keystone.auth.core module

keystone.auth.core module

class keystone.auth.core.AuthContext[source]

Bases: dict

Retrofitting auth_context to reconcile identity attributes.

The identity attributes must not have conflicting values among the auth plug-ins. The only exception is expires_at, which is set to its earliest value.

IDENTITY_ATTRIBUTES = frozenset(['access_token_id', 'project_id', 'user_id', 'domain_id', 'expires_at'])
update(E=None, **F)[source]

Override update to prevent conflicting values.

class keystone.auth.core.AuthInfo(auth=None)[source]

Bases: keystone.common.provider_api.ProviderAPIMixin, object

Encapsulation of “auth” request.

static create(auth=None, scope_only=False)[source]

Get the auth method payload.

Returns:auth method payload

Return the identity method names.

Returns:list of auth method names

Get scope information.

Verify and return the scoping information.

Returns:(domain_id, project_id, trust_ref, unscoped, system). If scope to a project, (None, project_id, None, None, None) will be returned. If scoped to a domain, (domain_id, None, None, None, None) will be returned. If scoped to a trust, (None, project_id, trust_ref, None, None), Will be returned, where the project_id comes from the trust definition. If unscoped, (None, None, None, ‘unscoped’, None) will be returned. If system_scoped, (None, None, None, None, ‘all’) will be returned.
set_scope(domain_id=None, project_id=None, trust=None, unscoped=None, system=None)[source]

Set scope information.

class keystone.auth.core.UserMFARulesValidator[source]

Bases: keystone.common.provider_api.ProviderAPIMixin, object

Helper object that can validate the MFA Rules.

check_auth_methods_against_rules(user_id, auth_methods)[source]

Validate the MFA rules against the successful auth methods.

  • user_id (str) – The user’s ID (uuid).
  • auth_methods (set) – List of methods that were used for auth

Boolean, True means rules match and auth may proceed, False means rules do not match.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.