The User Class

The User Class

class openstack_auth.user.Token(auth_ref, unscoped_token=None)[source]

Encapsulates the AccessInfo object from keystoneclient.

Token object provides a consistent interface for accessing the keystone token information and service catalog.

Added for maintaining backward compatibility with horizon that expects Token object in the user object.

class openstack_auth.user.User(id=None, token=None, user=None, tenant_id=None, service_catalog=None, tenant_name=None, roles=None, authorized_tenants=None, endpoint=None, enabled=False, services_region=None, user_domain_id=None, user_domain_name=None, domain_id=None, domain_name=None, project_id=None, project_name=None, is_federated=False, unscoped_token=None, password=None, password_expires_at=None)[source]

A User class with some extra special sauce for Keystone.

In addition to the standard Django user attributes, this class also has the following:

token

The Keystone token object associated with the current user/tenant.

The token object is deprecated, user auth_ref instead.

tenant_id

The id of the Keystone tenant for the current user/token.

The tenant_id keyword argument is deprecated, use project_id instead.

tenant_name

The name of the Keystone tenant for the current user/token.

The tenant_name keyword argument is deprecated, use project_name instead.

project_id

The id of the Keystone project for the current user/token.

project_name

The name of the Keystone project for the current user/token.

service_catalog

The ServiceCatalog data returned by Keystone.

roles

A list of dictionaries containing role names and ids as returned by Keystone.

services_region

A list of non-identity service endpoint regions extracted from the service catalog.

user_domain_id

The domain id of the current user.

user_domain_name

The domain name of the current user.

domain_id

The id of the Keystone domain scoped for the current user/token.

is_federated

Whether user is federated Keystone user. (Boolean)

unscoped_token

Unscoped Keystone token.

password_expires_at

Password expiration date. This attribute could be None when using keystone version < 3.0 or if the feature is not enabled in keystone.

authorized_tenants

Returns a memoized list of tenants this user may access.

available_services_regions

Returns list of unique region name values in service catalog.

has_a_matching_perm(perm_list, obj=None)[source]

Returns True if the user has one of the specified permissions.

If object is passed, it checks if the user has any of the required perms for this object.

has_perms(perm_list, obj=None)[source]

Returns True if the user has all of the specified permissions.

Tuples in the list will possess the required permissions if the user has a permissions matching one of the elements of that tuple

is_anonymous

Return if the user is not authenticated.

Returns:True if not authenticated,``False`` otherwise.
is_authenticated

Checks for a valid authentication.

is_superuser

Evaluates whether this user has admin privileges.

Returns:True or False.
is_token_expired(margin=None)[source]

Determine if the token is expired.

Returns:True if the token is expired, False if not, and None if there is no token set.
Parameters:margin – A security time margin in seconds before real expiration. Will return True if the token expires in less than margin seconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.
time_until_expiration()[source]

Returns the number of remaining days until user’s password expires.

Calculates the number days until the user must change their password, once the password expires the user will not able to log in until an admin changes its password.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.