keystoneauth1.identity.access.
AccessInfoPlugin
(auth_ref, auth_url=None)¶Bases: keystoneauth1.identity.base.BaseIdentityPlugin
A plugin that turns an existing AccessInfo object into a usable plugin.
There are cases where reuse of an auth_ref or AccessInfo object is warranted such as from a cache, from auth_token middleware, or another source.
Turn the existing access info object into an identity plugin. This plugin cannot be refreshed as the AccessInfo object does not contain any authorizing information.
Parameters: |
|
---|
get_auth_ref
(session, **kwargs)¶invalidate
()¶keystoneauth1.identity.base.
BaseIdentityPlugin
(auth_url=None, reauthenticate=True)¶Bases: keystoneauth1.plugin.BaseAuthPlugin
MIN_TOKEN_LIFE_SECONDS
= 120¶get_access
(session, **kwargs)¶Fetch or return a current AccessInfo object.
If a valid AccessInfo is present then it is returned otherwise a new one will be fetched.
Parameters: | session (keystoneauth1.session.Session) – A session object that can be used for communication. |
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | Valid AccessInfo |
Return type: | keystoneauth1.access.AccessInfo |
get_api_major_version
(session, service_type=None, interface=None, region_name=None, service_name=None, version=None, allow=None, allow_version_hack=True, skip_discovery=False, discover_versions=False, min_version=None, max_version=None, **kwargs)¶Return the major API version for a service.
If a valid token is not present then a new one will be fetched using the session and kwargs.
version, min_version and max_version can all be given either as a string or a tuple.
Parameters: |
|
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | The major version of the API of the service discovered. |
Return type: |
Note
Implementation notes follow. Users should not need to wrap their head around these implementation notes. get_api_major_version should do what is expected with the least possible cost while still consistently returning a value if possible.
There are many cases when major version can be satisfied
without actually calling the discovery endpoint (like when the version
is in the url). If the user has a cloud with the versioned endpoint
https://volume.example.com/v3
in the catalog for the
block-storage
service and they do:
client = adapter.Adapter(
session, service_type='block-storage', min_version=2,
max_version=3)
volume_version = client.get_api_major_version()
The version actually be returned with no api calls other than getting
the token. For that reason, get_api_major_version()
first
calls get_endpoint_data()
with discover_versions=False
.
If their catalog has an unversioned endpoint
https://volume.example.com
for the block-storage
service
and they do this:
client = adapter.Adapter(session, service_type='block-storage')
client is now set up to “use whatever is in the catalog”. Since the
url doesn’t have a version, get_endpoint_data()
with
discover_versions=False
will result in api_version=None
.
(No version was requested so it didn’t need to do the round trip)
In order to find out what version the endpoint actually is, we must
make a round trip. Therefore, if api_version
is None
after
the first call, get_api_major_version()
will make a second
call to get_endpoint_data()
with discover_versions=True
.
get_auth_ref
(session, **kwargs)¶Obtain a token from an OpenStack Identity Service.
This method is overridden by the various token version plugins.
This function should not be called independently and is expected to be invoked via the do_authenticate function.
This function will be invoked if the AcessInfo object cached by the plugin is not valid. Thus plugins should always fetch a new AccessInfo when invoked. If you are looking to just retrieve the current auth data then you should use get_access.
Parameters: | session (keystoneauth1.session.Session) – A session object that can be used for communication. |
---|---|
Raises: |
|
Returns: | Token access information. |
Return type: |
get_auth_state
()¶Retrieve the current authentication state for the plugin.
Retrieve any internal state that represents the authenticated plugin.
This should not fetch any new data if it is not present.
Returns: | a string that can be stored or None if there is no auth state present in the plugin. This string can be reloaded with set_auth_state to set the same authentication. |
---|---|
Return type: | str or None if no auth present. |
get_cache_id
()¶Fetch an identifier that uniquely identifies the auth options.
The returned identifier need not be decomposable or otherwise provide any way to recreate the plugin.
This string MUST change if any of the parameters that are used to uniquely identity this plugin change. It should not change upon a reauthentication of the plugin.
Returns: | A unique string for the set of options |
---|---|
Return type: | str or None if this is unsupported or unavailable. |
get_cache_id_elements
()¶Get the elements for this auth plugin that make it unique.
As part of the get_cache_id requirement we need to determine what aspects of this plugin and its values that make up the unique elements.
This should be overridden by plugins that wish to allow caching.
Returns: | The unique attributes and values of this plugin. |
---|---|
Return type: | A flat dict with a str key and str or None value. This is required as we feed these values into a hash. Pairs where the value is None are ignored in the hashed id. |
get_discovery
(session, url, authenticated=None)¶Return the discovery object for a URL.
Check the session and the plugin cache to see if we have already performed discovery on the URL and if so return it, otherwise create a new discovery object, cache it and return it.
This function is expected to be used by subclasses and should not be needed by users.
Parameters: |
|
---|---|
Raises: |
|
Returns: | A discovery object with the results of looking up that URL. |
get_endpoint
(session, service_type=None, interface=None, region_name=None, service_name=None, version=None, allow=None, allow_version_hack=True, skip_discovery=False, min_version=None, max_version=None, **kwargs)¶Return a valid endpoint for a service.
If a valid token is not present then a new one will be fetched using the session and kwargs.
version, min_version and max_version can all be given either as a string or a tuple.
Parameters: |
|
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | A valid endpoint URL or None if not available. |
Return type: |
get_endpoint_data
(session, service_type=None, interface=None, region_name=None, service_name=None, allow=None, allow_version_hack=True, discover_versions=True, skip_discovery=False, min_version=None, max_version=None, endpoint_override=None, **kwargs)¶Return a valid endpoint data for a service.
If a valid token is not present then a new one will be fetched using the session and kwargs.
version, min_version and max_version can all be given either as a string or a tuple.
Parameters: |
|
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | Valid EndpointData or None if not available. |
Return type: | keystoneauth1.discover.EndpointData or None |
get_project_id
(session, **kwargs)¶get_sp_auth_url
(session, sp_id, **kwargs)¶get_sp_url
(session, sp_id, **kwargs)¶get_token
(session, **kwargs)¶Return a valid auth token.
If a valid token is not present then a new one will be fetched.
Parameters: | session (keystoneauth1.session.Session) – A session object that can be used for communication. |
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | A valid token. |
Return type: | string |
get_user_id
(session, **kwargs)¶invalidate
()¶Invalidate the current authentication data.
This should result in fetching a new token on next call.
A plugin may be invalidated if an Unauthorized HTTP response is returned to indicate that the token may have been revoked or is otherwise now invalid.
Returns: | True if there was something that the plugin did to invalidate. This means that it makes sense to try again. If nothing happens returns False to indicate give up. |
---|---|
Return type: | bool |
set_auth_state
(data)¶Install existing authentication state for a plugin.
Take the output of get_auth_state and install that authentication state into the current authentication plugin.
keystoneauth1.identity.v2.
Auth
(auth_url, trust_id=None, tenant_id=None, tenant_name=None, reauthenticate=True)¶Bases: keystoneauth1.identity.base.BaseIdentityPlugin
Identity V2 Authentication Plugin.
Parameters: |
|
---|
get_auth_data
(headers=None)¶Return the authentication section of an auth plugin.
Parameters: | headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them. |
---|---|
Returns: | A dict of authentication data for the auth type. |
Return type: | dict |
get_auth_ref
(session, **kwargs)¶has_scope_parameters
¶Return true if parameters can be used to create a scoped token.
keystoneauth1.identity.v2.
Password
(auth_url, username=<object object>, password=None, user_id=<object object>, **kwargs)¶Bases: keystoneauth1.identity.v2.Auth
A plugin for authenticating with a username and password.
A username or user_id must be provided.
Parameters: |
|
---|---|
Raises: | TypeError – if a user_id or username is not provided. |
get_auth_data
(headers=None)¶get_cache_id_elements
()¶keystoneauth1.identity.v2.
Token
(auth_url, token, **kwargs)¶Bases: keystoneauth1.identity.v2.Auth
A plugin for authenticating with an existing token.
Parameters: |
|
---|
get_auth_data
(headers=None)¶get_cache_id_elements
()¶keystoneauth1.identity.
BaseIdentityPlugin
(auth_url=None, reauthenticate=True)¶Bases: keystoneauth1.plugin.BaseAuthPlugin
MIN_TOKEN_LIFE_SECONDS
= 120¶get_access
(session, **kwargs)¶Fetch or return a current AccessInfo object.
If a valid AccessInfo is present then it is returned otherwise a new one will be fetched.
Parameters: | session (keystoneauth1.session.Session) – A session object that can be used for communication. |
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | Valid AccessInfo |
Return type: | keystoneauth1.access.AccessInfo |
get_api_major_version
(session, service_type=None, interface=None, region_name=None, service_name=None, version=None, allow=None, allow_version_hack=True, skip_discovery=False, discover_versions=False, min_version=None, max_version=None, **kwargs)¶Return the major API version for a service.
If a valid token is not present then a new one will be fetched using the session and kwargs.
version, min_version and max_version can all be given either as a string or a tuple.
Parameters: |
|
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | The major version of the API of the service discovered. |
Return type: |
Note
Implementation notes follow. Users should not need to wrap their head around these implementation notes. get_api_major_version should do what is expected with the least possible cost while still consistently returning a value if possible.
There are many cases when major version can be satisfied
without actually calling the discovery endpoint (like when the version
is in the url). If the user has a cloud with the versioned endpoint
https://volume.example.com/v3
in the catalog for the
block-storage
service and they do:
client = adapter.Adapter(
session, service_type='block-storage', min_version=2,
max_version=3)
volume_version = client.get_api_major_version()
The version actually be returned with no api calls other than getting
the token. For that reason, get_api_major_version()
first
calls get_endpoint_data()
with discover_versions=False
.
If their catalog has an unversioned endpoint
https://volume.example.com
for the block-storage
service
and they do this:
client = adapter.Adapter(session, service_type='block-storage')
client is now set up to “use whatever is in the catalog”. Since the
url doesn’t have a version, get_endpoint_data()
with
discover_versions=False
will result in api_version=None
.
(No version was requested so it didn’t need to do the round trip)
In order to find out what version the endpoint actually is, we must
make a round trip. Therefore, if api_version
is None
after
the first call, get_api_major_version()
will make a second
call to get_endpoint_data()
with discover_versions=True
.
get_auth_ref
(session, **kwargs)¶Obtain a token from an OpenStack Identity Service.
This method is overridden by the various token version plugins.
This function should not be called independently and is expected to be invoked via the do_authenticate function.
This function will be invoked if the AcessInfo object cached by the plugin is not valid. Thus plugins should always fetch a new AccessInfo when invoked. If you are looking to just retrieve the current auth data then you should use get_access.
Parameters: | session (keystoneauth1.session.Session) – A session object that can be used for communication. |
---|---|
Raises: |
|
Returns: | Token access information. |
Return type: |
get_auth_state
()¶Retrieve the current authentication state for the plugin.
Retrieve any internal state that represents the authenticated plugin.
This should not fetch any new data if it is not present.
Returns: | a string that can be stored or None if there is no auth state present in the plugin. This string can be reloaded with set_auth_state to set the same authentication. |
---|---|
Return type: | str or None if no auth present. |
get_cache_id
()¶Fetch an identifier that uniquely identifies the auth options.
The returned identifier need not be decomposable or otherwise provide any way to recreate the plugin.
This string MUST change if any of the parameters that are used to uniquely identity this plugin change. It should not change upon a reauthentication of the plugin.
Returns: | A unique string for the set of options |
---|---|
Return type: | str or None if this is unsupported or unavailable. |
get_cache_id_elements
()¶Get the elements for this auth plugin that make it unique.
As part of the get_cache_id requirement we need to determine what aspects of this plugin and its values that make up the unique elements.
This should be overridden by plugins that wish to allow caching.
Returns: | The unique attributes and values of this plugin. |
---|---|
Return type: | A flat dict with a str key and str or None value. This is required as we feed these values into a hash. Pairs where the value is None are ignored in the hashed id. |
get_discovery
(session, url, authenticated=None)¶Return the discovery object for a URL.
Check the session and the plugin cache to see if we have already performed discovery on the URL and if so return it, otherwise create a new discovery object, cache it and return it.
This function is expected to be used by subclasses and should not be needed by users.
Parameters: |
|
---|---|
Raises: |
|
Returns: | A discovery object with the results of looking up that URL. |
get_endpoint
(session, service_type=None, interface=None, region_name=None, service_name=None, version=None, allow=None, allow_version_hack=True, skip_discovery=False, min_version=None, max_version=None, **kwargs)¶Return a valid endpoint for a service.
If a valid token is not present then a new one will be fetched using the session and kwargs.
version, min_version and max_version can all be given either as a string or a tuple.
Parameters: |
|
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | A valid endpoint URL or None if not available. |
Return type: |
get_endpoint_data
(session, service_type=None, interface=None, region_name=None, service_name=None, allow=None, allow_version_hack=True, discover_versions=True, skip_discovery=False, min_version=None, max_version=None, endpoint_override=None, **kwargs)¶Return a valid endpoint data for a service.
If a valid token is not present then a new one will be fetched using the session and kwargs.
version, min_version and max_version can all be given either as a string or a tuple.
Parameters: |
|
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | Valid EndpointData or None if not available. |
Return type: | keystoneauth1.discover.EndpointData or None |
get_project_id
(session, **kwargs)¶get_sp_auth_url
(session, sp_id, **kwargs)¶get_sp_url
(session, sp_id, **kwargs)¶get_token
(session, **kwargs)¶Return a valid auth token.
If a valid token is not present then a new one will be fetched.
Parameters: | session (keystoneauth1.session.Session) – A session object that can be used for communication. |
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | A valid token. |
Return type: | string |
get_user_id
(session, **kwargs)¶invalidate
()¶Invalidate the current authentication data.
This should result in fetching a new token on next call.
A plugin may be invalidated if an Unauthorized HTTP response is returned to indicate that the token may have been revoked or is otherwise now invalid.
Returns: | True if there was something that the plugin did to invalidate. This means that it makes sense to try again. If nothing happens returns False to indicate give up. |
---|---|
Return type: | bool |
set_auth_state
(data)¶Install existing authentication state for a plugin.
Take the output of get_auth_state and install that authentication state into the current authentication plugin.
keystoneauth1.identity.
Password
(auth_url, username=None, user_id=None, password=None, user_domain_id=None, user_domain_name=None, **kwargs)¶Bases: keystoneauth1.identity.generic.base.BaseGenericPlugin
See keystoneauth1.identity.generic.Password
create_plugin
(session, version, url, raw_status=None)¶get_cache_id_elements
()¶user_domain_id
¶user_domain_name
¶keystoneauth1.identity.
Token
(auth_url, token=None, **kwargs)¶Bases: keystoneauth1.identity.generic.base.BaseGenericPlugin
See keystoneauth1.identity.generic.Token
create_plugin
(session, version, url, raw_status=None)¶get_cache_id_elements
()¶keystoneauth1.identity.
V2Password
¶See keystoneauth1.identity.v2.Password
alias of Password
keystoneauth1.identity.
V2Token
¶See keystoneauth1.identity.v2.Token
alias of Token
keystoneauth1.identity.
V3Password
¶See keystoneauth1.identity.v3.Password
alias of Password
keystoneauth1.identity.
V3Token
¶See keystoneauth1.identity.v3.Token
alias of Token
keystoneauth1.identity.
V3OidcPassword
¶See keystoneauth1.identity.v3.oidc.OidcPassword
alias of OidcPassword
keystoneauth1.identity.
V3OidcAuthorizationCode
¶See keystoneauth1.identity.v3.oidc.OidcAuthorizationCode
alias of OidcAuthorizationCode
keystoneauth1.identity.
V3OidcAccessToken
¶See keystoneauth1.identity.v3.oidc.OidcAccessToken
alias of OidcAccessToken
keystoneauth1.identity.
V3TOTP
¶See keystoneauth1.identity.v3.TOTP
alias of TOTP
keystoneauth1.identity.
V3TokenlessAuth
¶See keystoneauth1.identity.v3.TokenlessAuth
alias of TokenlessAuth
keystoneauth1.identity.
V3ApplicationCredential
¶See keystoneauth1.identity.v3.ApplicationCredential
alias of ApplicationCredential
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.