The User
Class¶
-
class
openstack_auth.user.
Token
(auth_ref, unscoped_token=None)[source]¶ Encapsulates the AccessInfo object from keystoneclient.
Token object provides a consistent interface for accessing the keystone token information and service catalog.
Added for maintaining backward compatibility with horizon that expects Token object in the user object.
-
class
openstack_auth.user.
User
(id=None, token=None, user=None, tenant_id=None, service_catalog=None, tenant_name=None, roles=None, authorized_tenants=None, endpoint=None, enabled=False, services_region=None, user_domain_id=None, user_domain_name=None, domain_id=None, domain_name=None, project_id=None, project_name=None, is_federated=False, unscoped_token=None, password=None, password_expires_at=None)[source]¶ A User class with some extra special sauce for Keystone.
In addition to the standard Django user attributes, this class also has the following:
-
token
¶ The Keystone token object associated with the current user/tenant.
The token object is deprecated, user auth_ref instead.
-
tenant_id
¶ The id of the Keystone tenant for the current user/token.
The tenant_id keyword argument is deprecated, use project_id instead.
-
tenant_name
¶ The name of the Keystone tenant for the current user/token.
The tenant_name keyword argument is deprecated, use project_name instead.
-
project_id
¶ The id of the Keystone project for the current user/token.
-
project_name
¶ The name of the Keystone project for the current user/token.
-
service_catalog
¶ The
ServiceCatalog
data returned by Keystone.
-
roles
¶ A list of dictionaries containing role names and ids as returned by Keystone.
-
services_region
¶ A list of non-identity service endpoint regions extracted from the service catalog.
-
user_domain_id
¶ The domain id of the current user.
-
user_domain_name
¶ The domain name of the current user.
-
domain_id
¶ The id of the Keystone domain scoped for the current user/token.
-
is_federated
¶ Whether user is federated Keystone user. (Boolean)
-
unscoped_token
¶ Unscoped Keystone token.
-
password_expires_at
¶ Password expiration date. This attribute could be None when using keystone version < 3.0 or if the feature is not enabled in keystone.
Returns a memoized list of tenants this user may access.
-
available_services_regions
¶ Returns list of unique region name values in service catalog.
-
has_a_matching_perm
(perm_list, obj=None)[source]¶ Returns True if the user has one of the specified permissions.
If object is passed, it checks if the user has any of the required perms for this object.
-
has_perms
(perm_list, obj=None)[source]¶ Returns True if the user has all of the specified permissions.
Tuples in the list will possess the required permissions if the user has a permissions matching one of the elements of that tuple
-
is_anonymous
(margin=None)[source]¶ Return if the user is not authenticated.
Returns: True
if not authenticated,“False“ otherwise.Parameters: margin – A security time margin in seconds before end of an eventual authentication. Will return True
even if authenticated but that authentication ends in less thanmargin
seconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.
-
is_authenticated
(margin=None)[source]¶ Checks for a valid authentication.
Parameters: margin – A security time margin in seconds before end of authentication. Will return False
if authentication ends in less thanmargin
seconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.
-
is_superuser
¶ Evaluates whether this user has admin privileges.
Returns: True
orFalse
.
-
is_token_expired
(margin=None)[source]¶ Determine if the token is expired.
Returns: True
if the token is expired,False
if not, andNone
if there is no token set.Parameters: margin – A security time margin in seconds before real expiration. Will return True
if the token expires in less thanmargin
seconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.
-