keystone.common.tokenless_auth module

class keystone.common.tokenless_auth.TokenlessAuthHelper(env)

Bases: keystone.common.provider_api.ProviderAPIMixin, object

get_mapped_user(project_id=None, domain_id=None)

Map client certificate to an existing user.

If user is ephemeral, there is no validation on the user himself; however it will be mapped to a corresponding group(s) and the scope of this ephemeral user is the same as what is assigned to the group.

Parameters

• project_id – Project scope of the mapped user.

• domain_id – Domain scope of the mapped user.

Returns

A dictionary that contains the keys, such as user_id, user_name, domain_id, domain_name

Return type

dict

get_scope()