Bases: object
Assemble the payload of a token.
Parameters: |
|
---|---|
Returns: | the payload of a token |
Attempt to convert value to bytes or return value.
Parameters: | value – value to attempt to convert to bytes |
---|---|
Returns: | tuple containing boolean indicating whether user_id was stored as bytes and uuid value as bytes or the original value |
Generate uuid.hex format based on byte string.
Parameters: | uuid_byte_string – uuid string to generate from |
---|---|
Returns: | uuid hex formatted string |
Compress UUID formatted strings to bytes.
Parameters: | uuid_string – uuid string to compress to bytes |
---|---|
Returns: | a byte representation of the uuid |
Check the arguments to see if they apply to this payload variant.
Returns: | True if the arguments indicate that this payload class is needed for the token otherwise returns False. |
---|---|
Return type: | bool |
Disassemble an unscoped payload into the component data.
The tuple consists of:
(user_id, methods, project_id, domain_id, expires_at_str,
audit_ids, trust_id, federated_info, access_token_id)
Fields will be set to None if they didn’t apply to this payload type.
Parameters: | payload – this variant of payload |
---|---|
Returns: | a tuple of the payloads component data |
Bases: keystone.token.providers.fernet.token_formatters.BasePayload
Bases: keystone.token.providers.fernet.token_formatters.FederatedScopedPayload
Bases: keystone.token.providers.fernet.token_formatters.FederatedScopedPayload
Bases: keystone.token.providers.fernet.token_formatters.FederatedUnscopedPayload
Bases: keystone.token.providers.fernet.token_formatters.BasePayload
Bases: keystone.token.providers.fernet.token_formatters.BasePayload
Bases: keystone.token.providers.fernet.token_formatters.BasePayload
Bases: object
Packs and unpacks payloads into tokens for transport.
Given a set of payload attributes, generate a Fernet token.
Return a cryptography instance.
You can extend this class with a custom crypto @property to provide your own token encoding / decoding. For example, using a different cryptography library (e.g. python-keyczar) or to meet arbitrary security requirements.
This @property just needs to return an object that implements encrypt(plaintext) and decrypt(ciphertext).
Bases: keystone.token.providers.fernet.token_formatters.BasePayload
If the configured key directory does not exist, attempt to create it.
Create a key repository and bootstrap it with a key.
Parameters: |
|
---|
Load keys from disk into a list.
The first key in the list is the primary key used for encryption. All other keys are active secondary keys that can be used for decrypting tokens.
Create a new primary key and revoke excess active keys.
Parameters: |
|
---|
Key rotation utilizes the following behaviors:
This strategy allows you to safely perform rotation on one node in a cluster, before syncing the results of the rotation to all other nodes (during both key rotation and synchronization, all nodes must recognize all primary keys).