keystone.auth.core module¶
-
class
keystone.auth.core.
AuthContext
[source]¶ Bases:
dict
Retrofitting auth_context to reconcile identity attributes.
The identity attributes must not have conflicting values among the auth plug-ins. The only exception is expires_at, which is set to its earliest value.
-
IDENTITY_ATTRIBUTES
= frozenset({'access_token_id', 'domain_id', 'expires_at', 'project_id', 'user_id'})¶
-
-
class
keystone.auth.core.
AuthInfo
(auth=None)[source]¶ Bases:
keystone.common.provider_api.ProviderAPIMixin
,object
Encapsulation of “auth” request.
-
get_scope
()[source]¶ Get scope information.
Verify and return the scoping information.
- Returns
(domain_id, project_id, trust_ref, unscoped, system). If scope to a project, (None, project_id, None, None, None) will be returned. If scoped to a domain, (domain_id, None, None, None, None) will be returned. If scoped to a trust, (None, project_id, trust_ref, None, None), Will be returned, where the project_id comes from the trust definition. If unscoped, (None, None, None, ‘unscoped’, None) will be returned. If system_scoped, (None, None, None, None, ‘all’) will be returned.
-
-
class
keystone.auth.core.
UserMFARulesValidator
[source]¶ Bases:
keystone.common.provider_api.ProviderAPIMixin
,object
Helper object that can validate the MFA Rules.
-
classmethod
check_auth_methods_against_rules
(user_id, auth_methods)[source]¶ Validate the MFA rules against the successful auth methods.
- Parameters
user_id (str) – The user’s ID (uuid).
auth_methods (set) – List of methods that were used for auth
- Returns
Boolean,
True
means rules match and auth may proceed,False
means rules do not match.
-
classmethod