The User Class¶

class openstack_auth.user.Token(auth_ref, unscoped_token=None)[source]¶

Encapsulates the AccessInfo object from keystoneclient.

Token object provides a consistent interface for accessing the keystone token information and service catalog.

Added for maintaining backward compatibility with horizon that expects Token object in the user object.

class openstack_auth.user.User(id=None, token=None, user=None, tenant_id=None, service_catalog=None, tenant_name=None, roles=None, authorized_tenants=None, endpoint=None, enabled=False, services_region=None, user_domain_id=None, user_domain_name=None, domain_id=None, domain_name=None, project_id=None, project_name=None, is_federated=False, unscoped_token=None, password=None, password_expires_at=None)[source]¶

A User class with some extra special sauce for Keystone.

In addition to the standard Django user attributes, this class also has the following:

token¶

The Keystone token object associated with the current user/tenant.

The token object is deprecated, user auth_ref instead.

tenant_id¶

The id of the Keystone tenant for the current user/token.

The tenant_id keyword argument is deprecated, use project_id instead.

tenant_name¶

The name of the Keystone tenant for the current user/token.

The tenant_name keyword argument is deprecated, use project_name instead.

project_id¶

The id of the Keystone project for the current user/token.

project_name¶

The name of the Keystone project for the current user/token.

service_catalog¶

The ServiceCatalog data returned by Keystone.

roles¶

A list of dictionaries containing role names and ids as returned by Keystone.

services_region¶

A list of non-identity service endpoint regions extracted from the service catalog.

user_domain_id¶

The domain id of the current user.

user_domain_name¶

The domain name of the current user.

domain_id¶

The id of the Keystone domain scoped for the current user/token.

is_federated¶

Whether user is federated Keystone user. (Boolean)

unscoped_token¶

Unscoped Keystone token.

password_expires_at¶

Password expiration date. This attribute could be None when using keystone version < 3.0 or if the feature is not enabled in keystone.

authorized_tenants¶

Returns a memoized list of tenants this user may access.

available_services_regions¶

Returns list of unique region name values in service catalog.

has_a_matching_perm(perm_list, obj=None)[source]¶

Returns True if the user has one of the specified permissions.

If object is passed, it checks if the user has any of the required perms for this object.

has_perms(perm_list, obj=None)[source]¶

Returns True if the user has all of the specified permissions.

Tuples in the list will possess the required permissions if the user has a permissions matching one of the elements of that tuple

is_anonymous¶

Return if the user is not authenticated.

Returns:	True if not authenticated,``False`` otherwise.

is_authenticated¶

Checks for a valid authentication.

is_superuser¶

Evaluates whether this user has admin privileges.

Returns:	True or False.

is_token_expired(margin=None)[source]¶

Determine if the token is expired.

Returns:	True if the token is expired, False if not, and None if there is no token set.
Parameters:	margin – A security time margin in seconds before real expiration. Will return True if the token expires in less than margin seconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.

time_until_expiration()[source]¶

Returns the number of remaining days until user’s password expires.

Calculates the number days until the user must change their password, once the password expires the user will not able to log in until an admin changes its password.