keystoneclient.auth.identity.access.
AccessInfoPlugin
(auth_ref, auth_url=None)¶Bases: keystoneclient.auth.identity.base.BaseIdentityPlugin
A plugin that turns an existing AccessInfo object into a usable plugin.
There are cases where reuse of an auth_ref or AccessInfo object is warranted such as from a cache, from auth_token middleware, or another source.
Turn the existing access info object into an identity plugin. This plugin cannot be refreshed as the AccessInfo object does not contain any authorizing information.
Parameters: |
|
---|
get_auth_ref
(session, **kwargs)¶Obtain a token from an OpenStack Identity Service.
This method is overridden by the various token version plugins.
This method should not be called independently and is expected to be invoked via the do_authenticate() method.
This method will be invoked if the AccessInfo object cached by the plugin is not valid. Thus plugins should always fetch a new AccessInfo when invoked. If you are looking to just retrieve the current auth data then you should use get_access().
Parameters: | session (keystoneclient.session.Session) – A session object that can be used for communication. |
---|---|
Raises: |
|
Returns: | Token access information. |
Return type: |
invalidate
()¶Invalidate the current authentication data.
This should result in fetching a new token on next call.
A plugin may be invalidated if an Unauthorized HTTP response is returned to indicate that the token may have been revoked or is otherwise now invalid.
Returns: | True if there was something that the plugin did to invalidate. This means that it makes sense to try again. If nothing happens returns False to indicate give up. |
---|---|
Return type: | bool |
keystoneclient.auth.identity.base.
BaseIdentityPlugin
(auth_url=None, username=None, password=None, token=None, trust_id=None, reauthenticate=True)¶Bases: keystoneclient.auth.base.BaseAuthPlugin
MIN_TOKEN_LIFE_SECONDS
= 120¶get_access
(session, **kwargs)¶Fetch or return a current AccessInfo object.
If a valid AccessInfo is present then it is returned otherwise a new one will be fetched.
Parameters: | session (keystoneclient.session.Session) – A session object that can be used for communication. |
---|---|
Raises: | keystoneclient.exceptions.HttpError – An error from an invalid HTTP response. |
Returns: | Valid AccessInfo |
Return type: | keystoneclient.access.AccessInfo |
get_auth_ref
(session, **kwargs)¶Obtain a token from an OpenStack Identity Service.
This method is overridden by the various token version plugins.
This method should not be called independently and is expected to be invoked via the do_authenticate() method.
This method will be invoked if the AccessInfo object cached by the plugin is not valid. Thus plugins should always fetch a new AccessInfo when invoked. If you are looking to just retrieve the current auth data then you should use get_access().
Parameters: | session (keystoneclient.session.Session) – A session object that can be used for communication. |
---|---|
Raises: |
|
Returns: | Token access information. |
Return type: |
get_discovery
(session, url, authenticated=None)¶Return the discovery object for a URL.
Check the session and the plugin cache to see if we have already performed discovery on the URL and if so return it, otherwise create a new discovery object, cache it and return it.
This function is expected to be used by subclasses and should not be needed by users.
Parameters: |
|
---|---|
Raises: |
|
Returns: | A discovery object with the results of looking up that URL. |
get_endpoint
(session, service_type=None, interface=None, region_name=None, service_name=None, version=None, **kwargs)¶Return a valid endpoint for a service.
If a valid token is not present then a new one will be fetched using the session and kwargs.
Parameters: |
|
---|---|
Raises: | keystoneclient.exceptions.HttpError – An error from an invalid HTTP response. |
Returns: | A valid endpoint URL or None if not available. |
Return type: | string or None |
get_options
()¶Return the list of parameters associated with the auth plugin.
This list may be used to generate CLI or config arguments.
Returns: | A list of Param objects describing available plugin parameters. |
---|---|
Return type: | List |
get_project_id
(session, **kwargs)¶Return the project id that we are authenticated to.
Wherever possible the project id should be inferred from the token however there are certain URLs and other places that require access to the currently authenticated project id.
Parameters: | session (keystoneclient.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A project identifier or None if one is not available. |
Return type: | str |
get_token
(session, **kwargs)¶Return a valid auth token.
If a valid token is not present then a new one will be fetched.
Parameters: | session (keystoneclient.session.Session) – A session object that can be used for communication. |
---|---|
Raises: | keystoneclient.exceptions.HttpError – An error from an invalid HTTP response. |
Returns: | A valid token. |
Return type: | string |
get_user_id
(session, **kwargs)¶Return a unique user identifier of the plugin.
Wherever possible the user id should be inferred from the token however there are certain URLs and other places that require access to the currently authenticated user id.
Parameters: | session (keystoneclient.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A user identifier or None if one is not available. |
Return type: | str |
invalidate
()¶Invalidate the current authentication data.
This should result in fetching a new token on next call.
A plugin may be invalidated if an Unauthorized HTTP response is returned to indicate that the token may have been revoked or is otherwise now invalid.
Returns: | True if there was something that the plugin did to invalidate. This means that it makes sense to try again. If nothing happens returns False to indicate give up. |
---|---|
Return type: | bool |
password
¶Deprecated as of the 1.7.0 release.
It may be removed in the 2.0.0 release.
token
¶Deprecated as of the 1.7.0 release.
It may be removed in the 2.0.0 release.
trust_id
¶Deprecated as of the 1.7.0 release.
It may be removed in the 2.0.0 release.
username
¶Deprecated as of the 1.7.0 release.
It may be removed in the 2.0.0 release.
keystoneclient.auth.identity.base.
get_options
()¶keystoneclient.auth.identity.v2.
Auth
(auth_url, trust_id=None, tenant_id=None, tenant_name=None, reauthenticate=True)¶Bases: keystoneclient.auth.identity.base.BaseIdentityPlugin
Identity V2 Authentication Plugin.
Parameters: |
|
---|
get_auth_data
(headers=None)¶Return the authentication section of an auth plugin.
Parameters: | headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them. |
---|---|
Returns: | A dict of authentication data for the auth type. |
Return type: | dict |
get_auth_ref
(session, **kwargs)¶Obtain a token from an OpenStack Identity Service.
This method is overridden by the various token version plugins.
This method should not be called independently and is expected to be invoked via the do_authenticate() method.
This method will be invoked if the AccessInfo object cached by the plugin is not valid. Thus plugins should always fetch a new AccessInfo when invoked. If you are looking to just retrieve the current auth data then you should use get_access().
Parameters: | session (keystoneclient.session.Session) – A session object that can be used for communication. |
---|---|
Raises: |
|
Returns: | Token access information. |
Return type: |
get_options
()¶Return the list of parameters associated with the auth plugin.
This list may be used to generate CLI or config arguments.
Returns: | A list of Param objects describing available plugin parameters. |
---|---|
Return type: | List |
trust_id
¶keystoneclient.auth.identity.v2.
Password
(auth_url, username=<object object>, password=None, user_id=<object object>, **kwargs)¶Bases: keystoneclient.auth.identity.v2.Auth
A plugin for authenticating with a username and password.
A username or user_id must be provided.
Parameters: |
|
---|---|
Raises: | TypeError – if a user_id or username is not provided. |
get_auth_data
(headers=None)¶Return the authentication section of an auth plugin.
Parameters: | headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them. |
---|---|
Returns: | A dict of authentication data for the auth type. |
Return type: | dict |
get_options
()¶Return the list of parameters associated with the auth plugin.
This list may be used to generate CLI or config arguments.
Returns: | A list of Param objects describing available plugin parameters. |
---|---|
Return type: | List |
load_from_argparse_arguments
(namespace, **kwargs)¶Load a specific plugin object from an argparse result.
Convert the results of a parse into the specified plugin.
Parameters: | namespace (argparse.Namespace) – The result from CLI parsing. |
---|---|
Returns: | An auth plugin, or None if a name is not provided. |
Return type: | keystoneclient.auth.BaseAuthPlugin |
password
¶username
¶keystoneclient.auth.identity.v2.
Token
(auth_url, token, **kwargs)¶Bases: keystoneclient.auth.identity.v2.Auth
A plugin for authenticating with an existing token.
Parameters: |
|
---|
get_auth_data
(headers=None)¶Return the authentication section of an auth plugin.
Parameters: | headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them. |
---|---|
Returns: | A dict of authentication data for the auth type. |
Return type: | dict |
get_options
()¶Return the list of parameters associated with the auth plugin.
This list may be used to generate CLI or config arguments.
Returns: | A list of Param objects describing available plugin parameters. |
---|---|
Return type: | List |
token
¶keystoneclient.auth.identity.
BaseIdentityPlugin
(auth_url=None, username=None, password=None, token=None, trust_id=None, reauthenticate=True)¶Bases: keystoneclient.auth.base.BaseAuthPlugin
MIN_TOKEN_LIFE_SECONDS
= 120¶get_access
(session, **kwargs)¶Fetch or return a current AccessInfo object.
If a valid AccessInfo is present then it is returned otherwise a new one will be fetched.
Parameters: | session (keystoneclient.session.Session) – A session object that can be used for communication. |
---|---|
Raises: | keystoneclient.exceptions.HttpError – An error from an invalid HTTP response. |
Returns: | Valid AccessInfo |
Return type: | keystoneclient.access.AccessInfo |
get_auth_ref
(session, **kwargs)¶Obtain a token from an OpenStack Identity Service.
This method is overridden by the various token version plugins.
This method should not be called independently and is expected to be invoked via the do_authenticate() method.
This method will be invoked if the AccessInfo object cached by the plugin is not valid. Thus plugins should always fetch a new AccessInfo when invoked. If you are looking to just retrieve the current auth data then you should use get_access().
Parameters: | session (keystoneclient.session.Session) – A session object that can be used for communication. |
---|---|
Raises: |
|
Returns: | Token access information. |
Return type: |
get_discovery
(session, url, authenticated=None)¶Return the discovery object for a URL.
Check the session and the plugin cache to see if we have already performed discovery on the URL and if so return it, otherwise create a new discovery object, cache it and return it.
This function is expected to be used by subclasses and should not be needed by users.
Parameters: |
|
---|---|
Raises: |
|
Returns: | A discovery object with the results of looking up that URL. |
get_endpoint
(session, service_type=None, interface=None, region_name=None, service_name=None, version=None, **kwargs)¶Return a valid endpoint for a service.
If a valid token is not present then a new one will be fetched using the session and kwargs.
Parameters: |
|
---|---|
Raises: | keystoneclient.exceptions.HttpError – An error from an invalid HTTP response. |
Returns: | A valid endpoint URL or None if not available. |
Return type: | string or None |
get_options
()¶Return the list of parameters associated with the auth plugin.
This list may be used to generate CLI or config arguments.
Returns: | A list of Param objects describing available plugin parameters. |
---|---|
Return type: | List |
get_project_id
(session, **kwargs)¶Return the project id that we are authenticated to.
Wherever possible the project id should be inferred from the token however there are certain URLs and other places that require access to the currently authenticated project id.
Parameters: | session (keystoneclient.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A project identifier or None if one is not available. |
Return type: | str |
get_token
(session, **kwargs)¶Return a valid auth token.
If a valid token is not present then a new one will be fetched.
Parameters: | session (keystoneclient.session.Session) – A session object that can be used for communication. |
---|---|
Raises: | keystoneclient.exceptions.HttpError – An error from an invalid HTTP response. |
Returns: | A valid token. |
Return type: | string |
get_user_id
(session, **kwargs)¶Return a unique user identifier of the plugin.
Wherever possible the user id should be inferred from the token however there are certain URLs and other places that require access to the currently authenticated user id.
Parameters: | session (keystoneclient.session.Session) – A session object so the plugin can make HTTP calls. |
---|---|
Returns: | A user identifier or None if one is not available. |
Return type: | str |
invalidate
()¶Invalidate the current authentication data.
This should result in fetching a new token on next call.
A plugin may be invalidated if an Unauthorized HTTP response is returned to indicate that the token may have been revoked or is otherwise now invalid.
Returns: | True if there was something that the plugin did to invalidate. This means that it makes sense to try again. If nothing happens returns False to indicate give up. |
---|---|
Return type: | bool |
password
¶Deprecated as of the 1.7.0 release.
It may be removed in the 2.0.0 release.
token
¶Deprecated as of the 1.7.0 release.
It may be removed in the 2.0.0 release.
trust_id
¶Deprecated as of the 1.7.0 release.
It may be removed in the 2.0.0 release.
username
¶Deprecated as of the 1.7.0 release.
It may be removed in the 2.0.0 release.
keystoneclient.auth.identity.
Password
(auth_url, username=None, user_id=None, password=None, user_domain_id=None, user_domain_name=None, **kwargs)¶Bases: keystoneclient.auth.identity.generic.base.BaseGenericPlugin
A common user/password authentication plugin.
Parameters: |
|
---|
create_plugin
(session, version, url, raw_status=None)¶Create a plugin from the given parameters.
This function will be called multiple times with the version and url of a potential endpoint. If a plugin can be constructed that fits the params then it should return it. If not return None and then another call will be made with other available URLs.
Parameters: |
|
---|---|
Returns: | A plugin that can match the parameters or None if nothing. |
get_options
()¶Return the list of parameters associated with the auth plugin.
This list may be used to generate CLI or config arguments.
Returns: | A list of Param objects describing available plugin parameters. |
---|---|
Return type: | List |
load_from_argparse_arguments
(namespace, **kwargs)¶Load a specific plugin object from an argparse result.
Convert the results of a parse into the specified plugin.
Parameters: | namespace (argparse.Namespace) – The result from CLI parsing. |
---|---|
Returns: | An auth plugin, or None if a name is not provided. |
Return type: | keystoneclient.auth.BaseAuthPlugin |
keystoneclient.auth.identity.
Token
(auth_url, token=None, **kwargs)¶Bases: keystoneclient.auth.identity.generic.base.BaseGenericPlugin
Generic token auth plugin.
Parameters: | token (string) – Token for authentication. |
---|
create_plugin
(session, version, url, raw_status=None)¶Create a plugin from the given parameters.
This function will be called multiple times with the version and url of a potential endpoint. If a plugin can be constructed that fits the params then it should return it. If not return None and then another call will be made with other available URLs.
Parameters: |
|
---|---|
Returns: | A plugin that can match the parameters or None if nothing. |
get_options
()¶Return the list of parameters associated with the auth plugin.
This list may be used to generate CLI or config arguments.
Returns: | A list of Param objects describing available plugin parameters. |
---|---|
Return type: | List |
keystoneclient.auth.identity.
V2Password
¶keystoneclient.auth.identity.
V2Token
¶keystoneclient.auth.identity.
V3Password
¶keystoneclient.auth.identity.
V3Token
¶Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.