keystoneauth1.identity.v3.federation module¶
- class keystoneauth1.identity.v3.federation.FederationBaseAuth(auth_url: str, identity_provider: str, protocol: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)
Bases:
_Rescoped
Federation authentication plugin.
- Parameters:
auth_url (string) – URL of the Identity Service
identity_provider (string) – name of the Identity Provider the client will authenticate against. This parameter will be used to build a dynamic URL used to obtain unscoped OpenStack token.
protocol (string) – name of the protocol the client will authenticate against.
- __abstractmethods__ = frozenset({'get_unscoped_auth_ref'})
- __annotations__ = {'MIN_TOKEN_LIFE_SECONDS': 'int', '_discovery_cache': 'ty.Dict[str, discover.Discover]', 'auth_ref': 'ty.Optional[access.AccessInfo]', 'auth_url': 'str', 'reauthenticate': 'bool'}
- __doc__ = 'Federation authentication plugin.\n\n :param auth_url: URL of the Identity Service\n :type auth_url: string\n :param identity_provider: name of the Identity Provider the client\n will authenticate against. This parameter\n will be used to build a dynamic URL used to\n obtain unscoped OpenStack token.\n :type identity_provider: string\n :param protocol: name of the protocol the client will authenticate\n against.\n :type protocol: string\n\n '
- __init__(auth_url: str, identity_provider: str, protocol: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)
- __module__ = 'keystoneauth1.identity.v3.federation'
- _abc_impl = <_abc._abc_data object>
- _discovery_cache: ty.Dict[str, discover.Discover]
- auth_ref: ty.Optional[access.AccessInfo]
- auth_url: str
- property federated_token_url: str
Full URL where authorization data is sent.
- reauthenticate: bool
- class keystoneauth1.identity.v3.federation._Rescoped(auth_url: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)
Bases:
BaseAuth
A plugin that is always going to go through a rescope process.
The original keystone plugins could simply pass a project or domain to along with the credentials and get a scoped token. For federation, K2K and newer mechanisms we always get an unscoped token first and then rescope.
This is currently not public as it’s generally an abstraction of a flow used by plugins within keystoneauth1.
It also cannot go in base as it depends on token.Token for rescoping which would create a circular dependency.
- __abstractmethods__ = frozenset({'get_unscoped_auth_ref'})
- __annotations__ = {'MIN_TOKEN_LIFE_SECONDS': 'int', '_discovery_cache': 'ty.Dict[str, discover.Discover]', 'auth_ref': 'ty.Optional[access.AccessInfo]', 'auth_url': 'str', 'reauthenticate': 'bool'}
- __doc__ = "A plugin that is always going to go through a rescope process.\n\n The original keystone plugins could simply pass a project or domain to\n along with the credentials and get a scoped token. For federation, K2K and\n newer mechanisms we always get an unscoped token first and then rescope.\n\n This is currently not public as it's generally an abstraction of a flow\n used by plugins within keystoneauth1.\n\n It also cannot go in base as it depends on token.Token for rescoping which\n would create a circular dependency.\n "
- __module__ = 'keystoneauth1.identity.v3.federation'
- _abc_impl = <_abc._abc_data object>
- get_auth_ref(session: Session, **kwargs: Any) AccessInfoV3
Authenticate retrieve token information.
This is a multi-step process where a client does federated authn receives an unscoped token.
If an unscoped token is successfully received and scoping information is present then the token is rescoped to that target.
- Parameters:
session (keystoneauth1.session.Session) – a session object to send out HTTP requests.
- Returns:
a token data representation
- Return type:
keystoneauth1.access.AccessInfo
- abstract get_unscoped_auth_ref(session: Session, **kwargs: Any) AccessInfoV3
Fetch unscoped federated token.
- rescoping_plugin
alias of
Token