keystoneauth1.access package¶
Submodules¶
Module contents¶
-
class
keystoneauth1.access.AccessInfo(body, auth_token=None)¶ Bases:
objectEncapsulates a raw authentication token from keystone.
Provides helper methods for extracting useful values from that token.
-
property
audit_chain_id¶ Return the audit chain ID if present.
In the event that a token was rescoped then this ID will be the
audit_idof the initial token. Returns None if no value present.- Returns
str or None.
-
property
audit_id¶ Return the audit ID if present.
- Returns
str or None.
-
property
auth_token¶ Return the token_id associated with the auth request.
To be used in headers for authenticating OpenStack API requests.
- Returns
str
-
property
bind¶ Information about external mechanisms the token is bound to.
If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.
- Returns
A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.
-
property
domain_id¶ Return the domain id associated with the auth request.
- Returns
str or None (if no domain associated with the token)
-
property
domain_name¶ Return the domain name associated with the auth request.
- Returns
str or None (if no domain associated with the token)
-
property
domain_scoped¶ Return true if the auth token was scoped to a domain.
- Returns
bool
-
property
expires¶ Return the token expiration (as datetime object).
- Returns
datetime
-
has_service_catalog()¶ Return true if the auth token has a service catalog.
- Returns
boolean
-
property
initial_audit_id¶ The audit ID of the initially requested token.
This is the
audit_chain_idif present or theaudit_id.
-
property
is_admin_project¶ Return true if the current project scope is the admin project.
For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.
:returns boolean
-
property
is_federated¶ Return true if federation was used to get the token.
- Returns
boolean
-
property
issued¶ Return the token issue time (as datetime object).
- Returns
datetime
-
property
oauth_access_token_id¶ Return the access token ID if OAuth authentication used.
- Returns
str or None.
-
property
oauth_consumer_id¶ Return the consumer ID if OAuth authentication used.
- Returns
str or None.
-
property
project_domain_id¶ Return the project’s domain id associated with the auth request.
- Returns
str
-
property
project_domain_name¶ Return the project’s domain name associated with the auth request.
- Returns
str
-
property
project_id¶ Return the project ID associated with the auth request.
This returns None if the auth token wasn’t scoped to a project.
- Returns
str or None (if no project associated with the token)
-
property
project_is_domain¶ Return if a project act as a domain.
- Returns
bool
-
property
project_name¶ Return the project name associated with the auth request.
- Returns
str or None (if no project associated with the token)
-
property
project_scoped¶ Return true if the auth token was scoped to a tenant (project).
- Returns
bool
-
property
role_ids¶ Return a list of user’s role ids associated with the auth request.
- Returns
a list of strings of role ids
-
property
role_names¶ Return a list of user’s role names associated with the auth request.
- Returns
a list of strings of role names
-
property
scoped¶ Return true if the auth token was scoped.
Returns true if scoped to a tenant(project) or domain, and contains a populated service catalog.
This is deprecated, use project_scoped instead.
- Returns
bool
-
property
service_catalog¶
-
property
service_providers¶ Return an object representing the list of trusted service providers.
Used for Keystone2Keystone federating-out.
- Returns
keystoneauth1.service_providers.ServiceProvidersor None
-
property
system_scoped¶ Return true if the auth token was scoped to the system.
- Returns
bool
-
property
tenant_id¶ Synonym for project_id.
-
property
tenant_name¶ Synonym for project_name.
-
property
trust_id¶ Return the trust id associated with the auth request.
- Returns
str or None (if no trust associated with the token)
-
property
trust_scoped¶ Return true if the auth token was scoped from a delegated trust.
The trust delegation is via the OS-TRUST v3 extension.
- Returns
bool
-
property
trustee_user_id¶ Return the trustee user id associated with a trust.
- Returns
str or None (if no trust associated with the token)
-
property
trustor_user_id¶ Return the trustor user id associated with a trust.
- Returns
str or None (if no trust associated with the token)
-
property
user_domain_id¶ Return the user’s domain id associated with the auth request.
- Returns
str
-
property
user_domain_name¶ Return the user’s domain name associated with the auth request.
- Returns
str
-
property
user_id¶ Return the user id associated with the auth request.
- Returns
str
-
property
username¶ Return the username associated with the auth request.
Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.
- Returns
str
-
will_expire_soon(stale_duration=30)¶ Determine if expiration is about to occur.
- Returns
true if expiration is within the given duration
- Return type
boolean
-
property
-
class
keystoneauth1.access.AccessInfoV2(body, auth_token=None)¶ Bases:
keystoneauth1.access.access.AccessInfoAn object for encapsulating raw v2 auth token from identity service.
-
property
audit_chain_id¶ Return the audit chain ID if present.
In the event that a token was rescoped then this ID will be the
audit_idof the initial token. Returns None if no value present.- Returns
str or None.
-
property
audit_id¶ Return the audit ID if present.
- Returns
str or None.
-
property
auth_token¶ Return the token_id associated with the auth request.
To be used in headers for authenticating OpenStack API requests.
- Returns
str
-
property
bind¶ Information about external mechanisms the token is bound to.
If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.
- Returns
A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.
-
property
domain_id¶ Return the domain id associated with the auth request.
- Returns
str or None (if no domain associated with the token)
-
property
domain_name¶ Return the domain name associated with the auth request.
- Returns
str or None (if no domain associated with the token)
-
property
domain_scoped¶ Return true if the auth token was scoped to a domain.
- Returns
bool
-
property
expires¶ Return the token expiration (as datetime object).
- Returns
datetime
-
has_service_catalog()¶ Return true if the auth token has a service catalog.
- Returns
boolean
-
property
is_admin_project¶ Return true if the current project scope is the admin project.
For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.
:returns boolean
-
property
is_federated¶ Return true if federation was used to get the token.
- Returns
boolean
-
property
issued¶ Return the token issue time (as datetime object).
- Returns
datetime
-
property
oauth_access_token_id¶ Return the access token ID if OAuth authentication used.
- Returns
str or None.
-
property
oauth_consumer_id¶ Return the consumer ID if OAuth authentication used.
- Returns
str or None.
-
property
project_domain_id¶ Return the project’s domain id associated with the auth request.
- Returns
str
-
property
project_domain_name¶ Return the project’s domain name associated with the auth request.
- Returns
str
-
property
project_id¶ Return the project ID associated with the auth request.
This returns None if the auth token wasn’t scoped to a project.
- Returns
str or None (if no project associated with the token)
-
property
project_is_domain¶ Return if a project act as a domain.
- Returns
bool
-
property
project_name¶ Return the project name associated with the auth request.
- Returns
str or None (if no project associated with the token)
-
property
role_ids¶ Return a list of user’s role ids associated with the auth request.
- Returns
a list of strings of role ids
-
property
role_names¶ Return a list of user’s role names associated with the auth request.
- Returns
a list of strings of role names
-
property
service_providers¶ Return an object representing the list of trusted service providers.
Used for Keystone2Keystone federating-out.
- Returns
keystoneauth1.service_providers.ServiceProvidersor None
-
property
system_scoped¶ Return true if the auth token was scoped to the system.
- Returns
bool
-
property
trust_id¶ Return the trust id associated with the auth request.
- Returns
str or None (if no trust associated with the token)
-
property
trust_scoped¶ Return true if the auth token was scoped from a delegated trust.
The trust delegation is via the OS-TRUST v3 extension.
- Returns
bool
-
property
trustee_user_id¶ Return the trustee user id associated with a trust.
- Returns
str or None (if no trust associated with the token)
-
property
trustor_user_id¶ Return the trustor user id associated with a trust.
- Returns
str or None (if no trust associated with the token)
-
property
user_domain_id¶ Return the user’s domain id associated with the auth request.
- Returns
str
-
property
user_domain_name¶ Return the user’s domain name associated with the auth request.
- Returns
str
-
property
user_id¶ Return the user id associated with the auth request.
- Returns
str
-
property
username¶ Return the username associated with the auth request.
Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.
- Returns
str
-
version= 'v2.0'¶
-
property
-
class
keystoneauth1.access.AccessInfoV3(body, auth_token=None)¶ Bases:
keystoneauth1.access.access.AccessInfoAn object encapsulating raw v3 auth token from identity service.
-
property
application_credential¶
-
property
application_credential_access_rules¶
-
property
application_credential_id¶
-
property
audit_chain_id¶ Return the audit chain ID if present.
In the event that a token was rescoped then this ID will be the
audit_idof the initial token. Returns None if no value present.- Returns
str or None.
-
property
audit_id¶ Return the audit ID if present.
- Returns
str or None.
-
property
bind¶ Information about external mechanisms the token is bound to.
If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.
- Returns
A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.
-
property
domain_id¶ Return the domain id associated with the auth request.
- Returns
str or None (if no domain associated with the token)
-
property
domain_name¶ Return the domain name associated with the auth request.
- Returns
str or None (if no domain associated with the token)
-
property
domain_scoped¶ Return true if the auth token was scoped to a domain.
- Returns
bool
-
property
expires¶ Return the token expiration (as datetime object).
- Returns
datetime
-
has_service_catalog()¶ Return true if the auth token has a service catalog.
- Returns
boolean
-
property
is_admin_project¶ Return true if the current project scope is the admin project.
For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.
:returns boolean
-
property
is_federated¶ Return true if federation was used to get the token.
- Returns
boolean
-
property
issued¶ Return the token issue time (as datetime object).
- Returns
datetime
-
property
oauth_access_token_id¶ Return the access token ID if OAuth authentication used.
- Returns
str or None.
-
property
oauth_consumer_id¶ Return the consumer ID if OAuth authentication used.
- Returns
str or None.
-
property
project_domain_id¶ Return the project’s domain id associated with the auth request.
- Returns
str
-
property
project_domain_name¶ Return the project’s domain name associated with the auth request.
- Returns
str
-
property
project_id¶ Return the project ID associated with the auth request.
This returns None if the auth token wasn’t scoped to a project.
- Returns
str or None (if no project associated with the token)
-
property
project_is_domain¶ Return if a project act as a domain.
- Returns
bool
-
property
project_name¶ Return the project name associated with the auth request.
- Returns
str or None (if no project associated with the token)
-
property
role_ids¶ Return a list of user’s role ids associated with the auth request.
- Returns
a list of strings of role ids
-
property
role_names¶ Return a list of user’s role names associated with the auth request.
- Returns
a list of strings of role names
-
property
service_providers¶ Return an object representing the list of trusted service providers.
Used for Keystone2Keystone federating-out.
- Returns
keystoneauth1.service_providers.ServiceProvidersor None
-
property
system¶
-
property
system_scoped¶ Return true if the auth token was scoped to the system.
- Returns
bool
-
property
trust_id¶ Return the trust id associated with the auth request.
- Returns
str or None (if no trust associated with the token)
-
property
trust_scoped¶ Return true if the auth token was scoped from a delegated trust.
The trust delegation is via the OS-TRUST v3 extension.
- Returns
bool
-
property
trustee_user_id¶ Return the trustee user id associated with a trust.
- Returns
str or None (if no trust associated with the token)
-
property
trustor_user_id¶ Return the trustor user id associated with a trust.
- Returns
str or None (if no trust associated with the token)
-
property
user_domain_id¶ Return the user’s domain id associated with the auth request.
- Returns
str
-
property
user_domain_name¶ Return the user’s domain name associated with the auth request.
- Returns
str
-
property
user_id¶ Return the user id associated with the auth request.
- Returns
str
-
property
username¶ Return the username associated with the auth request.
Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.
- Returns
str
-
version= 'v3'¶
-
property
-
keystoneauth1.access.create(resp=None, body=None, auth_token=None)¶
