶
keystone.token.providers.base module¶
-
class
keystone.token.providers.base.Provider[source]¶ Bases:
objectInterface description for a Token provider.
-
get_token_version(token_data)[source]¶ Return the version of the given token data.
If the given token data is unrecognizable, UnsupportedTokenVersionException is raised.
Parameters: token_data (dict) – token_data Returns: token version string Raises: keystone.exception.UnsupportedTokenVersionException – If the token version is not expected.
-
issue_token(user_id, method_names, expires_at=None, project_id=None, domain_id=None, auth_context=None, trust=None, include_catalog=True, parent_audit_id=None)[source]¶ Issue a V3 Token.
Parameters: - user_id (string) – identity of the user
- method_names (list) – names of authentication methods
- expires_at (string) – optional time the token will expire
- project_id (string) – optional project identity
- domain_id (string) – optional domain identity
- auth_context (dict) – optional context from the authorization plugins
- trust (dict) – optional trust reference
- include_catalog (boolean) – optional, include the catalog in token data
- parent_audit_id (string) – optional, the audit id of the parent token
Returns: (token_id, token_data)
-
needs_persistence()[source]¶ Determine if the token should be persisted.
If the token provider requires that the token be persisted to a backend this should return True, otherwise return False.
-
validate_token(token_ref)[source]¶ Validate the given V3 token and return the token_data.
Parameters: token_ref (dict) – the token reference Returns: token data Raises: keystone.exception.TokenNotFound – If the token doesn’t exist.
-
keystone.token.providers.common module¶
-
class
keystone.token.providers.common.BaseProvider(*args, **kwargs)[source]¶ Bases:
keystone.common.provider_api.ProviderAPIMixin,keystone.token.providers.base.Provider
-
class
keystone.token.providers.common.V3TokenDataHelper[source]¶ Bases:
keystone.common.provider_api.ProviderAPIMixin,objectToken data helper.
-
get_token_data(user_id, method_names, system=None, domain_id=None, project_id=None, expires=None, app_cred_id=None, trust=None, token=None, include_catalog=True, bind=None, access_token=None, issued_at=None, audit_info=None)[source]¶
-
populate_roles_for_federated_user(token_data, group_ids, project_id=None, domain_id=None, user_id=None, system=None)[source]¶ Populate roles basing on provided groups and assignments.
Used for federated users with dynamically assigned groups. This method does not return anything, yet it modifies token_data in place.
Parameters: - token_data – a dictionary used for building token response
- group_ids – list of group IDs a user is a member of
- project_id – project ID to scope to
- domain_id – domain ID to scope to
- user_id – user ID
- system – system scope if applicable
Raises: keystone.exception.Unauthorized – when no roles were found
-
-
keystone.token.providers.common.build_audit_info(parent_audit_id=None)[source]¶ Build the audit data for a token.
If
parent_audit_idis None, the list will be one element in length containing a newly generated audit_id.If
parent_audit_idis supplied, the list will be two elements in length containing a newly generated audit_id and theparent_audit_id. Theparent_audit_idwill always be element index 1 in the resulting list.Parameters: parent_audit_id (str) – the audit of the original token in the chain Returns: Keystone token audit data
keystone.token.providers.uuid module¶
Keystone UUID Token Provider.
Module contents¶
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.