keystone.auth.core module

class keystone.auth.core.AuthContext[source]

Bases: dict

Retrofitting auth_context to reconcile identity attributes.

The identity attributes must not have conflicting values among the auth plug-ins. The only exception is expires_at, which is set to its earliest value.

IDENTITY_ATTRIBUTES = frozenset({'access_token_id', 'domain_id', 'expires_at', 'project_id', 'user_id'})
update(E=None, **F)[source]

Override update to prevent conflicting values.

class keystone.auth.core.AuthInfo(auth=None)[source]

Bases: keystone.common.provider_api.ProviderAPIMixin, object

Encapsulation of “auth” request.

static create(auth=None, scope_only=False)[source]
get_method_data(method)[source]

Get the auth method payload.

Returns

auth method payload

get_method_names()[source]

Return the identity method names.

Returns

list of auth method names

get_scope()[source]

Get scope information.

Verify and return the scoping information.

Returns

(domain_id, project_id, trust_ref, unscoped, system). If scope to a project, (None, project_id, None, None, None) will be returned. If scoped to a domain, (domain_id, None, None, None, None) will be returned. If scoped to a trust, (None, project_id, trust_ref, None, None), Will be returned, where the project_id comes from the trust definition. If unscoped, (None, None, None, ‘unscoped’, None) will be returned. If system_scoped, (None, None, None, None, ‘all’) will be returned.

set_scope(domain_id=None, project_id=None, trust=None, unscoped=None, system=None)[source]

Set scope information.

class keystone.auth.core.UserMFARulesValidator[source]

Bases: keystone.common.provider_api.ProviderAPIMixin, object

Helper object that can validate the MFA Rules.

classmethod check_auth_methods_against_rules(user_id, auth_methods)[source]

Validate the MFA rules against the successful auth methods.

Parameters
  • user_id (str) – The user’s ID (uuid).

  • auth_methods (set) – List of methods that were used for auth

Returns

Boolean, True means rules match and auth may proceed, False means rules do not match.

keystone.auth.core.get_auth_method(method_name)[source]
keystone.auth.core.load_auth_method(method)[source]
keystone.auth.core.load_auth_methods()[source]