The User Class

class openstack_auth.user.Token(auth_ref, unscoped_token=None)[source]

Encapsulates the AccessInfo object from keystoneclient.

Token object provides a consistent interface for accessing the keystone token information and service catalog.

Added for maintaining backward compatibility with horizon that expects Token object in the user object.

class openstack_auth.user.User(id=None, token=None, user=None, tenant_id=None, service_catalog=None, tenant_name=None, roles=None, authorized_tenants=None, endpoint=None, enabled=False, services_region=None, user_domain_id=None, user_domain_name=None, domain_id=None, domain_name=None, project_id=None, project_name=None, is_federated=False, unscoped_token=None, password=None)[source]

A User class with some extra special sauce for Keystone.

In addition to the standard Django user attributes, this class also has the following:

token

The Keystone token object associated with the current user/tenant.

The token object is deprecated, user auth_ref instead.

tenant_id

The id of the Keystone tenant for the current user/token.

The tenant_id keyword argument is deprecated, use project_id instead.

tenant_name

The name of the Keystone tenant for the current user/token.

The tenant_name keyword argument is deprecated, use project_name instead.

project_id

The id of the Keystone project for the current user/token.

project_name

The name of the Keystone project for the current user/token.

service_catalog

The ServiceCatalog data returned by Keystone.

roles

A list of dictionaries containing role names and ids as returned by Keystone.

services_region

A list of non-identity service endpoint regions extracted from the service catalog.

user_domain_id

The domain id of the current user.

user_domain_name

The domain name of the current user.

domain_id

The id of the Keystone domain scoped for the current user/token.

is_federated

Whether user is federated Keystone user. (Boolean)

unscoped_token

Unscoped Keystone token.

authorized_tenants

Returns a memoized list of tenants this user may access.

available_services_regions

Returns list of unique region name values in service catalog.

has_a_matching_perm(perm_list, obj=None)[source]

Returns True if the user has one of the specified permissions.

If object is passed, it checks if the user has any of the required perms for this object.

has_perms(perm_list, obj=None)[source]

Returns True if the user has all of the specified permissions.

Tuples in the list will possess the required permissions if the user has a permissions matching one of the elements of that tuple

is_anonymous(margin=None)[source]

Return if the user is not authenticated.

Returns True if not authenticated,``False`` otherwise.

Parameters:margin – A security time margin in seconds before end of an eventual authentication. Will return True even if authenticated but that authentication ends in less than margin seconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.
is_authenticated(margin=None)[source]

Checks for a valid authentication.

Parameters:margin – A security time margin in seconds before end of authentication. Will return False if authentication ends in less than margin seconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.
is_superuser

Evaluates whether this user has admin privileges.

Returns True or False.

is_token_expired(margin=None)[source]

Determine if the token is expired.

Returns True if the token is expired, False if not, and None if there is no token set.

Parameters:margin – A security time margin in seconds before real expiration. Will return True if the token expires in less than margin seconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.