keystone.token.providers.base.
Provider
[source]¶Bases: object
Interface description for a Token provider.
get_token_version
(token_data)[source]¶Return the version of the given token data.
If the given token data is unrecognizable, UnsupportedTokenVersionException is raised.
Parameters: | token_data (dict) – token_data |
---|---|
Returns: | token version string |
Raises: | keystone.exception.UnsupportedTokenVersionException – If the token version is not expected. |
issue_token
(user_id, method_names, expires_at=None, project_id=None, domain_id=None, auth_context=None, trust=None, include_catalog=True, parent_audit_id=None)[source]¶Issue a V3 Token.
Parameters: |
|
---|---|
Returns: | (token_id, token_data) |
needs_persistence
()[source]¶Determine if the token should be persisted.
If the token provider requires that the token be persisted to a backend this should return True, otherwise return False.
validate_token
(token_ref)[source]¶Validate the given V3 token and return the token_data.
Parameters: | token_ref (dict) – the token reference |
---|---|
Returns: | token data |
Raises: | keystone.exception.TokenNotFound – If the token doesn’t exist. |
keystone.token.providers.common.
BaseProvider
(*args, **kwargs)[source]¶keystone.token.providers.common.
V3TokenDataHelper
(*args, **kwargs)[source]¶Bases: object
Token data helper.
get_token_data
(user_id, method_names, domain_id=None, project_id=None, expires=None, trust=None, token=None, include_catalog=True, bind=None, access_token=None, issued_at=None, audit_info=None)[source]¶populate_roles_for_federated_user
(token_data, group_ids, project_id=None, domain_id=None, user_id=None)[source]¶Populate roles basing on provided groups and project/domain.
Used for federated users with dynamically assigned groups. This method does not return anything, yet it modifies token_data in place.
Parameters: |
|
---|---|
Raises: | keystone.exception.Unauthorized – when no roles were found |
keystone.token.providers.common.
build_audit_info
(parent_audit_id=None)[source]¶Build the audit data for a token.
If parent_audit_id
is None, the list will be one element in length
containing a newly generated audit_id.
If parent_audit_id
is supplied, the list will be two elements in length
containing a newly generated audit_id and the parent_audit_id
. The
parent_audit_id
will always be element index 1 in the resulting
list.
Parameters: | parent_audit_id (str) – the audit of the original token in the chain |
---|---|
Returns: | Keystone token audit data |
Keystone UUID Token Provider.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.