Bases: keystone.common.controller.V2Controller
Authenticate credentials and return a token.
Accept auth as a dict that looks like:
{
"auth":{
"passwordCredentials":{
"username":"test_user",
"password":"mypass"
},
"tenantName":"customer-x"
}
}
In this case, tenant is optional, if not provided the token will be considered “unscoped” and can later be used to get a scoped token.
Alternatively, this call accepts auth with only a token and tenant that will return a token that is scoped to that tenant.
Formats a list of endpoints according to Identity API v2.
The v2.0 API wants an endpoint list to look like:
{
'endpoints': [
{
'id': $endpoint_id,
'name': $SERVICE[name],
'type': $SERVICE,
'tenantId': $tenant_id,
'region': $REGION,
}
],
'endpoints_links': [],
}
Token provider interface.
Bases: keystone.common.manager.Manager
Default pivot point for the token provider backend.
See keystone.common.manager.Manager for more details on how this dynamically calls the backend.
Bases: object
Interface description for a Token provider.
Return the version of the given token data.
If the given token data is unrecognizable, UnsupportedTokenVersionException is raised.
Parameters: | token_data (dict) – token_data |
---|---|
Returns: | token version string |
Raises keystone.exception.UnsupportedTokenVersionException: | |
If the token version is not expected. |
Issue a V2 token.
Parameters: |
|
---|---|
Returns: | (token_id, token_data) |
Issue a V3 Token.
Parameters: |
|
---|---|
Returns: | (token_id, token_data) |
Determine if the token should be persisted.
If the token provider requires that the token be persisted to a backend this should return True, otherwise return False.
Validate a given non-persistent token id and return the token_data.
Parameters: | token_id (string) – the token id |
---|---|
Returns: | token data |
Raises keystone.exception.TokenNotFound: | |
When the token is invalid |
Validate the given V2 token and return the token data.
Must raise Unauthorized exception if unable to validate token.
Parameters: | token_ref (dict) – the token reference |
---|---|
Returns: | token data |
Raises keystone.exception.TokenNotFound: | |
If the token doesn’t exist. |
Validate the given V3 token and return the token_data.
Parameters: | token_ref (dict) – the token reference |
---|---|
Returns: | token data |
Raises keystone.exception.TokenNotFound: | |
If the token doesn’t exist. |
Build the audit data for a token.
If parent_audit_id is None, the list will be one element in length containing a newly generated audit_id.
If parent_audit_id is supplied, the list will be two elements in length containing a newly generated audit_id and the parent_audit_id. The parent_audit_id will always be element index 1 in the resulting list.
Parameters: | parent_audit_id (str) – the audit of the original token in the chain |
---|---|
Returns: | Keystone token audit data |
Encode a URL-safe string.
Return type: | six.text_type |
---|
Determine when a fresh token should expire.
Expiration time varies based on configuration (see [token] expiration).
Returns: | a naive UTC datetime.datetime object |
---|
Generate a random URL-safe string.
Return type: | six.text_type |
---|
Convert a string from random_urlsafe_str() to six.binary_type.
Return type: | six.binary_type |
---|
Return a unique ID for a token.
The returned value is useful as the primary key of a database table, memcache store, or other lookup table.
Returns: | Given a PKI token, returns it’s hashed value. Otherwise, returns the passed-in value (such as a UUID token ID or an existing hash). |
---|