keystone.token.providers package

Subpackages

• keystone.token.providers.fernet package
  • Submodules
  • keystone.token.providers.fernet.core module
  • keystone.token.providers.fernet.token_formatters module
  • Module contents

Submodules

keystone.token.providers.base module

class keystone.token.providers.base.Provider

Bases: object

Interface description for a Token provider.

get_token_version(token_data)

Return the version of the given token data.

If the given token data is unrecognizable, UnsupportedTokenVersionException is raised.

Parameters:token_data (dict) – token_data Returns:token version string Raises keystone.exception.UnsupportedTokenVersionException:  If the token version is not expected.

issue_token(user_id, method_names, expires_at=None, project_id=None, domain_id=None, auth_context=None, trust=None, include_catalog=True, parent_audit_id=None)

Issue a V3 Token.

Parameters:

• user_id (string) – identity of the user
• method_names (list) – names of authentication methods
• expires_at (string) – optional time the token will expire
• project_id (string) – optional project identity
• domain_id (string) – optional domain identity
• auth_context (dict) – optional context from the authorization plugins
• trust (dict) – optional trust reference
• include_catalog (boolean) – optional, include the catalog in token data
• parent_audit_id (string) – optional, the audit id of the parent token

Returns:

(token_id, token_data)

needs_persistence()

Determine if the token should be persisted.

If the token provider requires that the token be persisted to a backend this should return True, otherwise return False.

validate_token(token_ref)

Validate the given V3 token and return the token_data.

Parameters:token_ref (dict) – the token reference Returns:token data Raises keystone.exception.TokenNotFound:  If the token doesn’t exist.

keystone.token.providers.common module

class keystone.token.providers.common.BaseProvider(*args, **kwargs)

Bases: keystone.token.providers.base.Provider

get_token_version(token_data)

issue_token(user_id, method_names, expires_at=None, project_id=None, domain_id=None, auth_context=None, trust=None, include_catalog=True, parent_audit_id=None)

validate_token(token_id)

class keystone.token.providers.common.V3TokenDataHelper(*args, **kwargs)

Bases: object

Token data helper.

get_token_data(user_id, method_names, domain_id=None, project_id=None, expires=None, trust=None, token=None, include_catalog=True, bind=None, access_token=None, issued_at=None, audit_info=None)

populate_roles_for_federated_user(token_data, group_ids, project_id=None, domain_id=None, user_id=None)

Populate roles basing on provided groups and project/domain.

Used for federated users with dynamically assigned groups. This method does not return anything, yet it modifies token_data in place.

Parameters:

• token_data – a dictionary used for building token response
• group_ids – list of group IDs a user is a member of
• project_id – project ID to scope to
• domain_id – domain ID to scope to
• user_id – user ID

Raises keystone.exception.Unauthorized:  

when no roles were found

keystone.token.providers.common.build_audit_info(parent_audit_id=None)

Build the audit data for a token.

If parent_audit_id is None, the list will be one element in length containing a newly generated audit_id.

If parent_audit_id is supplied, the list will be two elements in length containing a newly generated audit_id and the parent_audit_id. The parent_audit_id will always be element index 1 in the resulting list.

Parameters:parent_audit_id (str) – the audit of the original token in the chain Returns:Keystone token audit data

keystone.token.providers.common.default_expire_time()

Determine when a fresh token should expire.

Expiration time varies based on configuration (see [token] expiration).

Returns:a naive UTC datetime.datetime object

keystone.token.providers.common.random_urlsafe_str()

Generate a random URL-safe string.

Return type:six.text_type

keystone.token.providers.uuid module

Keystone UUID Token Provider.

class keystone.token.providers.uuid.Provider(*args, **kwargs)

Bases: keystone.token.providers.common.BaseProvider

needs_persistence()

Should the token be written to a backend.

Module contents