keystone.token.providers package¶
Subpackages¶
Submodules¶
keystone.token.providers.base module¶
-
class
keystone.token.providers.base.Provider[source]¶ Bases:
objectInterface description for a Token provider.
-
get_token_version(token_data)[source]¶ Return the version of the given token data.
If the given token data is unrecognizable, UnsupportedTokenVersionException is raised.
Parameters: token_data (dict) – token_data Returns: token version string Raises: keystone.exception.UnsupportedTokenVersionException – If the token version is not expected.
-
issue_token(user_id, method_names, expires_at=None, project_id=None, domain_id=None, auth_context=None, trust=None, include_catalog=True, parent_audit_id=None)[source]¶ Issue a V3 Token.
Parameters: - user_id (string) – identity of the user
- method_names (list) – names of authentication methods
- expires_at (string) – optional time the token will expire
- project_id (string) – optional project identity
- domain_id (string) – optional domain identity
- auth_context (dict) – optional context from the authorization plugins
- trust (dict) – optional trust reference
- include_catalog (boolean) – optional, include the catalog in token data
- parent_audit_id (string) – optional, the audit id of the parent token
Returns: (token_id, token_data)
-
needs_persistence()[source]¶ Determine if the token should be persisted.
If the token provider requires that the token be persisted to a backend this should return True, otherwise return False.
-
validate_token(token_ref)[source]¶ Validate the given V3 token and return the token_data.
Parameters: token_ref (dict) – the token reference Returns: token data Raises: keystone.exception.TokenNotFound – If the token doesn’t exist.
-
keystone.token.providers.common module¶
-
class
keystone.token.providers.common.BaseProvider(*args, **kwargs)[source]¶
-
class
keystone.token.providers.common.V3TokenDataHelper(*args, **kwargs)[source]¶ Bases:
objectToken data helper.
-
get_token_data(user_id, method_names, domain_id=None, project_id=None, expires=None, trust=None, token=None, include_catalog=True, bind=None, access_token=None, issued_at=None, audit_info=None)[source]¶
-
populate_roles_for_federated_user(token_data, group_ids, project_id=None, domain_id=None, user_id=None)[source]¶ Populate roles basing on provided groups and project/domain.
Used for federated users with dynamically assigned groups. This method does not return anything, yet it modifies token_data in place.
Parameters: - token_data – a dictionary used for building token response
- group_ids – list of group IDs a user is a member of
- project_id – project ID to scope to
- domain_id – domain ID to scope to
- user_id – user ID
Raises: keystone.exception.Unauthorized – when no roles were found
-
-
keystone.token.providers.common.build_audit_info(parent_audit_id=None)[source]¶ Build the audit data for a token.
If
parent_audit_idis None, the list will be one element in length containing a newly generated audit_id.If
parent_audit_idis supplied, the list will be two elements in length containing a newly generated audit_id and theparent_audit_id. Theparent_audit_idwill always be element index 1 in the resulting list.Parameters: parent_audit_id (str) – the audit of the original token in the chain Returns: Keystone token audit data
keystone.token.providers.uuid module¶
Keystone UUID Token Provider.