providers Package

common Module

class keystone.token.providers.common.BaseProvider(*args, **kwargs)[source]

Bases: keystone.token.provider.Provider

get_token_version(token_data)[source]
issue_v2_token(token_ref, roles_ref=None, catalog_ref=None)[source]
issue_v3_token(user_id, method_names, expires_at=None, project_id=None, domain_id=None, auth_context=None, trust=None, metadata_ref=None, include_catalog=True, parent_audit_id=None)[source]
validate_v2_token(token_ref)[source]
validate_v3_token(token_ref)[source]
class keystone.token.providers.common.V2TokenDataHelper(*args, **kwargs)[source]

Bases: object

Creates V2 token data.

classmethod format_catalog(catalog_ref)[source]

Munge catalogs from internal to output format Internal catalogs look like:

{$REGION: {
    {$SERVICE: {
        $key1: $value1,
        ...
        }
    }
}

The legacy api wants them to look like:

[{'name': $SERVICE[name],
  'type': $SERVICE,
  'endpoints': [{
      'tenantId': $tenant_id,
      ...
      'region': $REGION,
      }],
  'endpoints_links': [],
 }]
classmethod format_token(token_ref, roles_ref=None, catalog_ref=None, trust_ref=None)[source]
v3_to_v2_token(v3_token_data)[source]
class keystone.token.providers.common.V3TokenDataHelper(*args, **kwargs)[source]

Bases: object

Token data helper.

get_token_data(user_id, method_names, extras=None, domain_id=None, project_id=None, expires=None, trust=None, token=None, include_catalog=True, bind=None, access_token=None, issued_at=None, audit_info=None)[source]
populate_roles_for_groups(token_data, group_ids, project_id=None, domain_id=None, user_id=None)[source]

Populate roles basing on provided groups and project/domain

Used for ephemeral users with dynamically assigned groups. This method does not return anything, yet it modifies token_data in place.

Parameters:token_data – a dictionary used for building token response
Group_ids :list of group IDs a user is a member of
Project_id :project ID to scope to
Domain_id :domain ID to scope to
User_id :user ID
Raises :exception.Unauthorized - when no roles were found for a (group_ids, project_id) or (group_ids, domain_id) pairs.

pki Module

Keystone PKI Token Provider

class keystone.token.providers.pki.Provider(*args, **kwargs)[source]

Bases: keystone.token.providers.common.BaseProvider

needs_persistence()[source]

Should the token be written to a backend.

pkiz Module

Keystone Compressed PKI Token Provider

class keystone.token.providers.pkiz.Provider(*args, **kwargs)[source]

Bases: keystone.token.providers.common.BaseProvider

needs_persistence()[source]

Should the token be written to a backend.

uuid Module

Keystone UUID Token Provider

class keystone.token.providers.uuid.Provider(*args, **kwargs)[source]

Bases: keystone.token.providers.common.BaseProvider

needs_persistence()[source]

Should the token be written to a backend.

Table Of Contents

This Page