keystoneauth1.identity.v3.federation module

class keystoneauth1.identity.v3.federation.FederationBaseAuth(auth_url: str, identity_provider: str, protocol: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)

Bases: _Rescoped

Federation authentication plugin.

Parameters:
  • auth_url (string) – URL of the Identity Service

  • identity_provider (string) – name of the Identity Provider the client will authenticate against. This parameter will be used to build a dynamic URL used to obtain unscoped OpenStack token.

  • protocol (string) – name of the protocol the client will authenticate against.

__abstractmethods__ = frozenset({'get_unscoped_auth_ref'})
__annotations__ = {'MIN_TOKEN_LIFE_SECONDS': 'int', '_discovery_cache': 'ty.Dict[str, discover.Discover]', 'auth_ref': 'ty.Optional[access.AccessInfo]', 'auth_url': 'str', 'reauthenticate': 'bool'}
__doc__ = 'Federation authentication plugin.\n\n    :param auth_url: URL of the Identity Service\n    :type auth_url: string\n    :param identity_provider: name of the Identity Provider the client\n                              will authenticate against. This parameter\n                              will be used to build a dynamic URL used to\n                              obtain unscoped OpenStack token.\n    :type identity_provider: string\n    :param protocol: name of the protocol the client will authenticate\n                     against.\n    :type protocol: string\n\n    '
__init__(auth_url: str, identity_provider: str, protocol: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)
__module__ = 'keystoneauth1.identity.v3.federation'
_abc_impl = <_abc._abc_data object>
_discovery_cache: ty.Dict[str, discover.Discover]
auth_ref: ty.Optional[access.AccessInfo]
auth_url: str
property federated_token_url: str

Full URL where authorization data is sent.

reauthenticate: bool
class keystoneauth1.identity.v3.federation._Rescoped(auth_url: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)

Bases: BaseAuth

A plugin that is always going to go through a rescope process.

The original keystone plugins could simply pass a project or domain to along with the credentials and get a scoped token. For federation, K2K and newer mechanisms we always get an unscoped token first and then rescope.

This is currently not public as it’s generally an abstraction of a flow used by plugins within keystoneauth1.

It also cannot go in base as it depends on token.Token for rescoping which would create a circular dependency.

__abstractmethods__ = frozenset({'get_unscoped_auth_ref'})
__annotations__ = {'MIN_TOKEN_LIFE_SECONDS': 'int', '_discovery_cache': 'ty.Dict[str, discover.Discover]', 'auth_ref': 'ty.Optional[access.AccessInfo]', 'auth_url': 'str', 'reauthenticate': 'bool'}
__doc__ = "A plugin that is always going to go through a rescope process.\n\n    The original keystone plugins could simply pass a project or domain to\n    along with the credentials and get a scoped token. For federation, K2K and\n    newer mechanisms we always get an unscoped token first and then rescope.\n\n    This is currently not public as it's generally an abstraction of a flow\n    used by plugins within keystoneauth1.\n\n    It also cannot go in base as it depends on token.Token for rescoping which\n    would create a circular dependency.\n    "
__module__ = 'keystoneauth1.identity.v3.federation'
_abc_impl = <_abc._abc_data object>
get_auth_ref(session: Session, **kwargs: Any) AccessInfoV3

Authenticate retrieve token information.

This is a multi-step process where a client does federated authn receives an unscoped token.

If an unscoped token is successfully received and scoping information is present then the token is rescoped to that target.

Parameters:

session (keystoneauth1.session.Session) – a session object to send out HTTP requests.

Returns:

a token data representation

Return type:

keystoneauth1.access.AccessInfo

abstract get_unscoped_auth_ref(session: Session, **kwargs: Any) AccessInfoV3

Fetch unscoped federated token.

rescoping_plugin

alias of Token