Bases: keystone.common.controller.V2Controller
Authenticate credentials and return a token.
Accept auth as a dict that looks like:
{
"auth":{
"passwordCredentials":{
"username":"test_user",
"password":"mypass"
},
"tenantName":"customer-x"
}
}
In this case, tenant is optional, if not provided the token will be considered “unscoped” and can later be used to get a scoped token.
Alternatively, this call accepts auth with only a token and tenant that will return a token that is scoped to that tenant.
Formats a list of endpoints according to Identity API v2.
The v2.0 API wants an endpoint list to look like:
{
'endpoints': [
{
'id': $endpoint_id,
'name': $SERVICE[name],
'type': $SERVICE,
'tenantId': $tenant_id,
'region': $REGION,
}
],
'endpoints_links': [],
}
Main entry point into the Token service.
Validate user and tenant auth info.
Validate the user and tenant auth info in order to ensure that user and tenant information is valid and not disabled.
Consolidate the checks here to ensure consistency between token auth and ec2 auth.
Params user_ref: | |
---|---|
the authenticating user | |
Params tenant_ref: | |
the scope of authorization, if any | |
Raises Unauthorized: | |
if any of the user, user’s domain, tenant or tenant’s domain are either disabled or otherwise invalid |
Token provider interface.
Bases: keystone.common.manager.Manager
Default pivot point for the token provider backend.
See keystone.common.manager.Manager for more details on how this dynamically calls the backend.
Check the validity of the given V2 token.
Parameters: |
|
---|---|
Returns: | None |
Raises : | keystone.exception.Unauthorized |
Check the validity of the given V3 token.
Parameters: | token_id – identity of the token |
---|---|
Returns: | None |
Raises : | keystone.exception.Unauthorized |
Return package path to the configured token provider.
The value should come from keystone.conf [token] provider, however this method ensures backwards compatibility for keystone.conf [signing] token_format until Havana + 2.
Return the provider based on token_format if provider is not set. Otherwise, ignore token_format and return the configured provider instead.
Return a unique ID for a token.
The returned value is useful as the primary key of a database table, memcache store, or other lookup table.
Returns: | Given a PKI token, returns it’s hashed value. Otherwise, returns the passed-in value (such as a UUID token ID or an existing hash). |
---|
Bases: object
Interface description for a Token provider.
Return the version of the given token data.
If the given token data is unrecognizable, UnsupportedTokenVersionException is raised.
Parameters: | token_data (dict) – token_data |
---|---|
Returns: | token version string |
Raises : | keystone.token.provider.UnsupportedTokenVersionException |
Issue a V2 token.
Parameters: |
|
---|---|
Returns: | (token_id, token_data) |
Issue a V3 Token.
Parameters: |
|
---|---|
Returns: | (token_id, token_data) |
Build the audit data for a token.
If parent_audit_id is None, the list will be one element in length containing a newly generated audit_id.
If parent_audit_id is supplied, the list will be two elements in length containing a newly generated audit_id and the parent_audit_id. The parent_audit_id will always be element index 1 in the resulting list.
Parameters: | parent_audit_id (str) – the audit of the original token in the chain |
---|---|
Returns: | Keystone token audit data |