keystone.token.controllers.
Auth
(*args, **kwargs)[source]¶Bases: keystone.common.controller.V2Controller
authenticate
(*args, **kwargs)[source]¶Authenticate credentials and return a token.
Accept auth as a dict that looks like:
{
"auth":{
"passwordCredentials":{
"username":"test_user",
"password":"mypass"
},
"tenantName":"customer-x"
}
}
In this case, tenant is optional, if not provided the token will be considered “unscoped” and can later be used to get a scoped token.
Alternatively, this call accepts auth with only a token and tenant that will return a token that is scoped to that tenant.
format_endpoint_list
(catalog_ref)[source]¶Format a list of endpoints according to Identity API v2.
The v2.0 API wants an endpoint list to look like:
{
'endpoints': [
{
'id': $endpoint_id,
'name': $SERVICE[name],
'type': $SERVICE,
'tenantId': $tenant_id,
'region': $REGION,
}
],
'endpoints_links': [],
}
keystone.token.controllers.
BaseAuthenticationMethod
(*args, **kwargs)[source]¶Bases: object
Common utilities/dependencies for all authentication method classes.
keystone.token.controllers.
ExternalAuthNotApplicable
[source]¶Bases: exceptions.Exception
External authentication is not applicable.
keystone.token.controllers.
ExternalAuthenticationMethod
(*args, **kwargs)[source]¶Bases: keystone.token.controllers.BaseAuthenticationMethod
Authenticate using an external authentication method.
authenticate
(request, auth)[source]¶Try to authenticate an external user via REMOTE_USER variable.
Parameters: |
|
---|---|
Returns: | A tuple containing the user reference, project identifier, token expiration, bind information, and original audit information. |
keystone.token.controllers.
LocalAuthenticationMethod
(*args, **kwargs)[source]¶Bases: keystone.token.controllers.BaseAuthenticationMethod
Authenticate against a local backend using password credentials.
authenticate
(request, auth)[source]¶Try to authenticate against the identity backend.
Parameters: |
|
---|---|
Returns: | A tuple containing the user reference, project identifier, token expiration, bind information, and original audit information. |
keystone.token.controllers.
TokenAuthenticationMethod
(*args, **kwargs)[source]¶Bases: keystone.token.controllers.BaseAuthenticationMethod
Authenticate using an existing token.
authenticate
(request, auth)[source]¶Try to authenticate using an already existing token.
Parameters: |
|
---|---|
Returns: | A tuple containing the user reference, project identifier, token expiration, bind information, and original audit information. |
keystone.token.controllers.
V2TokenDataHelper
(*args, **kwargs)[source]¶Bases: object
Create V2 token data.
format_catalog
(catalog_ref)[source]¶Munge catalogs from internal to output format.
Internal catalogs look like:
{$REGION: {
{$SERVICE: {
$key1: $value1,
...
}
}
}
The legacy api wants them to look like:
[{'name': $SERVICE[name],
'type': $SERVICE,
'endpoints': [{
'tenantId': $tenant_id,
...
'region': $REGION,
}],
'endpoints_links': [],
}]
v3_to_v2_token
(v3_token_data, token_id)[source]¶Convert v3 token data into v2.0 token data.
This method expects a dictionary generated from V3TokenDataHelper.get_token_data() and converts it to look like a v2.0 token dictionary.
Parameters: |
|
---|---|
Returns: | dictionary formatted for v2 tokens |
Raises: | keystone.exception.Unauthorized – If a specific token type is not supported in v2. |
keystone.token.controllers.
authentication_method_generator
(request, auth)[source]¶Given an request return a suitable authentication method.
This is simply a generator to handle matching an authentication request with the appropriate authentication method.
Parameters: | auth – Dictionary containing authentication information from the request. |
---|---|
Returns: | An authentication method class object. |
Token provider interface.
keystone.token.provider.
Manager
(*args, **kwargs)[source]¶Bases: keystone.common.manager.Manager
Default pivot point for the token provider backend.
See keystone.common.manager.Manager
for more details on how this
dynamically calls the backend.
INVALIDATE_PROJECT_TOKEN_PERSISTENCE
= 'invalidate_project_tokens'¶INVALIDATE_USER_TOKEN_PERSISTENCE
= 'invalidate_user_tokens'¶V2
= 'v2.0'¶V3
= 'v3.0'¶VERSIONS
= frozenset(['v3.0', 'v2.0'])¶driver_namespace
= 'keystone.token.provider'¶Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.