keystoneauth1.identity.v3.base module

class keystoneauth1.identity.v3.base.Auth(auth_url: str, auth_methods: List[AuthMethod], *, unscoped: bool = False, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)

Bases: BaseAuth

Identity V3 Authentication Plugin.

Parameters:
  • auth_url (string) – Identity service endpoint for authentication.

  • auth_methods (list) – A collection of methods to authenticate with.

  • trust_id (string) – Trust ID for trust scoping.

  • domain_id (string) – Domain ID for domain scoping.

  • domain_name (string) – Domain name for domain scoping.

  • project_id (string) – Project ID for project scoping.

  • project_name (string) – Project name for project scoping.

  • project_domain_id (string) – Project’s domain ID for project.

  • project_domain_name (string) – Project’s domain name for project.

  • reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

  • include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.

  • unscoped (bool) – Force the return of an unscoped token. This will make the keystone server return an unscoped token even if a default_project_id is set for this user.

__abstractmethods__ = frozenset({})
__annotations__ = {'MIN_TOKEN_LIFE_SECONDS': 'int', '_discovery_cache': 'ty.Dict[str, discover.Discover]', 'auth_ref': 'ty.Optional[access.AccessInfo]', 'auth_url': 'str', 'reauthenticate': 'bool'}
__doc__ = "Identity V3 Authentication Plugin.\n\n    :param string auth_url: Identity service endpoint for authentication.\n    :param list auth_methods: A collection of methods to authenticate with.\n    :param string trust_id: Trust ID for trust scoping.\n    :param string domain_id: Domain ID for domain scoping.\n    :param string domain_name: Domain name for domain scoping.\n    :param string project_id: Project ID for project scoping.\n    :param string project_name: Project name for project scoping.\n    :param string project_domain_id: Project's domain ID for project.\n    :param string project_domain_name: Project's domain name for project.\n    :param bool reauthenticate: Allow fetching a new token if the current one\n                                is going to expire. (optional) default True\n    :param bool include_catalog: Include the service catalog in the returned\n                                 token. (optional) default True.\n    :param bool unscoped: Force the return of an unscoped token. This will make\n                          the keystone server return an unscoped token even if\n                          a default_project_id is set for this user.\n    "
__init__(auth_url: str, auth_methods: List[AuthMethod], *, unscoped: bool = False, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)
__module__ = 'keystoneauth1.identity.v3.base'
_abc_impl = <_abc._abc_data object>
_discovery_cache: ty.Dict[str, discover.Discover]
add_method(method: AuthMethod) None

Add an additional initialized AuthMethod instance.

auth_ref: ty.Optional[access.AccessInfo]
auth_url: str
get_auth_ref(session: Session, **kwargs: Any) AccessInfoV3

Obtain a token from an OpenStack Identity Service.

This method is overridden by the various token version plugins.

This function should not be called independently and is expected to be invoked via the do_authenticate function.

This function will be invoked if the AcessInfo object cached by the plugin is not valid. Thus plugins should always fetch a new AccessInfo when invoked. If you are looking to just retrieve the current auth data then you should use get_access.

Parameters:

session (keystoneauth1.session.Session) – A session object that can be used for communication.

Raises:
Returns:

Token access information.

Return type:

keystoneauth1.access.AccessInfo

get_cache_id_elements() Dict[str, str | None]

Get the elements for this auth plugin that make it unique.

As part of the get_cache_id requirement we need to determine what aspects of this plugin and its values that make up the unique elements.

This should be overridden by plugins that wish to allow caching.

Returns:

The unique attributes and values of this plugin.

Return type:

A flat dict with a str key and str or None value. This is required as we feed these values into a hash. Pairs where the value is None are ignored in the hashed id.

reauthenticate: bool
class keystoneauth1.identity.v3.base.AuthConstructor(auth_url: str, *args: Any, unscoped: bool = False, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True, **kwargs: Any)

Bases: Auth

Abstract base class for creating an Auth Plugin.

The Auth Plugin created contains only one authentication method. This is generally the required usage.

An AuthConstructor creates an AuthMethod based on the method’s arguments and the auth_method_class defined by the plugin. It then creates the auth plugin with only that authentication method.

__abstractmethods__ = frozenset({})
__annotations__ = {'MIN_TOKEN_LIFE_SECONDS': 'int', '_auth_method_class': typing.Type[keystoneauth1.identity.v3.base.AuthMethod], '_discovery_cache': 'ty.Dict[str, discover.Discover]', 'auth_ref': 'ty.Optional[access.AccessInfo]', 'auth_url': 'str', 'reauthenticate': 'bool'}
__doc__ = "Abstract base class for creating an Auth Plugin.\n\n    The Auth Plugin created contains only one authentication method. This\n    is generally the required usage.\n\n    An AuthConstructor creates an AuthMethod based on the method's\n    arguments and the auth_method_class defined by the plugin. It then\n    creates the auth plugin with only that authentication method.\n    "
__init__(auth_url: str, *args: Any, unscoped: bool = False, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True, **kwargs: Any)
__module__ = 'keystoneauth1.identity.v3.base'
_abc_impl = <_abc._abc_data object>
_auth_method_class: Type[AuthMethod]
_discovery_cache: ty.Dict[str, discover.Discover]
auth_ref: ty.Optional[access.AccessInfo]
auth_url: str
reauthenticate: bool
class keystoneauth1.identity.v3.base.AuthMethod(**kwargs: object)

Bases: object

One part of a V3 Authentication strategy.

V3 Tokens allow multiple methods to be presented when authentication against the server. Each one of these methods is implemented by an AuthMethod.

Note: When implementing an AuthMethod use the method_parameters and do not use positional arguments. Otherwise they can’t be picked up by the factory method and don’t work as well with AuthConstructors.

__abstractmethods__ = frozenset({'get_auth_data'})
__annotations__ = {'_method_parameters': typing.List[str]}
__dict__ = mappingproxy({'__module__': 'keystoneauth1.identity.v3.base', '__annotations__': {'_method_parameters': typing.List[str]}, '__doc__': "One part of a V3 Authentication strategy.\n\n    V3 Tokens allow multiple methods to be presented when authentication\n    against the server. Each one of these methods is implemented by an\n    AuthMethod.\n\n    Note: When implementing an AuthMethod use the method_parameters\n    and do not use positional arguments. Otherwise they can't be picked up by\n    the factory method and don't work as well with AuthConstructors.\n    ", '_method_parameters': [], '__init__': <function AuthMethod.__init__>, '_extract_kwargs': <classmethod(<function AuthMethod._extract_kwargs>)>, 'get_auth_data': <function AuthMethod.get_auth_data>, 'get_cache_id_elements': <function AuthMethod.get_cache_id_elements>, '__dict__': <attribute '__dict__' of 'AuthMethod' objects>, '__weakref__': <attribute '__weakref__' of 'AuthMethod' objects>, '__abstractmethods__': frozenset({'get_auth_data'}), '_abc_impl': <_abc._abc_data object>})
__doc__ = "One part of a V3 Authentication strategy.\n\n    V3 Tokens allow multiple methods to be presented when authentication\n    against the server. Each one of these methods is implemented by an\n    AuthMethod.\n\n    Note: When implementing an AuthMethod use the method_parameters\n    and do not use positional arguments. Otherwise they can't be picked up by\n    the factory method and don't work as well with AuthConstructors.\n    "
__init__(**kwargs: object)
__module__ = 'keystoneauth1.identity.v3.base'
__weakref__

list of weak references to the object (if defined)

_abc_impl = <_abc._abc_data object>
classmethod _extract_kwargs(kwargs: Dict[str, object]) Dict[str, object]

Remove parameters related to this method from other kwargs.

_method_parameters: List[str] = []
abstract get_auth_data(session: Session, auth: Auth, headers: Dict[str, str], request_kwargs: Dict[str, object], **kwargs: Any) Tuple[None, None] | Tuple[str, Mapping[str, object]]

Return the authentication section of an auth plugin.

Parameters:
  • session (keystoneauth1.session.Session) – The communication session.

  • auth (base.Auth) – The auth plugin calling the method.

  • headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them.

Returns:

The identifier of this plugin and a dict of authentication data for the auth type.

Return type:

tuple(string, dict)

get_cache_id_elements() Dict[str, str | None]

Get the elements for this auth method that make it unique.

These elements will be used as part of the keystoneauth1.plugin.BaseIdentityPlugin.get_cache_id() to allow caching of the auth plugin.

Plugins should override this if they want to allow caching of their state.

To avoid collision or overrides the keys of the returned dictionary should be prefixed with the plugin identifier. For example the password plugin returns its username value as ‘password_username’.

class keystoneauth1.identity.v3.base.BaseAuth(auth_url: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)

Bases: BaseIdentityPlugin

Identity V3 Authentication Plugin.

Parameters:
  • auth_url (string) – Identity service endpoint for authentication.

  • trust_id (string) – Trust ID for trust scoping.

  • system_scope (string) – System information to scope to.

  • domain_id (string) – Domain ID for domain scoping.

  • domain_name (string) – Domain name for domain scoping.

  • project_id (string) – Project ID for project scoping.

  • project_name (string) – Project name for project scoping.

  • project_domain_id (string) – Project’s domain ID for project.

  • project_domain_name (string) – Project’s domain name for project.

  • reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

  • include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.

__abstractmethods__ = frozenset({'get_auth_ref'})
__annotations__ = {'MIN_TOKEN_LIFE_SECONDS': 'int', '_discovery_cache': 'ty.Dict[str, discover.Discover]', 'auth_ref': 'ty.Optional[access.AccessInfo]', 'auth_url': <class 'str'>, 'reauthenticate': 'bool'}
__doc__ = "Identity V3 Authentication Plugin.\n\n    :param string auth_url: Identity service endpoint for authentication.\n    :param string trust_id: Trust ID for trust scoping.\n    :param string system_scope: System information to scope to.\n    :param string domain_id: Domain ID for domain scoping.\n    :param string domain_name: Domain name for domain scoping.\n    :param string project_id: Project ID for project scoping.\n    :param string project_name: Project name for project scoping.\n    :param string project_domain_id: Project's domain ID for project.\n    :param string project_domain_name: Project's domain name for project.\n    :param bool reauthenticate: Allow fetching a new token if the current one\n                                is going to expire. (optional) default True\n    :param bool include_catalog: Include the service catalog in the returned\n                                 token. (optional) default True.\n    "
__init__(auth_url: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)
__module__ = 'keystoneauth1.identity.v3.base'
_abc_impl = <_abc._abc_data object>
_discovery_cache: ty.Dict[str, discover.Discover]
auth_ref: ty.Optional[access.AccessInfo]
auth_url: str
property has_scope_parameters: bool

Return true if parameters can be used to create a scoped token.

reauthenticate: bool
property token_url: str

The full URL where we will send authentication data.

class keystoneauth1.identity.v3.base._AuthBody

Bases: TypedDict

__annotations__ = {'auth': <class 'keystoneauth1.identity.v3.base._AuthIdentity'>}
__dict__ = mappingproxy({'__module__': 'keystoneauth1.identity.v3.base', '__annotations__': {'auth': <class 'keystoneauth1.identity.v3.base._AuthIdentity'>}, '__orig_bases__': (<function TypedDict>,), '__dict__': <attribute '__dict__' of '_AuthBody' objects>, '__weakref__': <attribute '__weakref__' of '_AuthBody' objects>, '__doc__': None, '__required_keys__': frozenset({'auth'}), '__optional_keys__': frozenset(), '__total__': True})
__doc__ = None
__module__ = 'keystoneauth1.identity.v3.base'
__optional_keys__ = frozenset({})
__orig_bases__ = (<function TypedDict>,)
__required_keys__ = frozenset({'auth'})
__total__ = True
__weakref__

list of weak references to the object (if defined)

auth: _AuthIdentity
class keystoneauth1.identity.v3.base._AuthIdentity

Bases: TypedDict

__annotations__ = {'identity': typing.Dict[str, typing.Any], 'scope': typing_extensions.NotRequired[typing.Union[typing.Dict[str, typing.Any], str]]}
__dict__ = mappingproxy({'__module__': 'keystoneauth1.identity.v3.base', '__annotations__': {'identity': typing.Dict[str, typing.Any], 'scope': typing_extensions.NotRequired[typing.Union[typing.Dict[str, typing.Any], str]]}, '__orig_bases__': (<function TypedDict>,), '__dict__': <attribute '__dict__' of '_AuthIdentity' objects>, '__weakref__': <attribute '__weakref__' of '_AuthIdentity' objects>, '__doc__': None, '__required_keys__': frozenset({'identity', 'scope'}), '__optional_keys__': frozenset(), '__total__': True})
__doc__ = None
__module__ = 'keystoneauth1.identity.v3.base'
__optional_keys__ = frozenset({})
__orig_bases__ = (<function TypedDict>,)
__required_keys__ = frozenset({'identity', 'scope'})
__total__ = True
__weakref__

list of weak references to the object (if defined)

identity: Dict[str, Any]
scope: NotRequired[Dict[str, Any] | str]