The User Module¶
- class openstack_auth.user.Token(auth_ref, unscoped_token=None)[source]¶
Encapsulates the AccessInfo object from keystoneclient.
Token object provides a consistent interface for accessing the keystone token information and service catalog.
Added for maintaining backward compatibility with horizon that expects Token object in the user object.
- class openstack_auth.user.User(id=None, token=None, user=None, tenant_id=None, service_catalog=None, tenant_name=None, roles=None, authorized_tenants=None, endpoint=None, enabled=False, services_region=None, user_domain_id=None, user_domain_name=None, domain_id=None, domain_name=None, project_id=None, project_name=None, is_federated=False, unscoped_token=None, password=None, password_expires_at=None, system_scoped=False)[source]¶
A User class with some extra special sauce for Keystone.
In addition to the standard Django user attributes, this class also has the following:
- token¶
The Keystone token object associated with the current user/tenant.
The token object is deprecated, user auth_ref instead.
- tenant_id¶
The id of the Keystone tenant for the current user/token.
The tenant_id keyword argument is deprecated, use project_id instead.
- tenant_name¶
The name of the Keystone tenant for the current user/token.
The tenant_name keyword argument is deprecated, use project_name instead.
- project_id¶
The id of the Keystone project for the current user/token.
- project_name¶
The name of the Keystone project for the current user/token.
- service_catalog¶
The
ServiceCatalogdata returned by Keystone.
- roles¶
A list of dictionaries containing role names and ids as returned by Keystone.
- services_region¶
A list of non-identity service endpoint regions extracted from the service catalog.
- user_domain_id¶
The domain id of the current user.
- user_domain_name¶
The domain name of the current user.
- domain_id¶
The id of the Keystone domain scoped for the current user/token.
- is_federated¶
Whether user is federated Keystone user. (Boolean)
- unscoped_token¶
Unscoped Keystone token.
- password_expires_at¶
Password expiration date.
- exception DoesNotExist¶
- exception MultipleObjectsReturned¶
- property authorized_tenants¶
Returns a memoized list of tenants this user may access.
- property available_services_regions¶
Returns list of unique region name values in service catalog.
- has_a_matching_perm(perm_list, obj=None)[source]¶
Returns True if the user has one of the specified permissions.
If object is passed, it checks if the user has any of the required perms for this object.
- has_perms(perm_list, obj=None)[source]¶
Returns True if the user has all of the specified permissions.
Tuples in the list will possess the required permissions if the user has a permissions matching one of the elements of that tuple
- property is_active¶
bool(x) -> bool
Returns True when the argument x is true, False otherwise. The builtins True and False are the only two instances of the class bool. The class bool is a subclass of the class int, and cannot be subclassed.
- property is_anonymous¶
Return if the user is not authenticated.
- Returns:
Trueif not authenticated,``False`` otherwise.
- property is_authenticated¶
Checks for a valid authentication.
- property is_superuser¶
Evaluates whether this user has admin privileges.
- Returns:
TrueorFalse.
- property is_system_user¶
Check if the user has access to the system scope.
- is_token_expired(margin=None)[source]¶
Determine if the token is expired.
- Returns:
Trueif the token is expired,Falseif not, andNoneif there is no token set.- Parameters:
margin – A security time margin in seconds before real expiration. Will return
Trueif the token expires in less thanmarginseconds of time. A default margin can be set by the TOKEN_TIMEOUT_MARGIN in the django settings.
- save(*args, **kwargs)[source]¶
Save the current instance. Override this in a subclass if you want to control the saving process.
The ‘force_insert’ and ‘force_update’ parameters can be used to insist that the “save” must be an SQL insert or update (or equivalent for non-SQL backends), respectively. Normally, they should not be set.
