Bases: object
An instance of a session with local variables.
A session is a global object that is shared around amongst many clients. It therefore contains state that is relevant to everyone. There is a lot of state such as the service type and region_name that are only relevant to a particular client that is using the session. An adapter provides a wrapper of client local data around the global session object.
Parameters: |
|
---|
Get an endpoint as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises keystoneauth1.exceptions.auth_plugins.MissingAuthPlugin: | |
if a plugin is not available. | |
Returns: | An endpoint if available or None. |
Return type: | str |
Return the authenticated project_id as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Current project_id or None if not supported by plugin. |
Return type: |
Return a token as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises keystoneauth1.exceptions.auth.AuthorizationFailure: | |
if a new token fetch fails. | |
Returns: | A valid token. |
Return type: | str |
Return the authenticated user_id as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Current user_id or None if not supported by plugin. |
Return type: |
Invalidate an authentication plugin.
Attach arguments to a given argparse Parser for Adapters
Parameters: |
|
---|
Attach arguments to a given argparse Parser for Adapters
Parameters: |
|
---|
Bases: keystoneauth1.adapter.Adapter
Make something that looks like an old HTTPClient.
A common case when using an adapter is that we want an interface similar to the HTTPClients of old which returned the body as JSON as well.
You probably don’t want this if you are starting from scratch.
The passive components to version discovery.
The Discover object in discover.py contains functions that can create objects on your behalf. These functions are not usable from within the keystoneauth1 library because you will get dependency resolution issues.
The Discover object in this file provides the querying components of Discovery. This includes functions like url_for which allow you to retrieve URLs and the raw data specified in version discovery responses.
Bases: object
Return endpoint data for a version.
Parameters: | version (tuple) – The version is always a minimum version in the same major release as there should be no compatibility issues with using a version newer than the one asked for. |
---|---|
Returns: | the endpoint data for a URL that matches the required version (the format is described in version_data) or None if no match. |
Return type: | dict |
Get raw version information from URL.
Raw data indicates that only minimal validation processing is performed on the data, so what is returned here will be the data in the same format it was received from the endpoint.
Parameters: | |
---|---|
Returns: | The endpoints returned from the server that match the criteria. |
Return type: | list |
Get the endpoint url for a version.
Parameters: | version (tuple) – The version is always a minimum version in the same major release as there should be no compatibility issues with using a version newer than the one asked for. |
---|---|
Returns: | The url for the specified version or None if no match. |
Return type: | str |
Get normalized version data.
Return version data in a structured way.
Parameters: | reverse (bool) – Reverse the list. reverse=true will mean the returned list is sorted from newest to oldest version. | ||||||
---|---|---|---|---|---|---|---|
Returns: |
|
||||||
Return type: | list(dict) |
Adds a version removal rule for a particular service.
Originally deployments of OpenStack would contain a versioned endpoint in the catalog for different services. E.g. an identity service might look like http://localhost:5000/v2.0. This is a problem when we want to use a different version like v3.0 as there is no way to tell where it is located. We cannot simply change all service catalogs either so there must be a way to handle the older style of catalog.
This function adds a rule for a given service type that if part of the URL matches a given regular expression in old then it will be replaced with the new value. This will replace all instances of old with new. It should therefore contain a regex anchor.
For example the included rule states:
add_catalog_version_hack('identity', re.compile('/v2.0/?$'), '/')
so if the catalog retrieves an identity URL that ends with /v2.0 or /v2.0/ then it should replace it simply with / to fix the user’s catalog.
Parameters: |
|
---|
Retrieve raw version data from a url.
Turn a version representation into a tuple.
Test that an available version satisfies the required version.
To be suitable a version must be of the same major version as required and be at least a match in minor/patch level.
eg. 3.3 is a match for a required 3.1 but 4.1 is not.
Parameters: | |
---|---|
Returns: | True if candidate is suitable False otherwise. |
Return type: | bool |
Bases: object
The basic structure of an authentication plugin.
Retrieve the current authentication state for the plugin.
Retrieve any internal state that represents the authenticated plugin.
This should not fetch any new data if it is not present.
Raises NotImplementedError: | |
---|---|
if the plugin does not support this feature. | |
Returns: | raw python data (which can be JSON serialized) that can be moved into another plugin (of the same type) to have the same authenticated state. |
Return type: | object or None if unauthenticated. |
Fetch an identifier that uniquely identifies the auth options.
The returned identifier need not be decomposable or otherwise provide anyway to recreate the plugin. It should not contain sensitive data in plaintext.
This string MUST change if any of the parameters that are used to uniquely identity this plugin change.
If get_cache_id returns a str value suggesting that caching is supported then get_auth_cache and set_auth_cache must also be implemented.
Returns: | A unique string for the set of options |
---|---|
Return type: | str or None if this is unsupported or unavailable. |
Return any additional connection parameters required for the plugin.
Parameters: | session (keystoneclient.session.Session) – The session object that the auth_plugin belongs to. |
---|---|
Returns: | Headers that are set to authenticate a message or None for failure. Note that when checking this value that the empty dict is a valid, non-failure response. |
Return type: | dict |
Return an endpoint for the client.
There are no required keyword arguments to get_endpoint as a plugin implementation should use best effort with the information available to determine the endpoint. However there are certain standard options that will be generated by the clients and should be used by plugins:
Parameters: | session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to. |
---|---|
Returns: | The base URL that will be used to talk to the required service or None if not available. |
Return type: | string |
Fetch authentication headers for message.
This is a more generalized replacement of the older get_token to allow plugins to specify different or additional authentication headers to the OpenStack standard ‘X-Auth-Token’ header.
How the authentication headers are obtained is up to the plugin. If the headers are still valid they may be re-used, retrieved from cache or the plugin may invoke an authentication request against a server.
The default implementation of get_headers calls the get_token method to enable older style plugins to continue functioning unchanged. Subclasses should feel free to completely override this function to provide the headers that they want.
There are no required kwargs. They are passed directly to the auth plugin and they are implementation specific.
Returning None will indicate that no token was able to be retrieved and that authorization was a failure. Adding no authentication data can be achieved by returning an empty dictionary.
Parameters: | session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to. |
---|---|
Returns: | Headers that are set to authenticate a message or None for failure. Note that when checking this value that the empty dict is a valid, non-failure response. |
Return type: | dict |
Return the project id that we are authenticated to.
Wherever possible the project id should be inferred from the token however there are certain URLs and other places that require access to the currently authenticated project id.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A project identifier or None if one is not available. |
Return type: | str |
Return auth_url from the Service Provider object
This url is used for obtaining unscoped federated token from remote cloud.
Parameters: | sp_id (string) – ID of the Service Provider to be queried. |
---|---|
Returns: | A Service Provider auth_url or None if one is not available. |
Return type: | str |
Return sp_url from the Service Provider object
This url is used for passing SAML2 assertion to the remote cloud.
Parameters: | sp_id (str) – ID of the Service Provider to be queried. |
---|---|
Returns: | A Service Provider sp_url or None if one is not available. |
Return type: | str |
Obtain a token.
How the token is obtained is up to the plugin. If it is still valid it may be re-used, retrieved from cache or invoke an authentication request against a server.
There are no required kwargs. They are passed directly to the auth plugin and they are implementation specific.
Returning None will indicate that no token was able to be retrieved.
This function is misplaced as it should only be required for auth plugins that use the ‘X-Auth-Token’ header. However due to the way plugins evolved this method is required and often called to trigger an authentication request on a new plugin.
When implementing a new plugin it is advised that you implement this method, however if you don’t require the ‘X-Auth-Token’ header override the get_headers method instead.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A token to use. |
Return type: | string |
Return a unique user identifier of the plugin.
Wherever possible the user id should be inferred from the token however there are certain URLs and other places that require access to the currently authenticated user id.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A user identifier or None if one is not available. |
Return type: | str |
Invalidate the current authentication data.
This should result in fetching a new token on next call.
A plugin may be invalidated if an Unauthorized HTTP response is returned to indicate that the token may have been revoked or is otherwise now invalid.
Returns: | True if there was something that the plugin did to invalidate. This means that it makes sense to try again. If nothing happens returns False to indicate give up. |
---|---|
Return type: | bool |
Install existing authentication state for a plugin.
Take the output of get_auth_state and install that authentication state into the current authentication plugin.
Raises NotImplementedError: | |
---|---|
if the plugin does not support this feature. |
Bases: object
Maintains client communication state and common functionality.
As much as possible the parameters to this class reflect and are passed directly to the requests library.
Parameters: |
|
---|
Return auth connection params as provided by the auth plugin.
An auth plugin may specify connection parameters to the request like providing a client certificate for communication.
We restrict the values that may be returned from this function to prevent an auth plugin overriding values unrelated to connection parmeters. The values that are currently accepted are:
These values are passed to the requests library and further information on accepted values may be found there.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for tokens. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Authentication headers or None for failure. |
Return type: | dict |
Return auth headers as provided by the auth plugin.
Parameters: | auth (keystonauth.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Authentication headers or None for failure. |
Return type: | dict |
Get an endpoint as provided by the auth plugin.
Parameters: | auth (keystonauth.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises keystonauth.exceptions.MissingAuthPlugin: | |
if a plugin is not available. | |
Returns: | An endpoint if available or None. |
Return type: | string |
Return the authenticated project_id as provided by the auth plugin.
Parameters: | auth (keystonauth.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns string: | Current project_id or None if not supported by plugin. |
Return a token as provided by the auth plugin.
Parameters: | auth (keystonauth.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | A valid token. |
---|---|
Return type: | string |
Return the authenticated user_id as provided by the auth plugin.
Parameters: | auth (keystonauth.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns string: | Current user_id or None if not supported by plugin. |
Invalidate an authentication plugin.
Parameters: | auth (keystonauth.auth.base.BaseAuthPlugin) – The auth plugin to invalidate. Overrides the plugin on the session. (optional) |
---|
Send an HTTP request with the specified characteristics.
Wrapper around requests.Session.request to handle tasks such as setting headers, JSON encoding/decoding, and error handling.
Arguments that are not handled are passed through to the requests library.
Parameters: |
|
---|---|
Raises keystonauth.exceptions.ClientException: | |
For connection failure, or to indicate an error response code. |
|
Returns: | The response to the request. |
Bases: requests.adapters.HTTPAdapter
The custom adapter used to set TCP Keep-Alive on all connections.
This Adapter also preserves the default behaviour of Requests which disables Nagle’s Algorithm. See also: http://blogs.msdn.com/b/windowsazurestorage/archive/2010/06/25/nagle-s-algorithm-is-not-friendly-towards-small-requests.aspx
Bases: keystoneauth1.plugin.BaseAuthPlugin
A provider that will always use the given token and endpoint.
This is really only useful for testing and in certain CLI cases where you have a known endpoint and admin token that you want to use.
Return the supplied endpoint.
Using this plugin the same endpoint is returned regardless of the parameters passed to the plugin.