keystoneclient.auth.identity.v3 package

updated: 2020-01-09 19:19

keystoneclient.auth.identity.v3 package¶

Submodules¶

keystoneclient.auth.identity.v3.base module¶

class keystoneclient.auth.identity.v3.base.Auth(auth_url, auth_methods, **kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.BaseAuth

Identity V3 Authentication Plugin.

Parameters:

Parameters:	auth_url (string) – Identity service endpoint for authentication. auth_methods (List) – A collection of methods to authenticate with. trust_id (string) – Trust ID for trust scoping. domain_id (string) – Domain ID for domain scoping. domain_name (string) – Domain name for domain scoping. project_id (string) – Project ID for project scoping. project_name (string) – Project name for project scoping. project_domain_id (string) – Project’s domain ID for project. project_domain_name (string) – Project’s domain name for project. reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True include_catalog (bool) – Include the service catalog in the returned token. (optional) default True. unscoped (bool) – Force the return of an unscoped token. This will make the keystone server return an unscoped token even if a default_project_id is set for this user.

auth_url (string) – Identity service endpoint for authentication.
auth_methods (List) – A collection of methods to authenticate with.
trust_id (string) – Trust ID for trust scoping.
domain_id (string) – Domain ID for domain scoping.
domain_name (string) – Domain name for domain scoping.
project_id (string) – Project ID for project scoping.
project_name (string) – Project name for project scoping.
project_domain_id (string) – Project’s domain ID for project.
project_domain_name (string) – Project’s domain name for project.
reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True
include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.
unscoped (bool) – Force the return of an unscoped token. This will make the keystone server return an unscoped token even if a default_project_id is set for this user.

get_auth_ref(session, **kwargs)¶

Obtain a token from an OpenStack Identity Service.

This method is overridden by the various token version plugins.

This method should not be called independently and is expected to be invoked via the do_authenticate() method.

This method will be invoked if the AccessInfo object cached by the plugin is not valid. Thus plugins should always fetch a new AccessInfo when invoked. If you are looking to just retrieve the current auth data then you should use get_access().

Parameters:	session (keystoneclient.session.Session) – A session object that can be used for communication.
Raises:	keystoneclient.exceptions.InvalidResponse – The response returned wasn’t appropriate. keystoneclient.exceptions.HttpError – An error from an invalid HTTP response.
Returns:	Token access information.
Return type:	`keystoneclient.access.AccessInfo`

class keystoneclient.auth.identity.v3.base.AuthMethod(**kwargs)¶

Bases: object

One part of a V3 Authentication strategy.

V3 Tokens allow multiple methods to be presented when authentication against the server. Each one of these methods is implemented by an AuthMethod.

Note: When implementing an AuthMethod use the method_parameters and do not use positional arguments. Otherwise they can’t be picked up by the factory method and don’t work as well with AuthConstructors.

get_auth_data(session, auth, headers, **kwargs)¶

Return the authentication section of an auth plugin.

Parameters:	session (keystoneclient.session.Session) – The communication session. auth (base.Auth) – The auth plugin calling the method. headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them.
Returns:	The identifier of this plugin and a dict of authentication data for the auth type.
Return type:	tuple(string, dict)

class keystoneclient.auth.identity.v3.base.AuthConstructor(auth_url, *args, **kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.Auth

Abstract base class for creating an Auth Plugin.

The Auth Plugin created contains only one authentication method. This is generally the required usage.

An AuthConstructor creates an AuthMethod based on the method’s arguments and the auth_method_class defined by the plugin. It then creates the auth plugin with only that authentication method.

class keystoneclient.auth.identity.v3.base.BaseAuth(auth_url, trust_id=None, domain_id=None, domain_name=None, project_id=None, project_name=None, project_domain_id=None, project_domain_name=None, reauthenticate=True, include_catalog=True)¶

Bases: keystoneclient.auth.identity.base.BaseIdentityPlugin

Identity V3 Authentication Plugin.

Parameters:

Parameters:	auth_url (string) – Identity service endpoint for authentication. auth_methods (List) – A collection of methods to authenticate with. trust_id (string) – Trust ID for trust scoping. domain_id (string) – Domain ID for domain scoping. domain_name (string) – Domain name for domain scoping. project_id (string) – Project ID for project scoping. project_name (string) – Project name for project scoping. project_domain_id (string) – Project’s domain ID for project. project_domain_name (string) – Project’s domain name for project. reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.

auth_url (string) – Identity service endpoint for authentication.
auth_methods (List) – A collection of methods to authenticate with.
trust_id (string) – Trust ID for trust scoping.
domain_id (string) – Domain ID for domain scoping.
domain_name (string) – Domain name for domain scoping.
project_id (string) – Project ID for project scoping.
project_name (string) – Project name for project scoping.
project_domain_id (string) – Project’s domain ID for project.
project_domain_name (string) – Project’s domain name for project.
reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True
include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.

get_auth_ref(session, **kwargs)¶

Obtain a token from an OpenStack Identity Service.

This method is overridden by the various token version plugins.

This method should not be called independently and is expected to be invoked via the do_authenticate() method.

Parameters:	session (keystoneclient.session.Session) – A session object that can be used for communication.
Raises:	keystoneclient.exceptions.InvalidResponse – The response returned wasn’t appropriate. keystoneclient.exceptions.HttpError – An error from an invalid HTTP response.
Returns:	Token access information.
Return type:	`keystoneclient.access.AccessInfo`

classmethod get_options()¶

Return the list of parameters associated with the auth plugin.

This list may be used to generate CLI or config arguments.

Returns:	A list of Param objects describing available plugin parameters.
Return type:	List

token_url¶: The full URL where we will send authentication data.

trust_id¶

keystoneclient.auth.identity.v3.federated module¶

class keystoneclient.auth.identity.v3.federated.FederatedBaseAuth(auth_url, identity_provider, protocol, **kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.BaseAuth

federated_token_url¶: Full URL where authorization data is sent.

get_auth_ref(session, **kwargs)¶

Authenticate retrieve token information.

This is a multi-step process where a client does federated authn receives an unscoped token.

If an unscoped token is successfully received and scoping information is present then the token is rescoped to that target.

Parameters:	session (keystoneclient.session.Session) – a session object to send out HTTP requests.
Returns:	a token data representation
Return type:	`keystoneclient.access.AccessInfo`

classmethod get_options()¶

Return the list of parameters associated with the auth plugin.

This list may be used to generate CLI or config arguments.

Returns:	A list of Param objects describing available plugin parameters.
Return type:	List

get_unscoped_auth_ref(session, **kwargs)¶: Fetch unscoped federated token.

rescoping_plugin¶: alias of keystoneclient.auth.identity.v3.token.Token

keystoneclient.auth.identity.v3.password module¶

class keystoneclient.auth.identity.v3.password.PasswordMethod(**kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.AuthMethod

Construct a User/Password based authentication method.

Parameters:	password (string) – Password for authentication. username (string) – Username for authentication. user_id (string) – User ID for authentication. user_domain_id (string) – User’s domain ID for authentication. user_domain_name (string) – User’s domain name for authentication.

get_auth_data(session, auth, headers, **kwargs)¶

Return the authentication section of an auth plugin.

Parameters:	session (keystoneclient.session.Session) – The communication session. auth (base.Auth) – The auth plugin calling the method. headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them.
Returns:	The identifier of this plugin and a dict of authentication data for the auth type.
Return type:	tuple(string, dict)

class keystoneclient.auth.identity.v3.password.Password(auth_url, *args, **kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.AuthConstructor

A plugin for authenticating with a username and password.

Parameters:

Parameters:	auth_url (string) – Identity service endpoint for authentication. password (string) – Password for authentication. username (string) – Username for authentication. user_id (string) – User ID for authentication. user_domain_id (string) – User’s domain ID for authentication. user_domain_name (string) – User’s domain name for authentication. trust_id (string) – Trust ID for trust scoping. domain_id (string) – Domain ID for domain scoping. domain_name (string) – Domain name for domain scoping. project_id (string) – Project ID for project scoping. project_name (string) – Project name for project scoping. project_domain_id (string) – Project’s domain ID for project. project_domain_name (string) – Project’s domain name for project. reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

auth_url (string) – Identity service endpoint for authentication.
password (string) – Password for authentication.
username (string) – Username for authentication.
user_id (string) – User ID for authentication.
user_domain_id (string) – User’s domain ID for authentication.
user_domain_name (string) – User’s domain name for authentication.
trust_id (string) – Trust ID for trust scoping.
domain_id (string) – Domain ID for domain scoping.
domain_name (string) – Domain name for domain scoping.
project_id (string) – Project ID for project scoping.
project_name (string) – Project name for project scoping.
project_domain_id (string) – Project’s domain ID for project.
project_domain_name (string) – Project’s domain name for project.
reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

classmethod get_options()¶

Return the list of parameters associated with the auth plugin.

This list may be used to generate CLI or config arguments.

Returns:	A list of Param objects describing available plugin parameters.
Return type:	List

classmethod load_from_argparse_arguments(namespace, **kwargs)¶

Load a specific plugin object from an argparse result.

Convert the results of a parse into the specified plugin.

Parameters:	namespace (argparse.Namespace) – The result from CLI parsing.
Returns:	An auth plugin, or None if a name is not provided.
Return type:	`keystoneclient.auth.BaseAuthPlugin`

keystoneclient.auth.identity.v3.token module¶

class keystoneclient.auth.identity.v3.token.TokenMethod(**kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.AuthMethod

Construct an Auth plugin to fetch a token from a token.

Parameters:	token (string) – Token for authentication.

get_auth_data(session, auth, headers, **kwargs)¶

Return the authentication section of an auth plugin.

Parameters:	session (keystoneclient.session.Session) – The communication session. auth (base.Auth) – The auth plugin calling the method. headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them.
Returns:	The identifier of this plugin and a dict of authentication data for the auth type.
Return type:	tuple(string, dict)

class keystoneclient.auth.identity.v3.token.Token(auth_url, token, **kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.AuthConstructor

A plugin for authenticating with an existing Token.

Parameters:

Parameters:	auth_url (string) – Identity service endpoint for authentication. token (string) – Token for authentication. trust_id (string) – Trust ID for trust scoping. domain_id (string) – Domain ID for domain scoping. domain_name (string) – Domain name for domain scoping. project_id (string) – Project ID for project scoping. project_name (string) – Project name for project scoping. project_domain_id (string) – Project’s domain ID for project. project_domain_name (string) – Project’s domain name for project. reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

auth_url (string) – Identity service endpoint for authentication.
token (string) – Token for authentication.
trust_id (string) – Trust ID for trust scoping.
domain_id (string) – Domain ID for domain scoping.
domain_name (string) – Domain name for domain scoping.
project_id (string) – Project ID for project scoping.
project_name (string) – Project name for project scoping.
project_domain_id (string) – Project’s domain ID for project.
project_domain_name (string) – Project’s domain name for project.
reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

classmethod get_options()¶

Return the list of parameters associated with the auth plugin.

This list may be used to generate CLI or config arguments.

Returns:	A list of Param objects describing available plugin parameters.
Return type:	List

Module contents¶

class keystoneclient.auth.identity.v3.Auth(auth_url, auth_methods, **kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.BaseAuth

Identity V3 Authentication Plugin.

Parameters:

Parameters:	auth_url (string) – Identity service endpoint for authentication. auth_methods (List) – A collection of methods to authenticate with. trust_id (string) – Trust ID for trust scoping. domain_id (string) – Domain ID for domain scoping. domain_name (string) – Domain name for domain scoping. project_id (string) – Project ID for project scoping. project_name (string) – Project name for project scoping. project_domain_id (string) – Project’s domain ID for project. project_domain_name (string) – Project’s domain name for project. reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True include_catalog (bool) – Include the service catalog in the returned token. (optional) default True. unscoped (bool) – Force the return of an unscoped token. This will make the keystone server return an unscoped token even if a default_project_id is set for this user.

auth_url (string) – Identity service endpoint for authentication.
auth_methods (List) – A collection of methods to authenticate with.
trust_id (string) – Trust ID for trust scoping.
domain_id (string) – Domain ID for domain scoping.
domain_name (string) – Domain name for domain scoping.
project_id (string) – Project ID for project scoping.
project_name (string) – Project name for project scoping.
project_domain_id (string) – Project’s domain ID for project.
project_domain_name (string) – Project’s domain name for project.
reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True
include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.
unscoped (bool) – Force the return of an unscoped token. This will make the keystone server return an unscoped token even if a default_project_id is set for this user.

get_auth_ref(session, **kwargs)¶

Obtain a token from an OpenStack Identity Service.

This method is overridden by the various token version plugins.

This method should not be called independently and is expected to be invoked via the do_authenticate() method.

Parameters:	session (keystoneclient.session.Session) – A session object that can be used for communication.
Raises:	keystoneclient.exceptions.InvalidResponse – The response returned wasn’t appropriate. keystoneclient.exceptions.HttpError – An error from an invalid HTTP response.
Returns:	Token access information.
Return type:	`keystoneclient.access.AccessInfo`

class keystoneclient.auth.identity.v3.AuthConstructor(auth_url, *args, **kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.Auth

Abstract base class for creating an Auth Plugin.

The Auth Plugin created contains only one authentication method. This is generally the required usage.

An AuthConstructor creates an AuthMethod based on the method’s arguments and the auth_method_class defined by the plugin. It then creates the auth plugin with only that authentication method.

class keystoneclient.auth.identity.v3.AuthMethod(**kwargs)¶

Bases: object

One part of a V3 Authentication strategy.

V3 Tokens allow multiple methods to be presented when authentication against the server. Each one of these methods is implemented by an AuthMethod.

get_auth_data(session, auth, headers, **kwargs)¶

Return the authentication section of an auth plugin.

Parameters:	session (keystoneclient.session.Session) – The communication session. auth (base.Auth) – The auth plugin calling the method. headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them.
Returns:	The identifier of this plugin and a dict of authentication data for the auth type.
Return type:	tuple(string, dict)

class keystoneclient.auth.identity.v3.BaseAuth(auth_url, trust_id=None, domain_id=None, domain_name=None, project_id=None, project_name=None, project_domain_id=None, project_domain_name=None, reauthenticate=True, include_catalog=True)¶

Bases: keystoneclient.auth.identity.base.BaseIdentityPlugin

Identity V3 Authentication Plugin.

Parameters:

Parameters:	auth_url (string) – Identity service endpoint for authentication. auth_methods (List) – A collection of methods to authenticate with. trust_id (string) – Trust ID for trust scoping. domain_id (string) – Domain ID for domain scoping. domain_name (string) – Domain name for domain scoping. project_id (string) – Project ID for project scoping. project_name (string) – Project name for project scoping. project_domain_id (string) – Project’s domain ID for project. project_domain_name (string) – Project’s domain name for project. reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.

auth_url (string) – Identity service endpoint for authentication.
auth_methods (List) – A collection of methods to authenticate with.
trust_id (string) – Trust ID for trust scoping.
domain_id (string) – Domain ID for domain scoping.
domain_name (string) – Domain name for domain scoping.
project_id (string) – Project ID for project scoping.
project_name (string) – Project name for project scoping.
project_domain_id (string) – Project’s domain ID for project.
project_domain_name (string) – Project’s domain name for project.
reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True
include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.

get_auth_ref(session, **kwargs)¶

Obtain a token from an OpenStack Identity Service.

This method is overridden by the various token version plugins.

This method should not be called independently and is expected to be invoked via the do_authenticate() method.

Parameters:	session (keystoneclient.session.Session) – A session object that can be used for communication.
Raises:	keystoneclient.exceptions.InvalidResponse – The response returned wasn’t appropriate. keystoneclient.exceptions.HttpError – An error from an invalid HTTP response.
Returns:	Token access information.
Return type:	`keystoneclient.access.AccessInfo`

classmethod get_options()¶

Return the list of parameters associated with the auth plugin.

This list may be used to generate CLI or config arguments.

Returns:	A list of Param objects describing available plugin parameters.
Return type:	List

token_url¶: The full URL where we will send authentication data.

trust_id¶

class keystoneclient.auth.identity.v3.FederatedBaseAuth(auth_url, identity_provider, protocol, **kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.BaseAuth

federated_token_url¶: Full URL where authorization data is sent.

get_auth_ref(session, **kwargs)¶

Authenticate retrieve token information.

This is a multi-step process where a client does federated authn receives an unscoped token.

If an unscoped token is successfully received and scoping information is present then the token is rescoped to that target.

Parameters:	session (keystoneclient.session.Session) – a session object to send out HTTP requests.
Returns:	a token data representation
Return type:	`keystoneclient.access.AccessInfo`

classmethod get_options()¶

Return the list of parameters associated with the auth plugin.

This list may be used to generate CLI or config arguments.

Returns:	A list of Param objects describing available plugin parameters.
Return type:	List

get_unscoped_auth_ref(session, **kwargs)¶: Fetch unscoped federated token.

rescoping_plugin¶: alias of keystoneclient.auth.identity.v3.token.Token

class keystoneclient.auth.identity.v3.Password(auth_url, *args, **kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.AuthConstructor

A plugin for authenticating with a username and password.

Parameters:

Parameters:	auth_url (string) – Identity service endpoint for authentication. password (string) – Password for authentication. username (string) – Username for authentication. user_id (string) – User ID for authentication. user_domain_id (string) – User’s domain ID for authentication. user_domain_name (string) – User’s domain name for authentication. trust_id (string) – Trust ID for trust scoping. domain_id (string) – Domain ID for domain scoping. domain_name (string) – Domain name for domain scoping. project_id (string) – Project ID for project scoping. project_name (string) – Project name for project scoping. project_domain_id (string) – Project’s domain ID for project. project_domain_name (string) – Project’s domain name for project. reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

auth_url (string) – Identity service endpoint for authentication.
password (string) – Password for authentication.
username (string) – Username for authentication.
user_id (string) – User ID for authentication.
user_domain_id (string) – User’s domain ID for authentication.
user_domain_name (string) – User’s domain name for authentication.
trust_id (string) – Trust ID for trust scoping.
domain_id (string) – Domain ID for domain scoping.
domain_name (string) – Domain name for domain scoping.
project_id (string) – Project ID for project scoping.
project_name (string) – Project name for project scoping.
project_domain_id (string) – Project’s domain ID for project.
project_domain_name (string) – Project’s domain name for project.
reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

classmethod get_options()¶

Return the list of parameters associated with the auth plugin.

This list may be used to generate CLI or config arguments.

Returns:	A list of Param objects describing available plugin parameters.
Return type:	List

classmethod load_from_argparse_arguments(namespace, **kwargs)¶

Load a specific plugin object from an argparse result.

Convert the results of a parse into the specified plugin.

Parameters:	namespace (argparse.Namespace) – The result from CLI parsing.
Returns:	An auth plugin, or None if a name is not provided.
Return type:	`keystoneclient.auth.BaseAuthPlugin`

class keystoneclient.auth.identity.v3.PasswordMethod(**kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.AuthMethod

Construct a User/Password based authentication method.

Parameters:	password (string) – Password for authentication. username (string) – Username for authentication. user_id (string) – User ID for authentication. user_domain_id (string) – User’s domain ID for authentication. user_domain_name (string) – User’s domain name for authentication.

get_auth_data(session, auth, headers, **kwargs)¶

Return the authentication section of an auth plugin.

Parameters:	session (keystoneclient.session.Session) – The communication session. auth (base.Auth) – The auth plugin calling the method. headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them.
Returns:	The identifier of this plugin and a dict of authentication data for the auth type.
Return type:	tuple(string, dict)

class keystoneclient.auth.identity.v3.Token(auth_url, token, **kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.AuthConstructor

A plugin for authenticating with an existing Token.

Parameters:

Parameters:	auth_url (string) – Identity service endpoint for authentication. token (string) – Token for authentication. trust_id (string) – Trust ID for trust scoping. domain_id (string) – Domain ID for domain scoping. domain_name (string) – Domain name for domain scoping. project_id (string) – Project ID for project scoping. project_name (string) – Project name for project scoping. project_domain_id (string) – Project’s domain ID for project. project_domain_name (string) – Project’s domain name for project. reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

auth_url (string) – Identity service endpoint for authentication.
token (string) – Token for authentication.
trust_id (string) – Trust ID for trust scoping.
domain_id (string) – Domain ID for domain scoping.
domain_name (string) – Domain name for domain scoping.
project_id (string) – Project ID for project scoping.
project_name (string) – Project name for project scoping.
project_domain_id (string) – Project’s domain ID for project.
project_domain_name (string) – Project’s domain name for project.
reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

classmethod get_options()¶

Return the list of parameters associated with the auth plugin.

This list may be used to generate CLI or config arguments.

Returns:	A list of Param objects describing available plugin parameters.
Return type:	List

class keystoneclient.auth.identity.v3.TokenMethod(**kwargs)¶

Bases: keystoneclient.auth.identity.v3.base.AuthMethod

Construct an Auth plugin to fetch a token from a token.

Parameters:	token (string) – Token for authentication.

get_auth_data(session, auth, headers, **kwargs)¶

Return the authentication section of an auth plugin.

Parameters:	session (keystoneclient.session.Session) – The communication session. auth (base.Auth) – The auth plugin calling the method. headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them.
Returns:	The identifier of this plugin and a dict of authentication data for the auth type.
Return type:	tuple(string, dict)

updated: 2020-01-09 19:19

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.