Authentication Framework Usage

The auth module

class AuthProvider(credentials, scope='project')[source]

Provide authentication

class Credentials(**kwargs)[source]

Set of credentials for accessing OpenStack services

ATTRIBUTES: list of valid class attributes representing credentials.

class KeystoneAuthProvider(credentials, auth_url, disable_ssl_certificate_validation=None, ca_certs=None, trace_requests=None, scope='project', http_timeout=None, proxy_url=None)[source]
class KeystoneV2AuthProvider(credentials, auth_url, disable_ssl_certificate_validation=None, ca_certs=None, trace_requests=None, scope='project', http_timeout=None, proxy_url=None)[source]

Provides authentication based on the Identity V2 API

The Keystone Identity V2 API defines both unscoped and project scoped tokens. This auth provider only implements ‘project’.

class KeystoneV2Credentials(**kwargs)[source]
class KeystoneV3AuthProvider(credentials, auth_url, disable_ssl_certificate_validation=None, ca_certs=None, trace_requests=None, scope='project', http_timeout=None, proxy_url=None)[source]

Provides authentication based on the Identity V3 API

class KeystoneV3Credentials(**kwargs)[source]

Credentials suitable for the Keystone Identity V3 API

get_credentials(auth_url, fill_in=True, identity_version='v2', disable_ssl_certificate_validation=None, ca_certs=None, trace_requests=None, http_timeout=None, proxy_url=None, **kwargs)[source]

Builds a credentials object based on the configured auth_version

Parameters:

  • (string) (identity_version) – Full URI of the OpenStack Identity API(Keystone) which is used to fetch the token from Identity service.

  • (boolean) (fill_in) – obtain a token and fill in all credential details provided by the identity service. When fill_in is not specified, credentials are not validated. Validation can be invoked by invoking is_valid()

  • (string) – identity API version is used to select the matching auth provider and credentials class

  • disable_ssl_certificate_validation – whether to enforce SSL certificate validation in SSL API requests to the auth system

  • ca_certs – CA certificate bundle for validation of certificates in SSL API requests to the auth system

  • trace_requests – trace in log API requests to the auth system

  • http_timeout – timeout in seconds to wait for the http request to return

  • proxy_url – URL of HTTP(s) proxy used when fill_in is True

  • (dict) (kwargs) – Dict of credential key/value pairs

Examples:

Returns credentials from the provided parameters: >>> get_credentials(username=’foo’, password=’bar’)

Returns credentials including IDs: >>> get_credentials(username=’foo’, password=’bar’, fill_in=True)