keystone.token.providers package

Subpackages

• keystone.token.providers.fernet package
  • Submodules
  • keystone.token.providers.fernet.core module
  • keystone.token.providers.fernet.token_formatters module
  • Module contents

Submodules

keystone.token.providers.common module

class keystone.token.providers.common.BaseProvider(*args, **kwargs)

Bases: keystone.token.provider.Provider

get_token_version(token_data)

issue_v2_token(token_ref, roles_ref=None, catalog_ref=None)

issue_v3_token(user_id, method_names, expires_at=None, project_id=None, domain_id=None, auth_context=None, trust=None, metadata_ref=None, include_catalog=True, parent_audit_id=None)

validate_non_persistent_token(token_id)

validate_v2_token(token_ref)

validate_v3_token(token_ref)

class keystone.token.providers.common.V2TokenDataHelper(*args, **kwargs)

Bases: object

Create V2 token data.

classmethod format_catalog(catalog_ref)

Munge catalogs from internal to output format.

Internal catalogs look like:

{$REGION: {
    {$SERVICE: {
        $key1: $value1,
        ...
        }
    }
}

The legacy api wants them to look like:

[{'name': $SERVICE[name],
  'type': $SERVICE,
  'endpoints': [{
      'tenantId': $tenant_id,
      ...
      'region': $REGION,
      }],
  'endpoints_links': [],
 }]

classmethod format_token(token_ref, roles_ref=None, catalog_ref=None, trust_ref=None)

v3_to_v2_token(v3_token_data, token_id)

Convert v3 token data into v2.0 token data.

This method expects a dictionary generated from V3TokenDataHelper.get_token_data() and converts it to look like a v2.0 token dictionary.

Parameters:

• v3_token_data – dictionary formatted for v3 tokens
• token_id – ID of the token being converted

Returns:

dictionary formatted for v2 tokens

Raises keystone.exception.Unauthorized:  

If a specific token type is not supported in v2.

class keystone.token.providers.common.V3TokenDataHelper(*args, **kwargs)

Bases: object

Token data helper.

get_token_data(user_id, method_names, domain_id=None, project_id=None, expires=None, trust=None, token=None, include_catalog=True, bind=None, access_token=None, issued_at=None, audit_info=None)

populate_roles_for_federated_user(token_data, group_ids, project_id=None, domain_id=None, user_id=None)

Populate roles basing on provided groups and project/domain.

Used for federated users with dynamically assigned groups. This method does not return anything, yet it modifies token_data in place.

Parameters:

• token_data – a dictionary used for building token response
• group_ids – list of group IDs a user is a member of
• project_id – project ID to scope to
• domain_id – domain ID to scope to
• user_id – user ID

Raises keystone.exception.Unauthorized:  

when no roles were found

keystone.token.providers.pki module

Keystone PKI Token Provider.

class keystone.token.providers.pki.Provider(*args, **kwargs)

Bases: keystone.token.providers.common.BaseProvider

needs_persistence()

Should the token be written to a backend.

keystone.token.providers.pkiz module

Keystone Compressed PKI Token Provider.

class keystone.token.providers.pkiz.Provider(*args, **kwargs)

Bases: keystone.token.providers.common.BaseProvider

needs_persistence()

Should the token be written to a backend.

keystone.token.providers.uuid module

Keystone UUID Token Provider.

class keystone.token.providers.uuid.Provider(*args, **kwargs)

Bases: keystone.token.providers.common.BaseProvider

needs_persistence()

Should the token be written to a backend.

Module contents