keystone.auth.core module¶
- class keystone.auth.core.AuthContext[source]¶
Bases:
dictRetrofitting auth_context to reconcile identity attributes.
The identity attributes must not have conflicting values among the auth plug-ins. The only exception is expires_at, which is set to its earliest value.
- IDENTITY_ATTRIBUTES = frozenset({'access_token_id', 'domain_id', 'expires_at', 'project_id', 'user_id'})¶
- class keystone.auth.core.AuthInfo(auth=None)[source]¶
Bases:
ProviderAPIMixin,objectEncapsulation of “auth” request.
- get_scope()[source]¶
Get scope information.
Verify and return the scoping information.
- Returns:
(domain_id, project_id, trust_ref, unscoped, system). If scope to a project, (None, project_id, None, None, None) will be returned. If scoped to a domain, (domain_id, None, None, None, None) will be returned. If scoped to a trust, (None, project_id, trust_ref, None, None), Will be returned, where the project_id comes from the trust definition. If unscoped, (None, None, None, ‘unscoped’, None) will be returned. If system_scoped, (None, None, None, None, ‘all’) will be returned.
- class keystone.auth.core.UserMFARulesValidator[source]¶
Bases:
ProviderAPIMixin,objectHelper object that can validate the MFA Rules.
- classmethod check_auth_methods_against_rules(user_id, auth_methods)[source]¶
Validate the MFA rules against the successful auth methods.
- Parameters:
user_id (str) – The user’s ID (uuid).
auth_methods (set) – List of methods that were used for auth
- Returns:
Boolean,
Truemeans rules match and auth may proceed,Falsemeans rules do not match.
