keystoneauth1.adapter.
Adapter
(session, service_type=None, service_name=None, interface=None, region_name=None, endpoint_override=None, version=None, auth=None, user_agent=None, connect_retries=None, logger=None, allow=None, additional_headers=None, client_name=None, client_version=None, allow_version_hack=None, global_request_id=None, min_version=None, max_version=None, default_microversion=None, status_code_retries=None, retriable_status_codes=None, raise_exc=None, rate_limit=None, concurrency=None)¶Bases: object
An instance of a session with local variables.
A session is a global object that is shared around amongst many clients. It therefore contains state that is relevant to everyone. There is a lot of state such as the service type and region_name that are only relevant to a particular client that is using the session. An adapter provides a wrapper of client local data around the global session object.
version, min_version, max_version and default_microversion can all be given either as a string or a tuple.
Parameters: |
|
---|
client_name
= None¶client_version
= None¶delete
(url, **kwargs)¶get
(url, **kwargs)¶get_all_version_data
(interface='public', region_name=None)¶Get data about all versions of a service.
Parameters: |
|
---|---|
Returns: | A dictionary keyed by region_name with values containing
dictionaries keyed by interface with values being a list of
|
get_api_major_version
(auth=None, **kwargs)¶Get the major API version as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: | keystoneauth1.exceptions.auth_plugins.MissingAuthPlugin – if a plugin is not available. |
Returns: | The major version of the API of the service discovered. |
Return type: | tuple or None |
get_endpoint
(auth=None, **kwargs)¶Get an endpoint as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: | keystoneauth1.exceptions.auth_plugins.MissingAuthPlugin – if a plugin is not available. |
Returns: | An endpoint if available or None. |
Return type: | str |
get_endpoint_data
(auth=None)¶Get the endpoint data for this Adapter’s endpoint.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Endpoint data if available or None. |
Return type: |
get_project_id
(auth=None)¶Return the authenticated project_id as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Current project_id or None if not supported by plugin. |
Return type: |
get_token
(auth=None)¶Return a token as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: | keystoneauth1.exceptions.auth.AuthorizationFailure – if a new token fetch fails. |
Returns: | A valid token. |
Return type: | str |
get_user_id
(auth=None)¶Return the authenticated user_id as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Current user_id or None if not supported by plugin. |
Return type: |
head
(url, **kwargs)¶invalidate
(auth=None)¶Invalidate an authentication plugin.
patch
(url, **kwargs)¶post
(url, **kwargs)¶put
(url, **kwargs)¶register_argparse_arguments
(parser, service_type=None)¶Attach arguments to a given argparse Parser for Adapters.
Parameters: |
|
---|
register_service_argparse_arguments
(parser, service_type)¶Attach arguments to a given argparse Parser for Adapters.
Parameters: |
|
---|
request
(url, method, **kwargs)¶keystoneauth1.adapter.
LegacyJsonAdapter
(session, service_type=None, service_name=None, interface=None, region_name=None, endpoint_override=None, version=None, auth=None, user_agent=None, connect_retries=None, logger=None, allow=None, additional_headers=None, client_name=None, client_version=None, allow_version_hack=None, global_request_id=None, min_version=None, max_version=None, default_microversion=None, status_code_retries=None, retriable_status_codes=None, raise_exc=None, rate_limit=None, concurrency=None)¶Bases: keystoneauth1.adapter.Adapter
Make something that looks like an old HTTPClient.
A common case when using an adapter is that we want an interface similar to the HTTPClients of old which returned the body as JSON as well.
You probably don’t want this if you are starting from scratch.
request
(*args, **kwargs)¶keystoneauth1.adapter.
register_adapter_argparse_arguments
(*args, **kwargs)¶keystoneauth1.adapter.
register_service_adapter_argparse_arguments
(*args, **kwargs)¶The passive components to version discovery.
The Discover object in discover.py contains functions that can create objects on your behalf. These functions are not usable from within the keystoneauth1 library because you will get dependency resolution issues.
The Discover object in this file provides the querying components of Discovery. This includes functions like url_for which allow you to retrieve URLs and the raw data specified in version discovery responses.
keystoneauth1.discover.
Discover
(session, url, authenticated=None)¶Bases: object
CURRENT_STATUSES
= ('stable', 'current', 'supported')¶DEPRECATED_STATUSES
= ('deprecated',)¶EXPERIMENTAL_STATUSES
= ('experimental',)¶data_for
(version, **kwargs)¶Return endpoint data for a version.
Parameters: | version (tuple) – The version is always a minimum version in the same major release as there should be no compatibility issues with using a version newer than the one asked for. |
---|---|
Returns: | the endpoint data for a URL that matches the required version (the format is described in version_data) or None if no match. |
Return type: | dict |
raw_version_data
(allow_experimental=False, allow_deprecated=True, allow_unknown=False)¶Get raw version information from URL.
Raw data indicates that only minimal validation processing is performed on the data, so what is returned here will be the data in the same format it was received from the endpoint.
Parameters: | |
---|---|
Returns: | The endpoints returned from the server that match the criteria. |
Return type: |
url_for
(version, **kwargs)¶Get the endpoint url for a version.
Parameters: | version (tuple) – The version is always a minimum version in the same major release as there should be no compatibility issues with using a version newer than the one asked for. |
---|---|
Returns: | The url for the specified version or None if no match. |
Return type: | str |
version_data
(reverse=False, **kwargs)¶Get normalized version data.
Return version data in a structured way.
Parameters: | reverse (bool) – Reverse the list. reverse=true will mean the returned list is sorted from newest to oldest version. |
---|---|
Returns: | A list of VersionData sorted by version number. |
Return type: | list(VersionData) |
version_string_data
(reverse=False, **kwargs)¶Get normalized version data with versions as strings.
Return version data in a structured way.
Parameters: | reverse (bool) – Reverse the list. reverse=true will mean the returned list is sorted from newest to oldest version. |
---|---|
Returns: | A list of VersionData sorted by version number. |
Return type: | list(VersionData) |
versioned_data_for
(url=None, min_version=None, max_version=None, **kwargs)¶Return endpoint data for the service at a url.
min_version and max_version can be given either as strings or tuples.
Parameters: |
|
---|---|
Returns: | the endpoint data for a URL that matches the required version (the format is described in version_data) or None if no match. |
Return type: |
versioned_url_for
(min_version=None, max_version=None, **kwargs)¶Get the endpoint url for a version.
min_version and max_version can be given either as strings or tuples.
Parameters: |
|
---|---|
Returns: | The url for the specified version or None if no match. |
Return type: |
keystoneauth1.discover.
EndpointData
(catalog_url=None, service_url=None, service_type=None, service_name=None, service_id=None, region_name=None, interface=None, endpoint_id=None, raw_endpoint=None, api_version=None, major_version=None, min_microversion=None, max_microversion=None, next_min_version=None, not_before=None, status=None)¶Bases: object
Normalized information about a discovered endpoint.
Contains url, version, microversion, interface and region information. This is essentially the data contained in the catalog and the version discovery documents about an endpoint that is used to select the endpoint desired by the user. It is returned so that a user can know which qualities a discovered endpoint had, in case their request allowed for a range of possibilities.
get_all_version_string_data
(session, project_id=None)¶Return version data for all versions discovery can find.
Parameters: | project_id (string) – ID of the currently scoped project. Used for removing project_id components of URLs from the catalog. (optional) |
---|---|
Returns: | A list of VersionData sorted by version number. |
Return type: | list(VersionData) |
get_current_versioned_data
(session, allow=None, cache=None, project_id=None)¶Run version discovery on the current endpoint.
A simplified version of get_versioned_data, get_current_versioned_data runs discovery but only on the endpoint that has been found already.
It can be useful in some workflows where the user wants version information about the endpoint they have.
Parameters: |
|
---|---|
Returns: | A new EndpointData with the requested versioned data. |
Return type: | |
Raises: | keystoneauth1.exceptions.discovery.DiscoveryFailure – If the appropriate versioned data could not be discovered. |
get_versioned_data
(session, allow=None, cache=None, allow_version_hack=True, project_id=None, discover_versions=True, min_version=None, max_version=None)¶Run version discovery for the service described.
Performs Version Discovery and returns a new EndpointData object with information found.
min_version and max_version can be given either as strings or tuples.
Parameters: |
|
---|---|
Returns: | A new EndpointData with the requested versioned data. |
Return type: | |
Raises: | keystoneauth1.exceptions.discovery.DiscoveryFailure – If the appropriate versioned data could not be discovered. |
url
¶keystoneauth1.discover.
Status
¶Bases: object
CURRENT
= 'CURRENT'¶DEPRECATED
= 'DEPRECATED'¶EXPERIMENTAL
= 'EXPERIMENTAL'¶KNOWN
= ('CURRENT', 'SUPPORTED', 'DEPRECATED', 'EXPERIMENTAL')¶SUPPORTED
= 'SUPPORTED'¶UNKNOWN
= 'UNKNOWN'¶normalize
(raw_status)¶Turn a status into a canonical status value.
If the status from the version discovery document does not match one of the known values, it will be set to ‘UNKNOWN’.
Parameters: | raw_status (str) – Status value from a discovery document. |
---|---|
Returns: | A canonicalized version of the status. Valid values are CURRENT, SUPPORTED, DEPRECATED, EXPERIMENTAL and UNKNOWN |
Return type: | str |
keystoneauth1.discover.
VersionData
(version, url, collection=None, max_microversion=None, min_microversion=None, next_min_version=None, not_before=None, status='CURRENT', raw_status=None)¶Bases: dict
Normalized Version Data about an endpoint.
collection
¶The URL for the discovery document.
May be None.
max_microversion
¶The maximum microversion supported by the endpoint.
May be None.
min_microversion
¶The minimum microversion supported by the endpoint.
May be None.
raw_status
¶The status as provided by the server.
status
¶A canonicalized version of the status.
Valid values are CURRENT, SUPPORTED, DEPRECATED and EXPERIMENTAL.
url
¶The url for the endpoint.
version
¶The normalized version of the endpoint.
keystoneauth1.discover.
add_catalog_discover_hack
(service_type, old, new)¶Add a version removal rule for a particular service.
Originally deployments of OpenStack would contain a versioned endpoint in
the catalog for different services. E.g. an identity service might look
like http://localhost:5000/v2.0
. This is a problem when we want to use
a different version like v3.0 as there is no way to tell where it is
located. We cannot simply change all service catalogs either so there must
be a way to handle the older style of catalog.
This function adds a rule for a given service type that if part of the URL matches a given regular expression in old then it will be replaced with the new value. This will replace all instances of old with new. It should therefore contain a regex anchor.
For example the included rule states:
add_catalog_version_hack('identity', re.compile('/v2.0/?$'), '/')
so if the catalog retrieves an identity URL that ends with /v2.0 or /v2.0/ then it should replace it simply with / to fix the user’s catalog.
Parameters: |
---|
keystoneauth1.discover.
get_discovery
(session, url, cache=None, authenticated=False)¶Return the discovery object for a URL.
Check the session and the plugin cache to see if we have already performed discovery on the URL and if so return it, otherwise create a new discovery object, cache it and return it.
NOTE: This function is expected to be used by keystoneauth and should not be needed by users part of normal usage. A normal user should use get_endpoint or get_endpoint_data on keystoneauth.session.Session or endpoint_filters on keystoneauth.session.Session or keystoneauth.session.Session. However, should the user need to perform direct discovery for some reason, this function should be used so that the discovery caching is used.
Parameters: |
|
---|---|
Raises: |
|
Returns: | A discovery object with the results of looking up that URL. |
Return type: |
|
keystoneauth1.discover.
get_version_data
(session, url, authenticated=None)¶Retrieve raw version data from a url.
The return is a list of dicts of the form:
[{
'status': 'STABLE',
'id': 'v2.3',
'links': [
{
'href': 'http://network.example.com/v2.3',
'rel': 'self',
},
{
'href': 'http://network.example.com/',
'rel': 'collection',
},
],
'min_version': '2.0',
'max_version': '2.7',
},
...,
]
Note: The maximum microversion may be specified by max_version or version, the former superseding the latter. All *version keys are optional. Other keys and ‘links’ entries are permitted, but ignored.
Parameters: |
|
---|---|
Returns: | A list of dicts containing version information. |
Return type: |
keystoneauth1.discover.
normalize_version_number
(version)¶Turn a version representation into a tuple.
Examples:
The following all produce a return value of (1, 0):
1, '1', 'v1', [1], (1,), ['1'], 1.0, '1.0', 'v1.0', (1, 0)
The following all produce a return value of (1, 20, 3):
'v1.20.3', '1.20.3', (1, 20, 3), ['1', '20', '3']
The following all produce a return value of (LATEST, LATEST):
'latest', 'vlatest', ('latest', 'latest'), (LATEST, LATEST)
The following all produce a return value of (2, LATEST):
'2.latest', 'v2.latest', (2, LATEST), ('2', 'latest')
Parameters: | version – A version specifier in any of the following forms: String, possibly prefixed with ‘v’, containing one or more numbers or the string ‘latest’, separated by periods. Examples: ‘v1’, ‘v1.2’, ‘1.2.3’, ‘123’, ‘latest’, ‘1.latest’, ‘v1.latest’. Integer. This will be assumed to be the major version, with a minor version of 0. Float. The integer part is assumed to be the major version; the decimal part the minor version. Non-string iterable comprising integers, integer strings, the string ‘latest’, or the special value LATEST. Examples: (1,), [1, 2], (‘12’, ‘34’, ‘56’), (LATEST,), (2, ‘latest’) |
---|---|
Returns: | A tuple of len >= 2 comprising integers and/or LATEST. |
Raises: | TypeError – If the input version cannot be interpreted. |
keystoneauth1.discover.
version_between
(min_version, max_version, candidate)¶Determine whether a candidate version is within a specified range.
Parameters: |
|
---|---|
Returns: | True if candidate is between min_version and max_version; False otherwise. |
Raises: |
|
keystoneauth1.discover.
version_match
(required, candidate)¶Test that an available version satisfies the required version.
To be suitable a version must be of the same major version as required and be at least a match in minor/patch level.
eg. 3.3 is a match for a required 3.1 but 4.1 is not.
Parameters: | |
---|---|
Returns: | True if candidate is suitable False otherwise. |
Return type: |
keystoneauth1.noauth.
NoAuth
(endpoint=None)¶Bases: keystoneauth1.plugin.BaseAuthPlugin
A provider that will always use no auth.
This is useful to unify session/adapter loading for services that might be deployed in standalone/noauth mode.
get_endpoint
(session, **kwargs)¶Return the supplied endpoint.
Using this plugin the same endpoint is returned regardless of the parameters passed to the plugin. endpoint_override overrides the endpoint specified when constructing the plugin.
get_token
(session, **kwargs)¶Obtain a token.
How the token is obtained is up to the plugin. If it is still valid it may be re-used, retrieved from cache or invoke an authentication request against a server.
There are no required kwargs. They are passed directly to the auth plugin and they are implementation specific.
Returning None will indicate that no token was able to be retrieved.
This function is misplaced as it should only be required for auth plugins that use the ‘X-Auth-Token’ header. However due to the way plugins evolved this method is required and often called to trigger an authentication request on a new plugin.
When implementing a new plugin it is advised that you implement this method, however if you don’t require the ‘X-Auth-Token’ header override the get_headers method instead.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A token to use. |
Return type: | string |
keystoneauth1.plugin.
BaseAuthPlugin
¶Bases: object
The basic structure of an authentication plugin.
Note
See Authentication Plugins for a description of plugins provided by this library.
get_api_major_version
(session, endpoint_override=None, **kwargs)¶Get the major API version from the endpoint.
Parameters: |
|
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | Valid EndpointData or None if not available. |
Return type: | keystoneauth1.discover.EndpointData or None |
get_auth_state
()¶Retrieve the current authentication state for the plugin.
Retrieve any internal state that represents the authenticated plugin.
This should not fetch any new data if it is not present.
Raises: | NotImplementedError – if the plugin does not support this feature. |
---|---|
Returns: | raw python data (which can be JSON serialized) that can be moved into another plugin (of the same type) to have the same authenticated state. |
Return type: | object or None if unauthenticated. |
get_cache_id
()¶Fetch an identifier that uniquely identifies the auth options.
The returned identifier need not be decomposable or otherwise provide anyway to recreate the plugin. It should not contain sensitive data in plaintext.
This string MUST change if any of the parameters that are used to uniquely identity this plugin change.
If get_cache_id returns a str value suggesting that caching is supported then get_auth_cache and set_auth_cache must also be implemented.
Returns: | A unique string for the set of options |
---|---|
Return type: | str or None if this is unsupported or unavailable. |
get_connection_params
(session, **kwargs)¶Return any additional connection parameters required for the plugin.
Parameters: | session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to. |
---|---|
Returns: | Headers that are set to authenticate a message or None for failure. Note that when checking this value that the empty dict is a valid, non-failure response. |
Return type: | dict |
get_endpoint
(session, **kwargs)¶Return an endpoint for the client.
There are no required keyword arguments to get_endpoint
as a plugin
implementation should use best effort with the information available to
determine the endpoint. However there are certain standard options that
will be generated by the clients and should be used by plugins:
service_type
: what sort of service is required.service_name
: the name of the service in the catalog.interface
: what visibility the endpoint should have.region_name
: the region the endpoint exists in.Parameters: | session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to. |
---|---|
Returns: | The base URL that will be used to talk to the required service or None if not available. |
Return type: | string |
get_endpoint_data
(session, endpoint_override=None, discover_versions=True, **kwargs)¶Return a valid endpoint data for a the service.
Parameters: |
|
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | Valid EndpointData or None if not available. |
Return type: | keystoneauth1.discover.EndpointData or None |
get_headers
(session, **kwargs)¶Fetch authentication headers for message.
This is a more generalized replacement of the older get_token to allow plugins to specify different or additional authentication headers to the OpenStack standard ‘X-Auth-Token’ header.
How the authentication headers are obtained is up to the plugin. If the headers are still valid they may be re-used, retrieved from cache or the plugin may invoke an authentication request against a server.
The default implementation of get_headers calls the get_token method to enable older style plugins to continue functioning unchanged. Subclasses should feel free to completely override this function to provide the headers that they want.
There are no required kwargs. They are passed directly to the auth plugin and they are implementation specific.
Returning None will indicate that no token was able to be retrieved and that authorization was a failure. Adding no authentication data can be achieved by returning an empty dictionary.
Parameters: | session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to. |
---|---|
Returns: | Headers that are set to authenticate a message or None for failure. Note that when checking this value that the empty dict is a valid, non-failure response. |
Return type: | dict |
get_project_id
(session, **kwargs)¶Return the project id that we are authenticated to.
Wherever possible the project id should be inferred from the token however there are certain URLs and other places that require access to the currently authenticated project id.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A project identifier or None if one is not available. |
Return type: | str |
get_sp_auth_url
(session, sp_id, **kwargs)¶Return auth_url from the Service Provider object.
This url is used for obtaining unscoped federated token from remote cloud.
Parameters: | sp_id (string) – ID of the Service Provider to be queried. |
---|---|
Returns: | A Service Provider auth_url or None if one is not available. |
Return type: | str |
get_sp_url
(session, sp_id, **kwargs)¶Return sp_url from the Service Provider object.
This url is used for passing SAML2 assertion to the remote cloud.
Parameters: | sp_id (str) – ID of the Service Provider to be queried. |
---|---|
Returns: | A Service Provider sp_url or None if one is not available. |
Return type: | str |
get_token
(session, **kwargs)¶Obtain a token.
How the token is obtained is up to the plugin. If it is still valid it may be re-used, retrieved from cache or invoke an authentication request against a server.
There are no required kwargs. They are passed directly to the auth plugin and they are implementation specific.
Returning None will indicate that no token was able to be retrieved.
This function is misplaced as it should only be required for auth plugins that use the ‘X-Auth-Token’ header. However due to the way plugins evolved this method is required and often called to trigger an authentication request on a new plugin.
When implementing a new plugin it is advised that you implement this method, however if you don’t require the ‘X-Auth-Token’ header override the get_headers method instead.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A token to use. |
Return type: | string |
get_user_id
(session, **kwargs)¶Return a unique user identifier of the plugin.
Wherever possible the user id should be inferred from the token however there are certain URLs and other places that require access to the currently authenticated user id.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A user identifier or None if one is not available. |
Return type: | str |
invalidate
()¶Invalidate the current authentication data.
This should result in fetching a new token on next call.
A plugin may be invalidated if an Unauthorized HTTP response is returned to indicate that the token may have been revoked or is otherwise now invalid.
Returns: | True if there was something that the plugin did to invalidate. This means that it makes sense to try again. If nothing happens returns False to indicate give up. |
---|---|
Return type: | bool |
set_auth_state
(data)¶Install existing authentication state for a plugin.
Take the output of get_auth_state and install that authentication state into the current authentication plugin.
Raises: | NotImplementedError – if the plugin does not support this feature. |
---|
keystoneauth1.service_token.
ServiceTokenAuthWrapper
(user_auth, service_auth)¶Bases: keystoneauth1.plugin.BaseAuthPlugin
get_connection_params
(*args, **kwargs)¶Return any additional connection parameters required for the plugin.
Parameters: | session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to. |
---|---|
Returns: | Headers that are set to authenticate a message or None for failure. Note that when checking this value that the empty dict is a valid, non-failure response. |
Return type: | dict |
get_endpoint
(*args, **kwargs)¶Return an endpoint for the client.
There are no required keyword arguments to get_endpoint
as a plugin
implementation should use best effort with the information available to
determine the endpoint. However there are certain standard options that
will be generated by the clients and should be used by plugins:
service_type
: what sort of service is required.service_name
: the name of the service in the catalog.interface
: what visibility the endpoint should have.region_name
: the region the endpoint exists in.Parameters: | session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to. |
---|---|
Returns: | The base URL that will be used to talk to the required service or None if not available. |
Return type: | string |
get_headers
(session, **kwargs)¶Fetch authentication headers for message.
This is a more generalized replacement of the older get_token to allow plugins to specify different or additional authentication headers to the OpenStack standard ‘X-Auth-Token’ header.
How the authentication headers are obtained is up to the plugin. If the headers are still valid they may be re-used, retrieved from cache or the plugin may invoke an authentication request against a server.
The default implementation of get_headers calls the get_token method to enable older style plugins to continue functioning unchanged. Subclasses should feel free to completely override this function to provide the headers that they want.
There are no required kwargs. They are passed directly to the auth plugin and they are implementation specific.
Returning None will indicate that no token was able to be retrieved and that authorization was a failure. Adding no authentication data can be achieved by returning an empty dictionary.
Parameters: | session (keystoneauth1.session.Session) – The session object that the auth_plugin belongs to. |
---|---|
Returns: | Headers that are set to authenticate a message or None for failure. Note that when checking this value that the empty dict is a valid, non-failure response. |
Return type: | dict |
get_project_id
(*args, **kwargs)¶Return the project id that we are authenticated to.
Wherever possible the project id should be inferred from the token however there are certain URLs and other places that require access to the currently authenticated project id.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A project identifier or None if one is not available. |
Return type: | str |
get_sp_auth_url
(*args, **kwargs)¶Return auth_url from the Service Provider object.
This url is used for obtaining unscoped federated token from remote cloud.
Parameters: | sp_id (string) – ID of the Service Provider to be queried. |
---|---|
Returns: | A Service Provider auth_url or None if one is not available. |
Return type: | str |
get_sp_url
(*args, **kwargs)¶Return sp_url from the Service Provider object.
This url is used for passing SAML2 assertion to the remote cloud.
Parameters: | sp_id (str) – ID of the Service Provider to be queried. |
---|---|
Returns: | A Service Provider sp_url or None if one is not available. |
Return type: | str |
get_token
(*args, **kwargs)¶Obtain a token.
How the token is obtained is up to the plugin. If it is still valid it may be re-used, retrieved from cache or invoke an authentication request against a server.
There are no required kwargs. They are passed directly to the auth plugin and they are implementation specific.
Returning None will indicate that no token was able to be retrieved.
This function is misplaced as it should only be required for auth plugins that use the ‘X-Auth-Token’ header. However due to the way plugins evolved this method is required and often called to trigger an authentication request on a new plugin.
When implementing a new plugin it is advised that you implement this method, however if you don’t require the ‘X-Auth-Token’ header override the get_headers method instead.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A token to use. |
Return type: | string |
get_user_id
(*args, **kwargs)¶Return a unique user identifier of the plugin.
Wherever possible the user id should be inferred from the token however there are certain URLs and other places that require access to the currently authenticated user id.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A user identifier or None if one is not available. |
Return type: | str |
invalidate
()¶Invalidate the current authentication data.
This should result in fetching a new token on next call.
A plugin may be invalidated if an Unauthorized HTTP response is returned to indicate that the token may have been revoked or is otherwise now invalid.
Returns: | True if there was something that the plugin did to invalidate. This means that it makes sense to try again. If nothing happens returns False to indicate give up. |
---|---|
Return type: | bool |
keystoneauth1.session.
NoOpSemaphore
¶Bases: object
Empty context manager for use as a default semaphore.
keystoneauth1.session.
RequestTiming
(method, url, elapsed)¶Bases: object
Contains timing information for an HTTP interaction.
elapsed
= None¶Elapsed time information
method
= None¶HTTP method used for the call (GET, POST, etc)
url
= None¶URL against which the call was made
keystoneauth1.session.
Session
(auth=None, session=None, original_ip=None, verify=True, cert=None, timeout=None, user_agent=None, redirect=30, additional_headers=None, app_name=None, app_version=None, additional_user_agent=None, discovery_cache=None, split_loggers=None, collect_timing=False, rate_semaphore=None)¶Bases: object
Maintains client communication state and common functionality.
As much as possible the parameters to this class reflect and are passed
directly to the requests
library.
Parameters: |
|
---|
adapters
¶get_all_version_data
(auth=None, interface='public', region_name=None, service_type=None, **kwargs)¶Get version data for all services in the catalog.
Parameters: |
|
---|---|
Returns: | A dictionary keyed by region_name with values containing dictionaries keyed by interface with values being a list of ~keystoneauth1.discover.VersionData. |
get_api_major_version
(auth=None, **kwargs)¶Get the major API version as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: | keystoneauth1.exceptions.auth_plugins.MissingAuthPlugin – if a plugin is not available. |
Returns: | The major version of the API of the service discovered. |
Return type: | tuple or None |
get_auth_connection_params
(auth=None, **kwargs)¶Return auth connection params as provided by the auth plugin.
An auth plugin may specify connection parameters to the request like providing a client certificate for communication.
We restrict the values that may be returned from this function to prevent an auth plugin overriding values unrelated to connection parmeters. The values that are currently accepted are:
These values are passed to the requests library and further information on accepted values may be found there.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for tokens. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Authentication headers or None for failure. |
Return type: |
get_auth_headers
(auth=None, **kwargs)¶Return auth headers as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Authentication headers or None for failure. |
Return type: |
get_endpoint
(auth=None, **kwargs)¶Get an endpoint as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: | keystoneauth1.exceptions.auth_plugins.MissingAuthPlugin – if a plugin is not available. |
Returns: | An endpoint if available or None. |
Return type: | string |
get_endpoint_data
(auth=None, **kwargs)¶Get endpoint data as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Endpoint data if available or None. |
Return type: |
get_project_id
(auth=None)¶Return the authenticated project_id as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Current project_id or None if not supported by plugin. |
Return type: |
get_timings
()¶Return collected API timing information.
Returns: | List of RequestTiming objects. |
---|
get_token
(auth=None)¶Return a token as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Warning
DEPRECATED: This assumes that the only header that is used to
authenticate a message is X-Auth-Token
. This may not be
correct. Use get_auth_headers()
instead.
Returns: | A valid token. |
---|---|
Return type: | string |
get_user_id
(auth=None)¶Return the authenticated user_id as provided by the auth plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Current user_id or None if not supported by plugin. |
Return type: |
invalidate
(auth=None)¶Invalidate an authentication plugin.
Parameters: | auth (keystoneauth1.plugin.BaseAuthPlugin) – The auth plugin to invalidate. Overrides the plugin on the session. (optional) |
---|
mount
(scheme, adapter)¶request
(url, method, json=None, original_ip=None, user_agent=None, redirect=None, authenticated=None, endpoint_filter=None, auth=None, requests_auth=None, raise_exc=True, allow_reauth=True, log=True, endpoint_override=None, connect_retries=0, logger=None, allow=None, client_name=None, client_version=None, microversion=None, microversion_service_type=None, status_code_retries=0, retriable_status_codes=None, rate_semaphore=None, **kwargs)¶Send an HTTP request with the specified characteristics.
Wrapper around requests.Session.request to handle tasks such as setting headers, JSON encoding/decoding, and error handling.
Arguments that are not handled are passed through to the requests library.
Parameters: |
|
---|---|
Raises: | keystoneauth1.exceptions.base.ClientException – For connection failure, or to indicate an error response code. |
Returns: | The response to the request. |
reset_timings
()¶Clear API timing information.
user_agent
= None¶keystoneauth1.session.
TCPKeepAliveAdapter
(pool_connections=10, pool_maxsize=10, max_retries=0, pool_block=False)¶Bases: requests.adapters.HTTPAdapter
The custom adapter used to set TCP Keep-Alive on all connections.
This Adapter also preserves the default behaviour of Requests which disables Nagle’s Algorithm. See also: https://blogs.msdn.com/b/windowsazurestorage/archive/2010/06/25/nagle-s-algorithm-is-not-friendly-towards-small-requests.aspx
init_poolmanager
(*args, **kwargs)¶Initializes a urllib3 PoolManager.
This method should not be called from user code, and is only
exposed for use when subclassing the
HTTPAdapter
.
Parameters: |
|
---|
keystoneauth1.token_endpoint.
Token
(endpoint, token)¶Bases: keystoneauth1.plugin.BaseAuthPlugin
A provider that will always use the given token and endpoint.
This is really only useful for testing and in certain CLI cases where you have a known endpoint and admin token that you want to use.
get_auth_ref
(session, **kwargs)¶Return the authentication reference of an auth plugin.
Parameters: | session (keystoneauth1.session.session) – A session object to be used for communication |
---|
get_endpoint
(session, **kwargs)¶Return the supplied endpoint.
Using this plugin the same endpoint is returned regardless of the parameters passed to the plugin.
get_endpoint_data
(session, endpoint_override=None, discover_versions=True, **kwargs)¶Return a valid endpoint data for a the service.
Parameters: |
|
---|---|
Raises: | keystoneauth1.exceptions.http.HttpError – An error from an invalid HTTP response. |
Returns: | Valid EndpointData or None if not available. |
Return type: | keystoneauth1.discover.EndpointData or None |
get_token
(session)¶Obtain a token.
How the token is obtained is up to the plugin. If it is still valid it may be re-used, retrieved from cache or invoke an authentication request against a server.
There are no required kwargs. They are passed directly to the auth plugin and they are implementation specific.
Returning None will indicate that no token was able to be retrieved.
This function is misplaced as it should only be required for auth plugins that use the ‘X-Auth-Token’ header. However due to the way plugins evolved this method is required and often called to trigger an authentication request on a new plugin.
When implementing a new plugin it is advised that you implement this method, however if you don’t require the ‘X-Auth-Token’ header override the get_headers method instead.
Parameters: | session (keystoneauth1.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A token to use. |
Return type: | string |
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.