keystoneauth1.identity.v3 package

Submodules

keystoneauth1.identity.v3.base module

class keystoneauth1.identity.v3.base.Auth(auth_url, auth_methods, **kwargs)

Bases: keystoneauth1.identity.v3.base.BaseAuth

Identity V3 Authentication Plugin.

Parameters:
  • auth_url (string) – Identity service endpoint for authentication.
  • auth_methods (list) – A collection of methods to authenticate with.
  • trust_id (string) – Trust ID for trust scoping.
  • domain_id (string) – Domain ID for domain scoping.
  • domain_name (string) – Domain name for domain scoping.
  • project_id (string) – Project ID for project scoping.
  • project_name (string) – Project name for project scoping.
  • project_domain_id (string) – Project’s domain ID for project.
  • project_domain_name (string) – Project’s domain name for project.
  • reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True
  • include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.
  • unscoped (bool) – Force the return of an unscoped token. This will make the keystone server return an unscoped token even if a default_project_id is set for this user.
get_auth_ref(session, **kwargs)
class keystoneauth1.identity.v3.base.AuthMethod(**kwargs)

Bases: object

One part of a V3 Authentication strategy.

V3 Tokens allow multiple methods to be presented when authentication against the server. Each one of these methods is implemented by an AuthMethod.

Note: When implementing an AuthMethod use the method_parameters and do not use positional arguments. Otherwise they can’t be picked up by the factory method and don’t work as well with AuthConstructors.

get_auth_data(session, auth, headers, **kwargs)

Return the authentication section of an auth plugin.

Parameters:
  • session (keystonauth.session.Session) – The communication session.
  • auth (Auth) – The auth plugin calling the method.
  • headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them.
Returns:

The identifier of this plugin and a dict of authentication data for the auth type.
Return type:

tuple(string, dict)
class keystoneauth1.identity.v3.base.AuthConstructor(auth_url, *args, **kwargs)

Bases: keystoneauth1.identity.v3.base.Auth

AuthConstructor is a means of creating an Auth Plugin that contains only one authentication method. This is generally the required usage.

An AuthConstructor creates an AuthMethod based on the method’s arguments and the auth_method_class defined by the plugin. It then creates the auth plugin with only that authentication method.

class keystoneauth1.identity.v3.base.BaseAuth(*args, **kwargs)

Bases: keystoneauth1.identity.base.BaseIdentityPlugin

Identity V3 Authentication Plugin.

Parameters:
  • auth_url (string) – Identity service endpoint for authentication.
  • auth_methods (list) – A collection of methods to authenticate with.
  • trust_id (string) – Trust ID for trust scoping.
  • domain_id (string) – Domain ID for domain scoping.
  • domain_name (string) – Domain name for domain scoping.
  • project_id (string) – Project ID for project scoping.
  • project_name (string) – Project name for project scoping.
  • project_domain_id (string) – Project’s domain ID for project.
  • project_domain_name (string) – Project’s domain name for project.
  • reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True
  • include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.
get_auth_ref(session, **kwargs)
has_scope_parameters

Does the plugin have parameters that will create a scoped token

token_url

The full URL where we will send authentication data.

keystoneauth1.identity.v3.federation module

class keystoneauth1.identity.v3.federation.FederationBaseAuth(auth_url, identity_provider, protocol, **kwargs)

Bases: keystoneauth1.identity.v3.base.BaseAuth

federated_token_url

Full URL where authorization data is sent.

get_auth_ref(session, **kwargs)

Authenticate retrieve token information.

This is a multi-step process where a client does federated authn receives an unscoped token.

If an unscoped token is successfully received and scoping information is present then the token is rescoped to that target.

Parameters:session (keystonauth.session.Session) – a session object to send out HTTP requests.
Returns:a token data representation
Return type:keystonauth.access.AccessInfo
get_unscoped_auth_ref(session, **kwargs)

Fetch unscoped federated token.

rescoping_plugin

alias of Token

keystoneauth1.identity.v3.k2k module

class keystoneauth1.identity.v3.k2k.Keystone2Keystone(base_plugin, service_provider, **kwargs)

Bases: keystoneauth1.identity.v3.base.BaseAuth

Plugin to execute the Keystone to Keyestone authentication flow.

In this plugin, an ECP wrapped SAML assertion provided by a keystone Identity Provider (IdP) is used to request an OpenStack unscoped token from a keystone Service Provider (SP).

Parameters:
  • base_plugin (keystoneauth1.v3.base.BaseAuth) – Auth plugin already authenticated against the keystone IdP.
  • service_provider (string) – The Service Provider ID as returned by ServiceProviderManager.list()
REQUEST_ECP_URL = '/auth/OS-FEDERATION/saml2/ecp'
get_auth_ref(session, **kwargs)
get_unscoped_auth_ref(session, **kwargs)
rescoping_plugin

alias of Token

keystoneauth1.identity.v3.password module

class keystoneauth1.identity.v3.password.PasswordMethod(**kwargs)

Bases: keystoneauth1.identity.v3.base.AuthMethod

Construct a User/Password based authentication method.

Parameters:
  • password (string) – Password for authentication.
  • username (string) – Username for authentication.
  • user_id (string) – User ID for authentication.
  • user_domain_id (string) – User’s domain ID for authentication.
  • user_domain_name (string) – User’s domain name for authentication.
get_auth_data(session, auth, headers, **kwargs)
class keystoneauth1.identity.v3.password.Password(auth_url, *args, **kwargs)

Bases: keystoneauth1.identity.v3.base.AuthConstructor

A plugin for authenticating with a username and password.

Parameters:
  • auth_url (string) – Identity service endpoint for authentication.
  • password (string) – Password for authentication.
  • username (string) – Username for authentication.
  • user_id (string) – User ID for authentication.
  • user_domain_id (string) – User’s domain ID for authentication.
  • user_domain_name (string) – User’s domain name for authentication.
  • trust_id (string) – Trust ID for trust scoping.
  • domain_id (string) – Domain ID for domain scoping.
  • domain_name (string) – Domain name for domain scoping.
  • project_id (string) – Project ID for project scoping.
  • project_name (string) – Project name for project scoping.
  • project_domain_id (string) – Project’s domain ID for project.
  • project_domain_name (string) – Project’s domain name for project.
  • reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

keystoneauth1.identity.v3.token module

class keystoneauth1.identity.v3.token.TokenMethod(**kwargs)

Bases: keystoneauth1.identity.v3.base.AuthMethod

Construct an Auth plugin to fetch a token from a token.

Parameters:token (string) – Token for authentication.
get_auth_data(session, auth, headers, **kwargs)
class keystoneauth1.identity.v3.token.Token(auth_url, token, **kwargs)

Bases: keystoneauth1.identity.v3.base.AuthConstructor

A plugin for authenticating with an existing Token.

Parameters:
  • auth_url (string) – Identity service endpoint for authentication.
  • token (string) – Token for authentication.
  • trust_id (string) – Trust ID for trust scoping.
  • domain_id (string) – Domain ID for domain scoping.
  • domain_name (string) – Domain name for domain scoping.
  • project_id (string) – Project ID for project scoping.
  • project_name (string) – Project name for project scoping.
  • project_domain_id (string) – Project’s domain ID for project.
  • project_domain_name (string) – Project’s domain name for project.
  • reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True

Module contents

class keystoneauth1.identity.v3.Auth(auth_url, auth_methods, **kwargs)

Bases: keystoneauth1.identity.v3.base.BaseAuth

Identity V3 Authentication Plugin.

Parameters:
  • auth_url (string) – Identity service endpoint for authentication.
  • auth_methods (list) – A collection of methods to authenticate with.
  • trust_id (string) – Trust ID for trust scoping.
  • domain_id (string) – Domain ID for domain scoping.
  • domain_name (string) – Domain name for domain scoping.
  • project_id (string) – Project ID for project scoping.
  • project_name (string) – Project name for project scoping.
  • project_domain_id (string) – Project’s domain ID for project.
  • project_domain_name (string) – Project’s domain name for project.
  • reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True
  • include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.
  • unscoped (bool) – Force the return of an unscoped token. This will make the keystone server return an unscoped token even if a default_project_id is set for this user.
get_auth_ref(session, **kwargs)
class keystoneauth1.identity.v3.AuthConstructor(auth_url, *args, **kwargs)

Bases: keystoneauth1.identity.v3.base.Auth

AuthConstructor is a means of creating an Auth Plugin that contains only one authentication method. This is generally the required usage.

An AuthConstructor creates an AuthMethod based on the method’s arguments and the auth_method_class defined by the plugin. It then creates the auth plugin with only that authentication method.

class keystoneauth1.identity.v3.AuthMethod(**kwargs)

Bases: object

One part of a V3 Authentication strategy.

V3 Tokens allow multiple methods to be presented when authentication against the server. Each one of these methods is implemented by an AuthMethod.

Note: When implementing an AuthMethod use the method_parameters and do not use positional arguments. Otherwise they can’t be picked up by the factory method and don’t work as well with AuthConstructors.

get_auth_data(session, auth, headers, **kwargs)

Return the authentication section of an auth plugin.

Parameters:
  • session (keystonauth.session.Session) – The communication session.
  • auth (Auth) – The auth plugin calling the method.
  • headers (dict) – The headers that will be sent with the auth request if a plugin needs to add to them.
Returns:

The identifier of this plugin and a dict of authentication data for the auth type.
Return type:

tuple(string, dict)
class keystoneauth1.identity.v3.BaseAuth(*args, **kwargs)

Bases: keystoneauth1.identity.base.BaseIdentityPlugin

Identity V3 Authentication Plugin.

Parameters:
  • auth_url (string) – Identity service endpoint for authentication.
  • auth_methods (list) – A collection of methods to authenticate with.
  • trust_id (string) – Trust ID for trust scoping.
  • domain_id (string) – Domain ID for domain scoping.
  • domain_name (string) – Domain name for domain scoping.
  • project_id (string) – Project ID for project scoping.
  • project_name (string) – Project name for project scoping.
  • project_domain_id (string) – Project’s domain ID for project.
  • project_domain_name (string) – Project’s domain name for project.
  • reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True
  • include_catalog (bool) – Include the service catalog in the returned token. (optional) default True.
get_auth_ref(session, **kwargs)
has_scope_parameters

Does the plugin have parameters that will create a scoped token

token_url

The full URL where we will send authentication data.

class keystoneauth1.identity.v3.FederationBaseAuth(auth_url, identity_provider, protocol, **kwargs)

Bases: keystoneauth1.identity.v3.base.BaseAuth

federated_token_url

Full URL where authorization data is sent.

get_auth_ref(session, **kwargs)

Authenticate retrieve token information.

This is a multi-step process where a client does federated authn receives an unscoped token.

If an unscoped token is successfully received and scoping information is present then the token is rescoped to that target.

Parameters:session (keystonauth.session.Session) – a session object to send out HTTP requests.
Returns:a token data representation
Return type:keystonauth.access.AccessInfo
get_unscoped_auth_ref(session, **kwargs)

Fetch unscoped federated token.

rescoping_plugin

alias of Token

class keystoneauth1.identity.v3.Keystone2Keystone(base_plugin, service_provider, **kwargs)

Bases: keystoneauth1.identity.v3.base.BaseAuth

Plugin to execute the Keystone to Keyestone authentication flow.

In this plugin, an ECP wrapped SAML assertion provided by a keystone Identity Provider (IdP) is used to request an OpenStack unscoped token from a keystone Service Provider (SP).

Parameters:
  • base_plugin (keystoneauth1.v3.base.BaseAuth) – Auth plugin already authenticated against the keystone IdP.
  • service_provider (string) – The Service Provider ID as returned by ServiceProviderManager.list()
REQUEST_ECP_URL = '/auth/OS-FEDERATION/saml2/ecp'
get_auth_ref(session, **kwargs)
get_unscoped_auth_ref(session, **kwargs)
rescoping_plugin

alias of Token

class keystoneauth1.identity.v3.Password(auth_url, *args, **kwargs)

Bases: keystoneauth1.identity.v3.base.AuthConstructor

A plugin for authenticating with a username and password.

Parameters:
  • auth_url (string) – Identity service endpoint for authentication.
  • password (string) – Password for authentication.
  • username (string) – Username for authentication.
  • user_id (string) – User ID for authentication.
  • user_domain_id (string) – User’s domain ID for authentication.
  • user_domain_name (string) – User’s domain name for authentication.
  • trust_id (string) – Trust ID for trust scoping.
  • domain_id (string) – Domain ID for domain scoping.
  • domain_name (string) – Domain name for domain scoping.
  • project_id (string) – Project ID for project scoping.
  • project_name (string) – Project name for project scoping.
  • project_domain_id (string) – Project’s domain ID for project.
  • project_domain_name (string) – Project’s domain name for project.
  • reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True
class keystoneauth1.identity.v3.PasswordMethod(**kwargs)

Bases: keystoneauth1.identity.v3.base.AuthMethod

Construct a User/Password based authentication method.

Parameters:
  • password (string) – Password for authentication.
  • username (string) – Username for authentication.
  • user_id (string) – User ID for authentication.
  • user_domain_id (string) – User’s domain ID for authentication.
  • user_domain_name (string) – User’s domain name for authentication.
get_auth_data(session, auth, headers, **kwargs)
class keystoneauth1.identity.v3.Token(auth_url, token, **kwargs)

Bases: keystoneauth1.identity.v3.base.AuthConstructor

A plugin for authenticating with an existing Token.

Parameters:
  • auth_url (string) – Identity service endpoint for authentication.
  • token (string) – Token for authentication.
  • trust_id (string) – Trust ID for trust scoping.
  • domain_id (string) – Domain ID for domain scoping.
  • domain_name (string) – Domain name for domain scoping.
  • project_id (string) – Project ID for project scoping.
  • project_name (string) – Project name for project scoping.
  • project_domain_id (string) – Project’s domain ID for project.
  • project_domain_name (string) – Project’s domain name for project.
  • reauthenticate (bool) – Allow fetching a new token if the current one is going to expire. (optional) default True
class keystoneauth1.identity.v3.TokenMethod(**kwargs)

Bases: keystoneauth1.identity.v3.base.AuthMethod

Construct an Auth plugin to fetch a token from a token.

Parameters:token (string) – Token for authentication.
get_auth_data(session, auth, headers, **kwargs)

Table Of Contents

Previous topic

keystoneauth1.identity.generic package

Next topic

keystoneauth1.loading package

Project Source

This Page

Navigation

© Copyright OpenStack Contributors. Last updated on Thu Mar 3 12:18:10 2016, commit aa122e7. Created using Sphinx 1.2.3.