keystoneauth1.access package

Submodules

keystoneauth1.access.access module

class keystoneauth1.access.access.AccessInfo(body, auth_token=None)

Bases: object

Encapsulates a raw authentication token from keystone.

Provides helper methods for extracting useful values from that token.

property audit_chain_id

Return the audit chain ID if present.

In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.

Returns

str or None.

property audit_id

Return the audit ID if present.

Returns

str or None.

property auth_token

Return the token_id associated with the auth request.

To be used in headers for authenticating OpenStack API requests.

Returns

str

property bind

Information about external mechanisms the token is bound to.

If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.

Returns

A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.

property domain_id

Return the domain id associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_name

Return the domain name associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_scoped

Return true if the auth token was scoped to a domain.

Returns

bool

property expires

Return the token expiration (as datetime object).

Returns

datetime

has_service_catalog()

Return true if the auth token has a service catalog.

Returns

boolean

property initial_audit_id

The audit ID of the initially requested token.

This is the audit_chain_id if present or the audit_id.

property is_admin_project

Return true if the current project scope is the admin project.

For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.

:returns boolean

property is_federated

Return true if federation was used to get the token.

Returns

boolean

property issued

Return the token issue time (as datetime object).

Returns

datetime

property oauth_access_token_id

Return the access token ID if OAuth authentication used.

Returns

str or None.

property oauth_consumer_id

Return the consumer ID if OAuth authentication used.

Returns

str or None.

property project_domain_id

Return the project’s domain id associated with the auth request.

Returns

str

property project_domain_name

Return the project’s domain name associated with the auth request.

Returns

str

property project_id

Return the project ID associated with the auth request.

This returns None if the auth token wasn’t scoped to a project.

Returns

str or None (if no project associated with the token)

property project_is_domain

Return if a project act as a domain.

Returns

bool

property project_name

Return the project name associated with the auth request.

Returns

str or None (if no project associated with the token)

property project_scoped

Return true if the auth token was scoped to a tenant (project).

Returns

bool

property role_ids

Return a list of user’s role ids associated with the auth request.

Returns

a list of strings of role ids

property role_names

Return a list of user’s role names associated with the auth request.

Returns

a list of strings of role names

property scoped

Return true if the auth token was scoped.

Returns true if scoped to a tenant(project) or domain, and contains a populated service catalog.

This is deprecated, use project_scoped instead.

Returns

bool

property service_catalog
property service_providers

Return an object representing the list of trusted service providers.

Used for Keystone2Keystone federating-out.

Returns

keystoneauth1.service_providers.ServiceProviders or None

property system_scoped

Return true if the auth token was scoped to the system.

Returns

bool

property tenant_id

Synonym for project_id.

property tenant_name

Synonym for project_name.

property trust_id

Return the trust id associated with the auth request.

Returns

str or None (if no trust associated with the token)

property trust_scoped

Return true if the auth token was scoped from a delegated trust.

The trust delegation is via the OS-TRUST v3 extension.

Returns

bool

property trustee_user_id

Return the trustee user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property trustor_user_id

Return the trustor user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property user_domain_id

Return the user’s domain id associated with the auth request.

Returns

str

property user_domain_name

Return the user’s domain name associated with the auth request.

Returns

str

property user_id

Return the user id associated with the auth request.

Returns

str

property username

Return the username associated with the auth request.

Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.

Returns

str

will_expire_soon(stale_duration=30)

Determine if expiration is about to occur.

Returns

true if expiration is within the given duration

Return type

boolean

class keystoneauth1.access.access.AccessInfoV2(body, auth_token=None)

Bases: keystoneauth1.access.access.AccessInfo

An object for encapsulating raw v2 auth token from identity service.

property audit_chain_id

Return the audit chain ID if present.

In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.

Returns

str or None.

property audit_id

Return the audit ID if present.

Returns

str or None.

property auth_token

Return the token_id associated with the auth request.

To be used in headers for authenticating OpenStack API requests.

Returns

str

property bind

Information about external mechanisms the token is bound to.

If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.

Returns

A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.

property domain_id

Return the domain id associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_name

Return the domain name associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_scoped

Return true if the auth token was scoped to a domain.

Returns

bool

property expires

Return the token expiration (as datetime object).

Returns

datetime

has_service_catalog()

Return true if the auth token has a service catalog.

Returns

boolean

property is_admin_project

Return true if the current project scope is the admin project.

For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.

:returns boolean

property is_federated

Return true if federation was used to get the token.

Returns

boolean

property issued

Return the token issue time (as datetime object).

Returns

datetime

property oauth_access_token_id

Return the access token ID if OAuth authentication used.

Returns

str or None.

property oauth_consumer_id

Return the consumer ID if OAuth authentication used.

Returns

str or None.

property project_domain_id

Return the project’s domain id associated with the auth request.

Returns

str

property project_domain_name

Return the project’s domain name associated with the auth request.

Returns

str

property project_id

Return the project ID associated with the auth request.

This returns None if the auth token wasn’t scoped to a project.

Returns

str or None (if no project associated with the token)

property project_is_domain

Return if a project act as a domain.

Returns

bool

property project_name

Return the project name associated with the auth request.

Returns

str or None (if no project associated with the token)

property role_ids

Return a list of user’s role ids associated with the auth request.

Returns

a list of strings of role ids

property role_names

Return a list of user’s role names associated with the auth request.

Returns

a list of strings of role names

property service_providers

Return an object representing the list of trusted service providers.

Used for Keystone2Keystone federating-out.

Returns

keystoneauth1.service_providers.ServiceProviders or None

property system_scoped

Return true if the auth token was scoped to the system.

Returns

bool

property trust_id

Return the trust id associated with the auth request.

Returns

str or None (if no trust associated with the token)

property trust_scoped

Return true if the auth token was scoped from a delegated trust.

The trust delegation is via the OS-TRUST v3 extension.

Returns

bool

property trustee_user_id

Return the trustee user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property trustor_user_id

Return the trustor user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property user_domain_id

Return the user’s domain id associated with the auth request.

Returns

str

property user_domain_name

Return the user’s domain name associated with the auth request.

Returns

str

property user_id

Return the user id associated with the auth request.

Returns

str

property username

Return the username associated with the auth request.

Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.

Returns

str

version = 'v2.0'
class keystoneauth1.access.access.AccessInfoV3(body, auth_token=None)

Bases: keystoneauth1.access.access.AccessInfo

An object encapsulating raw v3 auth token from identity service.

property application_credential
property application_credential_access_rules
property application_credential_id
property audit_chain_id

Return the audit chain ID if present.

In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.

Returns

str or None.

property audit_id

Return the audit ID if present.

Returns

str or None.

property bind

Information about external mechanisms the token is bound to.

If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.

Returns

A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.

property domain_id

Return the domain id associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_name

Return the domain name associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_scoped

Return true if the auth token was scoped to a domain.

Returns

bool

property expires

Return the token expiration (as datetime object).

Returns

datetime

has_service_catalog()

Return true if the auth token has a service catalog.

Returns

boolean

property is_admin_project

Return true if the current project scope is the admin project.

For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.

:returns boolean

property is_federated

Return true if federation was used to get the token.

Returns

boolean

property issued

Return the token issue time (as datetime object).

Returns

datetime

property oauth_access_token_id

Return the access token ID if OAuth authentication used.

Returns

str or None.

property oauth_consumer_id

Return the consumer ID if OAuth authentication used.

Returns

str or None.

property project_domain_id

Return the project’s domain id associated with the auth request.

Returns

str

property project_domain_name

Return the project’s domain name associated with the auth request.

Returns

str

property project_id

Return the project ID associated with the auth request.

This returns None if the auth token wasn’t scoped to a project.

Returns

str or None (if no project associated with the token)

property project_is_domain

Return if a project act as a domain.

Returns

bool

property project_name

Return the project name associated with the auth request.

Returns

str or None (if no project associated with the token)

property role_ids

Return a list of user’s role ids associated with the auth request.

Returns

a list of strings of role ids

property role_names

Return a list of user’s role names associated with the auth request.

Returns

a list of strings of role names

property service_providers

Return an object representing the list of trusted service providers.

Used for Keystone2Keystone federating-out.

Returns

keystoneauth1.service_providers.ServiceProviders or None

property system
property system_scoped

Return true if the auth token was scoped to the system.

Returns

bool

property trust_id

Return the trust id associated with the auth request.

Returns

str or None (if no trust associated with the token)

property trust_scoped

Return true if the auth token was scoped from a delegated trust.

The trust delegation is via the OS-TRUST v3 extension.

Returns

bool

property trustee_user_id

Return the trustee user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property trustor_user_id

Return the trustor user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property user_domain_id

Return the user’s domain id associated with the auth request.

Returns

str

property user_domain_name

Return the user’s domain name associated with the auth request.

Returns

str

property user_id

Return the user id associated with the auth request.

Returns

str

property username

Return the username associated with the auth request.

Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.

Returns

str

version = 'v3'
keystoneauth1.access.access.create(resp=None, body=None, auth_token=None)

keystoneauth1.access.service_catalog module

class keystoneauth1.access.service_catalog.ServiceCatalog(catalog)

Bases: object

Helper methods for dealing with a Keystone Service Catalog.

property catalog

Return the raw service catalog content, mostly useful for debugging.

Applications should avoid this and use accessor methods instead. However, there are times when inspecting the raw catalog can be useful for analysis and other reasons.

endpoint_data_for(service_type=None, interface='public', region_name=None, service_name=None, service_id=None, endpoint_id=None)

Fetch endpoint data from the service catalog.

Fetch the specified endpoint data from the service catalog for a particular endpoint attribute. If no attribute is given, return the first endpoint of the specified type.

Valid interface types: public or publicURL,

internal or internalURL, admin or ‘adminURL`

Parameters

  • service_type (string) – Service type of the endpoint.

  • interface – Type of endpoint. Can be a single value or a list of values. If it’s a list of values, they will be looked for in order of preference.

  • region_name (string) – Region of the endpoint.

  • service_name (string) – The assigned name of the service.

  • service_id (string) – The identifier of a service.

  • endpoint_id (string) – The identifier of an endpoint.

get_endpoint_data_list(service_type=None, interface='public', region_name=None, service_name=None, service_id=None, endpoint_id=None)

Fetch a flat list of matching EndpointData objects.

Fetch the endpoints from the service catalog for a particular endpoint attribute. If no attribute is given, return the first endpoint of the specified type.

Valid interface types: public or publicURL,

internal or internalURL, admin or ‘adminURL`

Parameters

  • service_type (string) – Service type of the endpoint.

  • interface – Type of endpoint. Can be a single value or a list of values. If it’s a list of values, they will be looked for in order of preference.

  • region_name (string) – Region of the endpoint.

  • service_name (string) – The assigned name of the service.

  • service_id (string) – The identifier of a service.

  • endpoint_id (string) – The identifier of an endpoint.

Returns

a list of matching EndpointData objects

Return type

list(keystoneauth1.discover.EndpointData)

get_endpoints(service_type=None, interface=None, region_name=None, service_name=None, service_id=None, endpoint_id=None)

Fetch and filter endpoint data for the specified service(s).

Returns endpoints for the specified service (or all) containing the specified type (or all) and region (or all) and service name.

If there is no name in the service catalog the service_name check will be skipped. This allows compatibility with services that existed before the name was available in the catalog.

Returns a dict keyed by service_type with a list of endpoint dicts

get_endpoints_data(service_type=None, interface=None, region_name=None, service_name=None, service_id=None, endpoint_id=None)

Fetch and filter endpoint data for the specified service(s).

Returns endpoints for the specified service (or all) containing the specified type (or all) and region (or all) and service name.

If there is no name in the service catalog the service_name check will be skipped. This allows compatibility with services that existed before the name was available in the catalog.

Valid interface types: public or publicURL,

internal or internalURL, admin or ‘adminURL`

Parameters

  • service_type (string) – Service type of the endpoint.

  • interface – Type of endpoint. Can be a single value or a list of values. If it’s a list of values, they will be looked for in order of preference.

  • region_name (string) – Region of the endpoint.

  • service_name (string) – The assigned name of the service.

  • service_id (string) – The identifier of a service.

  • endpoint_id (string) – The identifier of an endpoint.

Returns

a list of matching EndpointData objects

Return type

list(keystoneauth1.discover.EndpointData)

Returns

a dict, keyed by service_type, of lists of EndpointData

get_urls(service_type=None, interface='public', region_name=None, service_name=None, service_id=None, endpoint_id=None)

Fetch endpoint urls from the service catalog.

Fetch the urls of endpoints from the service catalog for a particular endpoint attribute. If no attribute is given, return the url of the first endpoint of the specified type.

Valid interface types: public or publicURL,

internal or internalURL, admin or ‘adminURL`

Parameters

  • service_type (string) – Service type of the endpoint.

  • interface – Type of endpoint. Can be a single value or a list of values. If it’s a list of values, they will be looked for in order of preference.

  • region_name (string) – Region of the endpoint.

  • service_name (string) – The assigned name of the service.

  • service_id (string) – The identifier of a service.

  • endpoint_id (string) – The identifier of an endpoint.

Returns

tuple of urls

abstract is_interface_match(endpoint, interface)

Helper function to normalize endpoint matching across v2 and v3.

Returns

True if the provided endpoint matches the required interface otherwise False.

normalize_catalog()

Return the catalog normalized into v3 format.

static normalize_interface(self, interface)

Handle differences in the way v2 and v3 catalogs specify endpoint.

Both v2 and v3 must be able to handle the endpoint style of the other. For example v2 must be able to handle a ‘public’ interface and v3 must be able to handle a ‘publicURL’ interface.

Returns

the endpoint string in the format appropriate for this service catalog.

url_for(service_type=None, interface='public', region_name=None, service_name=None, service_id=None, endpoint_id=None)

Fetch an endpoint from the service catalog.

Fetch the specified endpoint from the service catalog for a particular endpoint attribute. If no attribute is given, return the first endpoint of the specified type.

Valid interface types: public or publicURL,

internal or internalURL, admin or ‘adminURL`

Parameters

  • service_type (string) – Service type of the endpoint.

  • interface – Type of endpoint. Can be a single value or a list of values. If it’s a list of values, they will be looked for in order of preference.

  • region_name (string) – Region of the endpoint.

  • service_name (string) – The assigned name of the service.

  • service_id (string) – The identifier of a service.

  • endpoint_id (string) – The identifier of an endpoint.

class keystoneauth1.access.service_catalog.ServiceCatalogV2(catalog)

Bases: keystoneauth1.access.service_catalog.ServiceCatalog

An object for encapsulating the v2 service catalog.

The object is created using raw v2 auth token from Keystone.

classmethod from_token(token)
is_interface_match(endpoint, interface)

Helper function to normalize endpoint matching across v2 and v3.

Returns

True if the provided endpoint matches the required interface otherwise False.

static normalize_interface(interface)

Handle differences in the way v2 and v3 catalogs specify endpoint.

Both v2 and v3 must be able to handle the endpoint style of the other. For example v2 must be able to handle a ‘public’ interface and v3 must be able to handle a ‘publicURL’ interface.

Returns

the endpoint string in the format appropriate for this service catalog.

class keystoneauth1.access.service_catalog.ServiceCatalogV3(catalog)

Bases: keystoneauth1.access.service_catalog.ServiceCatalog

An object for encapsulating the v3 service catalog.

The object is created using raw v3 auth token from Keystone.

classmethod from_token(token)
is_interface_match(endpoint, interface)

Helper function to normalize endpoint matching across v2 and v3.

Returns

True if the provided endpoint matches the required interface otherwise False.

static normalize_interface(interface)

Handle differences in the way v2 and v3 catalogs specify endpoint.

Both v2 and v3 must be able to handle the endpoint style of the other. For example v2 must be able to handle a ‘public’ interface and v3 must be able to handle a ‘publicURL’ interface.

Returns

the endpoint string in the format appropriate for this service catalog.

keystoneauth1.access.service_providers module

class keystoneauth1.access.service_providers.ServiceProviders(service_providers)

Bases: object

Helper methods for dealing with Service Providers.

classmethod from_token(token)
get_auth_url(sp_id)
get_sp_url(sp_id)

Module contents

class keystoneauth1.access.AccessInfo(body, auth_token=None)

Bases: object

Encapsulates a raw authentication token from keystone.

Provides helper methods for extracting useful values from that token.

property audit_chain_id

Return the audit chain ID if present.

In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.

Returns

str or None.

property audit_id

Return the audit ID if present.

Returns

str or None.

property auth_token

Return the token_id associated with the auth request.

To be used in headers for authenticating OpenStack API requests.

Returns

str

property bind

Information about external mechanisms the token is bound to.

If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.

Returns

A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.

property domain_id

Return the domain id associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_name

Return the domain name associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_scoped

Return true if the auth token was scoped to a domain.

Returns

bool

property expires

Return the token expiration (as datetime object).

Returns

datetime

has_service_catalog()

Return true if the auth token has a service catalog.

Returns

boolean

property initial_audit_id

The audit ID of the initially requested token.

This is the audit_chain_id if present or the audit_id.

property is_admin_project

Return true if the current project scope is the admin project.

For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.

:returns boolean

property is_federated

Return true if federation was used to get the token.

Returns

boolean

property issued

Return the token issue time (as datetime object).

Returns

datetime

property oauth_access_token_id

Return the access token ID if OAuth authentication used.

Returns

str or None.

property oauth_consumer_id

Return the consumer ID if OAuth authentication used.

Returns

str or None.

property project_domain_id

Return the project’s domain id associated with the auth request.

Returns

str

property project_domain_name

Return the project’s domain name associated with the auth request.

Returns

str

property project_id

Return the project ID associated with the auth request.

This returns None if the auth token wasn’t scoped to a project.

Returns

str or None (if no project associated with the token)

property project_is_domain

Return if a project act as a domain.

Returns

bool

property project_name

Return the project name associated with the auth request.

Returns

str or None (if no project associated with the token)

property project_scoped

Return true if the auth token was scoped to a tenant (project).

Returns

bool

property role_ids

Return a list of user’s role ids associated with the auth request.

Returns

a list of strings of role ids

property role_names

Return a list of user’s role names associated with the auth request.

Returns

a list of strings of role names

property scoped

Return true if the auth token was scoped.

Returns true if scoped to a tenant(project) or domain, and contains a populated service catalog.

This is deprecated, use project_scoped instead.

Returns

bool

property service_catalog
property service_providers

Return an object representing the list of trusted service providers.

Used for Keystone2Keystone federating-out.

Returns

keystoneauth1.service_providers.ServiceProviders or None

property system_scoped

Return true if the auth token was scoped to the system.

Returns

bool

property tenant_id

Synonym for project_id.

property tenant_name

Synonym for project_name.

property trust_id

Return the trust id associated with the auth request.

Returns

str or None (if no trust associated with the token)

property trust_scoped

Return true if the auth token was scoped from a delegated trust.

The trust delegation is via the OS-TRUST v3 extension.

Returns

bool

property trustee_user_id

Return the trustee user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property trustor_user_id

Return the trustor user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property user_domain_id

Return the user’s domain id associated with the auth request.

Returns

str

property user_domain_name

Return the user’s domain name associated with the auth request.

Returns

str

property user_id

Return the user id associated with the auth request.

Returns

str

property username

Return the username associated with the auth request.

Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.

Returns

str

will_expire_soon(stale_duration=30)

Determine if expiration is about to occur.

Returns

true if expiration is within the given duration

Return type

boolean

class keystoneauth1.access.AccessInfoV2(body, auth_token=None)

Bases: keystoneauth1.access.access.AccessInfo

An object for encapsulating raw v2 auth token from identity service.

property audit_chain_id

Return the audit chain ID if present.

In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.

Returns

str or None.

property audit_id

Return the audit ID if present.

Returns

str or None.

property auth_token

Return the token_id associated with the auth request.

To be used in headers for authenticating OpenStack API requests.

Returns

str

property bind

Information about external mechanisms the token is bound to.

If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.

Returns

A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.

property domain_id

Return the domain id associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_name

Return the domain name associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_scoped

Return true if the auth token was scoped to a domain.

Returns

bool

property expires

Return the token expiration (as datetime object).

Returns

datetime

has_service_catalog()

Return true if the auth token has a service catalog.

Returns

boolean

property is_admin_project

Return true if the current project scope is the admin project.

For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.

:returns boolean

property is_federated

Return true if federation was used to get the token.

Returns

boolean

property issued

Return the token issue time (as datetime object).

Returns

datetime

property oauth_access_token_id

Return the access token ID if OAuth authentication used.

Returns

str or None.

property oauth_consumer_id

Return the consumer ID if OAuth authentication used.

Returns

str or None.

property project_domain_id

Return the project’s domain id associated with the auth request.

Returns

str

property project_domain_name

Return the project’s domain name associated with the auth request.

Returns

str

property project_id

Return the project ID associated with the auth request.

This returns None if the auth token wasn’t scoped to a project.

Returns

str or None (if no project associated with the token)

property project_is_domain

Return if a project act as a domain.

Returns

bool

property project_name

Return the project name associated with the auth request.

Returns

str or None (if no project associated with the token)

property role_ids

Return a list of user’s role ids associated with the auth request.

Returns

a list of strings of role ids

property role_names

Return a list of user’s role names associated with the auth request.

Returns

a list of strings of role names

property service_providers

Return an object representing the list of trusted service providers.

Used for Keystone2Keystone federating-out.

Returns

keystoneauth1.service_providers.ServiceProviders or None

property system_scoped

Return true if the auth token was scoped to the system.

Returns

bool

property trust_id

Return the trust id associated with the auth request.

Returns

str or None (if no trust associated with the token)

property trust_scoped

Return true if the auth token was scoped from a delegated trust.

The trust delegation is via the OS-TRUST v3 extension.

Returns

bool

property trustee_user_id

Return the trustee user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property trustor_user_id

Return the trustor user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property user_domain_id

Return the user’s domain id associated with the auth request.

Returns

str

property user_domain_name

Return the user’s domain name associated with the auth request.

Returns

str

property user_id

Return the user id associated with the auth request.

Returns

str

property username

Return the username associated with the auth request.

Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.

Returns

str

version = 'v2.0'
class keystoneauth1.access.AccessInfoV3(body, auth_token=None)

Bases: keystoneauth1.access.access.AccessInfo

An object encapsulating raw v3 auth token from identity service.

property application_credential
property application_credential_access_rules
property application_credential_id
property audit_chain_id

Return the audit chain ID if present.

In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.

Returns

str or None.

property audit_id

Return the audit ID if present.

Returns

str or None.

property bind

Information about external mechanisms the token is bound to.

If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.

Returns

A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.

property domain_id

Return the domain id associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_name

Return the domain name associated with the auth request.

Returns

str or None (if no domain associated with the token)

property domain_scoped

Return true if the auth token was scoped to a domain.

Returns

bool

property expires

Return the token expiration (as datetime object).

Returns

datetime

has_service_catalog()

Return true if the auth token has a service catalog.

Returns

boolean

property is_admin_project

Return true if the current project scope is the admin project.

For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.

:returns boolean

property is_federated

Return true if federation was used to get the token.

Returns

boolean

property issued

Return the token issue time (as datetime object).

Returns

datetime

property oauth_access_token_id

Return the access token ID if OAuth authentication used.

Returns

str or None.

property oauth_consumer_id

Return the consumer ID if OAuth authentication used.

Returns

str or None.

property project_domain_id

Return the project’s domain id associated with the auth request.

Returns

str

property project_domain_name

Return the project’s domain name associated with the auth request.

Returns

str

property project_id

Return the project ID associated with the auth request.

This returns None if the auth token wasn’t scoped to a project.

Returns

str or None (if no project associated with the token)

property project_is_domain

Return if a project act as a domain.

Returns

bool

property project_name

Return the project name associated with the auth request.

Returns

str or None (if no project associated with the token)

property role_ids

Return a list of user’s role ids associated with the auth request.

Returns

a list of strings of role ids

property role_names

Return a list of user’s role names associated with the auth request.

Returns

a list of strings of role names

property service_providers

Return an object representing the list of trusted service providers.

Used for Keystone2Keystone federating-out.

Returns

keystoneauth1.service_providers.ServiceProviders or None

property system
property system_scoped

Return true if the auth token was scoped to the system.

Returns

bool

property trust_id

Return the trust id associated with the auth request.

Returns

str or None (if no trust associated with the token)

property trust_scoped

Return true if the auth token was scoped from a delegated trust.

The trust delegation is via the OS-TRUST v3 extension.

Returns

bool

property trustee_user_id

Return the trustee user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property trustor_user_id

Return the trustor user id associated with a trust.

Returns

str or None (if no trust associated with the token)

property user_domain_id

Return the user’s domain id associated with the auth request.

Returns

str

property user_domain_name

Return the user’s domain name associated with the auth request.

Returns

str

property user_id

Return the user id associated with the auth request.

Returns

str

property username

Return the username associated with the auth request.

Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.

Returns

str

version = 'v3'
keystoneauth1.access.create(resp=None, body=None, auth_token=None)