keystone.auth package¶
Subpackages¶
- keystone.auth.plugins package
- Submodules
- keystone.auth.plugins.base module
- keystone.auth.plugins.core module
- keystone.auth.plugins.external module
- keystone.auth.plugins.mapped module
- keystone.auth.plugins.oauth1 module
- keystone.auth.plugins.password module
- keystone.auth.plugins.token module
- keystone.auth.plugins.totp module
- Module contents
Submodules¶
keystone.auth.controllers module¶
-
class
keystone.auth.controllers.
Auth
(*args, **kw)[source]¶ Bases:
keystone.common.controller.V3Controller
-
collection_name
= 'tokens'¶
-
member_name
= 'token'¶
-
keystone.auth.core module¶
-
class
keystone.auth.core.
AuthContext
[source]¶ Bases:
dict
Retrofitting auth_context to reconcile identity attributes.
The identity attributes must not have conflicting values among the auth plug-ins. The only exception is expires_at, which is set to its earliest value.
-
IDENTITY_ATTRIBUTES
= frozenset(['domain_id', 'project_id', 'user_id', 'expires_at', 'access_token_id'])¶
-
-
class
keystone.auth.core.
AuthInfo
(*args, **kwargs)[source]¶ Bases:
object
Encapsulation of “auth” request.
-
get_scope
()[source]¶ Get scope information.
Verify and return the scoping information.
Returns: (domain_id, project_id, trust_ref, unscoped). If scope to a project, (None, project_id, None, None) will be returned. If scoped to a domain, (domain_id, None, None, None) will be returned. If scoped to a trust, (None, project_id, trust_ref, None), Will be returned, where the project_id comes from the trust definition. If unscoped, (None, None, None, ‘unscoped’) will be returned.
-
-
class
keystone.auth.core.
UserMFARulesValidator
(*args, **kwargs)[source]¶ Bases:
object
Helper object that can validate the MFA Rules.
-
check_auth_methods_against_rules
(user_id, auth_methods)[source]¶ Validate the MFA rules against the successful auth methods.
Parameters: - user_id (str) – The user’s ID (uuid).
- auth_methods (set) – List of methods that were used for auth
Returns: Boolean,
True
means rules match and auth may proceed,False
means rules do not match.
-