keystone.token package¶
Subpackages¶
Submodules¶
keystone.token.controllers module¶
-
class
keystone.token.controllers.
Auth
(*args, **kwargs)[source]¶ Bases:
keystone.common.controller.V2Controller
-
authenticate
(*args, **kwargs)[source]¶ Authenticate credentials and return a token.
Accept auth as a dict that looks like:
{ "auth":{ "passwordCredentials":{ "username":"test_user", "password":"mypass" }, "tenantName":"customer-x" } }
In this case, tenant is optional, if not provided the token will be considered “unscoped” and can later be used to get a scoped token.
Alternatively, this call accepts auth with only a token and tenant that will return a token that is scoped to that tenant.
-
classmethod
format_endpoint_list
(catalog_ref)[source]¶ Format a list of endpoints according to Identity API v2.
The v2.0 API wants an endpoint list to look like:
{ 'endpoints': [ { 'id': $endpoint_id, 'name': $SERVICE[name], 'type': $SERVICE, 'tenantId': $tenant_id, 'region': $REGION, } ], 'endpoints_links': [], }
-
-
class
keystone.token.controllers.
BaseAuthenticationMethod
(*args, **kwargs)[source]¶ Bases:
object
Common utilities/dependencies for all authentication method classes.
-
exception
keystone.token.controllers.
ExternalAuthNotApplicable
[source]¶ Bases:
exceptions.Exception
External authentication is not applicable.
-
class
keystone.token.controllers.
ExternalAuthenticationMethod
(*args, **kwargs)[source]¶ Bases:
keystone.token.controllers.BaseAuthenticationMethod
Authenticate using an external authentication method.
-
authenticate
(request, auth)[source]¶ Try to authenticate an external user via REMOTE_USER variable.
Parameters: - request – A request object.
- auth – Dictionary representing the authentication request.
Returns: A tuple containing the user reference, project identifier, token expiration, bind information, and original audit information.
-
-
class
keystone.token.controllers.
LocalAuthenticationMethod
(*args, **kwargs)[source]¶ Bases:
keystone.token.controllers.BaseAuthenticationMethod
Authenticate against a local backend using password credentials.
-
authenticate
(request, auth)[source]¶ Try to authenticate against the identity backend.
Parameters: - request – A request object.
- auth – Dictionary representing the authentication request.
Returns: A tuple containing the user reference, project identifier, token expiration, bind information, and original audit information.
-
-
class
keystone.token.controllers.
TokenAuthenticationMethod
(*args, **kwargs)[source]¶ Bases:
keystone.token.controllers.BaseAuthenticationMethod
Authenticate using an existing token.
-
authenticate
(request, auth)[source]¶ Try to authenticate using an already existing token.
Parameters: - request – A request object.
- auth – Dictionary representing the authentication request.
Returns: A tuple containing the user reference, project identifier, token expiration, bind information, and original audit information.
-
-
class
keystone.token.controllers.
V2TokenDataHelper
(*args, **kwargs)[source]¶ Bases:
object
Create V2 token data.
-
classmethod
format_catalog
(catalog_ref)[source]¶ Munge catalogs from internal to output format.
Internal catalogs look like:
{$REGION: { {$SERVICE: { $key1: $value1, ... } } }
The legacy api wants them to look like:
[{'name': $SERVICE[name], 'type': $SERVICE, 'endpoints': [{ 'tenantId': $tenant_id, ... 'region': $REGION, }], 'endpoints_links': [], }]
-
v3_to_v2_token
(v3_token_data, token_id)[source]¶ Convert v3 token data into v2.0 token data.
This method expects a dictionary generated from V3TokenDataHelper.get_token_data() and converts it to look like a v2.0 token dictionary.
Parameters: - v3_token_data – dictionary formatted for v3 tokens
- token_id – ID of the token being converted
Returns: dictionary formatted for v2 tokens
Raises: keystone.exception.Unauthorized – If a specific token type is not supported in v2.
-
classmethod
-
keystone.token.controllers.
authentication_method_generator
(request, auth)[source]¶ Given an request return a suitable authentication method.
This is simply a generator to handle matching an authentication request with the appropriate authentication method.
Parameters: auth – Dictionary containing authentication information from the request. Returns: An authentication method class object.
keystone.token.provider module¶
Token provider interface.
-
class
keystone.token.provider.
Manager
(*args, **kwargs)[source]¶ Bases:
keystone.common.manager.Manager
Default pivot point for the token provider backend.
See
keystone.common.manager.Manager
for more details on how this dynamically calls the backend.-
INVALIDATE_PROJECT_TOKEN_PERSISTENCE
= 'invalidate_project_tokens'¶
-
INVALIDATE_USER_TOKEN_PERSISTENCE
= 'invalidate_user_tokens'¶
-
V2
= 'v2.0'¶
-
V3
= 'v3.0'¶
-
VERSIONS
= frozenset(['v3.0', 'v2.0'])¶
-
driver_namespace
= 'keystone.token.provider'¶
-