Bases: object
Encapsulates a raw authentication token from keystone.
Provides helper methods for extracting useful values from that token.
Return the audit chain ID if present.
In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.
Returns: | str or None. |
---|
Return the audit ID if present.
Returns: | str or None. |
---|
Returns the token_id associated with the auth request.
To be used in headers for authenticating OpenStack API requests.
Returns: | str |
---|
Information about external mechanisms the token is bound to.
If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.
Returns: | A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token. |
---|
Returns the domain id associated with the auth request.
Returns: | str or None (if no domain associated with the token) |
---|
Returns the domain name associated with the auth request.
Returns: | str or None (if no domain associated with the token) |
---|
Returns true if the auth token was scoped to a domain.
Returns: | bool |
---|
Returns the token expiration (as datetime object)
Returns: | datetime |
---|
Returns true if the auth token has a service catalog.
Returns: | boolean |
---|
The audit ID of the initially requested token.
This is the audit_chain_id if present or the audit_id.
Returns true if federation was used to get the token.
Returns: | boolean |
---|
Returns the token issue time (as datetime object)
Returns: | datetime |
---|
Return the access token ID if OAuth authentication used.
Returns: | str or None. |
---|
Return the consumer ID if OAuth authentication used.
Returns: | str or None. |
---|
Returns the project’s domain id associated with the auth request.
Returns: | str |
---|
Returns the project’s domain name associated with the auth request.
Returns: | str |
---|
Returns the project ID associated with the auth request.
This returns None if the auth token wasn’t scoped to a project.
Returns: | str or None (if no project associated with the token) |
---|
Returns the project name associated with the auth request.
Returns: | str or None (if no project associated with the token) |
---|
Returns true if the auth token was scoped to a tenant(project).
Returns: | bool |
---|
Returns a list of user’s role ids associated with the auth request.
Returns: | a list of strings of role ids |
---|
Returns a list of user’s role names associated with the auth request.
Returns: | a list of strings of role names |
---|
Returns true if the auth token was scoped.
Returns true if scoped to a tenant(project) or domain, and contains a populated service catalog.
This is deprecated, use project_scoped instead.
Returns: | bool |
---|
Return an object representing the list of trusted service providers.
Used for Keystone2Keystone federating-out.
Returns: | keystoneauth1.service_providers.ServiceProviders or None |
---|
Synonym for project_id.
Synonym for project_name.
Returns the trust id associated with the auth request.
Returns: | str or None (if no trust associated with the token) |
---|
Returns true if the auth token was scoped from a delegated trust.
The trust delegation is via the OS-TRUST v3 extension.
Returns: | bool |
---|
Returns the trustee user id associated with a trust.
Returns: | str or None (if no trust associated with the token) |
---|
Returns the trustor user id associated with a trust.
Returns: | str or None (if no trust associated with the token) |
---|
Returns the user’s domain id associated with the auth request.
Returns: | str |
---|
Returns the user’s domain name associated with the auth request.
Returns: | str |
---|
Returns the user id associated with the auth request.
Returns: | str |
---|
Returns the username associated with the auth request.
Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.
Returns: | str |
---|
Determines if expiration is about to occur.
Returns: | true if expiration is within the given duration |
---|---|
Return type: | boolean |
Bases: keystoneauth1.access.access.AccessInfo
An object for encapsulating raw v2 auth token from identity service.
Bases: keystoneauth1.access.access.AccessInfo
An object encapsulating raw v3 auth token from identity service.
Bases: object
Helper methods for dealing with a Keystone Service Catalog.
Return the raw service catalog content, mostly useful for debugging.
Applications should avoid this and use accessor methods instead. However, there are times when inspecting the raw catalog can be useful for analysis and other reasons.
Fetch and filter endpoints for the specified service(s).
Returns endpoints for the specified service (or all) containing the specified type (or all) and region (or all) and service name.
If there is no name in the service catalog the service_name check will be skipped. This allows compatibility with services that existed before the name was available in the catalog.
Fetch endpoint urls from the service catalog.
Fetch the endpoints from the service catalog for a particular endpoint attribute. If no attribute is given, return the first endpoint of the specified type.
Parameters: |
|
---|---|
Returns: | tuple of urls or None (if no match found) |
Helper function to normalize endpoint matching across v2 and v3.
Returns: | True if the provided endpoint matches the required interface otherwise False. |
---|
Handle differences in the way v2 and v3 catalogs specify endpoint.
Both v2 and v3 must be able to handle the endpoint style of the other. For example v2 must be able to handle a ‘public’ interface and v3 must be able to handle a ‘publicURL’ interface.
Returns: | the endpoint string in the format appropriate for this service catalog. |
---|
Fetch an endpoint from the service catalog.
Fetch the specified endpoint from the service catalog for a particular endpoint attribute. If no attribute is given, return the first endpoint of the specified type.
Parameters: |
|
---|
Bases: keystoneauth1.access.service_catalog.ServiceCatalog
An object for encapsulating the v2 service catalog.
The object is created using raw v2 auth token from Keystone.
Bases: keystoneauth1.access.service_catalog.ServiceCatalog
An object for encapsulating the v3 service catalog.
The object is created using raw v3 auth token from Keystone.
Bases: object
Encapsulates a raw authentication token from keystone.
Provides helper methods for extracting useful values from that token.
Return the audit chain ID if present.
In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.
Returns: | str or None. |
---|
Return the audit ID if present.
Returns: | str or None. |
---|
Returns the token_id associated with the auth request.
To be used in headers for authenticating OpenStack API requests.
Returns: | str |
---|
Information about external mechanisms the token is bound to.
If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.
Returns: | A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token. |
---|
Returns the domain id associated with the auth request.
Returns: | str or None (if no domain associated with the token) |
---|
Returns the domain name associated with the auth request.
Returns: | str or None (if no domain associated with the token) |
---|
Returns true if the auth token was scoped to a domain.
Returns: | bool |
---|
Returns the token expiration (as datetime object)
Returns: | datetime |
---|
Returns true if the auth token has a service catalog.
Returns: | boolean |
---|
The audit ID of the initially requested token.
This is the audit_chain_id if present or the audit_id.
Returns true if federation was used to get the token.
Returns: | boolean |
---|
Returns the token issue time (as datetime object)
Returns: | datetime |
---|
Return the access token ID if OAuth authentication used.
Returns: | str or None. |
---|
Return the consumer ID if OAuth authentication used.
Returns: | str or None. |
---|
Returns the project’s domain id associated with the auth request.
Returns: | str |
---|
Returns the project’s domain name associated with the auth request.
Returns: | str |
---|
Returns the project ID associated with the auth request.
This returns None if the auth token wasn’t scoped to a project.
Returns: | str or None (if no project associated with the token) |
---|
Returns the project name associated with the auth request.
Returns: | str or None (if no project associated with the token) |
---|
Returns true if the auth token was scoped to a tenant(project).
Returns: | bool |
---|
Returns a list of user’s role ids associated with the auth request.
Returns: | a list of strings of role ids |
---|
Returns a list of user’s role names associated with the auth request.
Returns: | a list of strings of role names |
---|
Returns true if the auth token was scoped.
Returns true if scoped to a tenant(project) or domain, and contains a populated service catalog.
This is deprecated, use project_scoped instead.
Returns: | bool |
---|
Return an object representing the list of trusted service providers.
Used for Keystone2Keystone federating-out.
Returns: | keystoneauth1.service_providers.ServiceProviders or None |
---|
Synonym for project_id.
Synonym for project_name.
Returns the trust id associated with the auth request.
Returns: | str or None (if no trust associated with the token) |
---|
Returns true if the auth token was scoped from a delegated trust.
The trust delegation is via the OS-TRUST v3 extension.
Returns: | bool |
---|
Returns the trustee user id associated with a trust.
Returns: | str or None (if no trust associated with the token) |
---|
Returns the trustor user id associated with a trust.
Returns: | str or None (if no trust associated with the token) |
---|
Returns the user’s domain id associated with the auth request.
Returns: | str |
---|
Returns the user’s domain name associated with the auth request.
Returns: | str |
---|
Returns the user id associated with the auth request.
Returns: | str |
---|
Returns the username associated with the auth request.
Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.
Returns: | str |
---|
Determines if expiration is about to occur.
Returns: | true if expiration is within the given duration |
---|---|
Return type: | boolean |
Bases: keystoneauth1.access.access.AccessInfo
An object for encapsulating raw v2 auth token from identity service.
Bases: keystoneauth1.access.access.AccessInfo
An object encapsulating raw v3 auth token from identity service.