keystoneauth1.identity.v3.federation module¶
-
class
keystoneauth1.identity.v3.federation.
FederationBaseAuth
(auth_url: str, identity_provider: str, protocol: str, *, trust_id: Optional[str] = None, system_scope: Optional[str] = None, domain_id: Optional[str] = None, domain_name: Optional[str] = None, project_id: Optional[str] = None, project_name: Optional[str] = None, project_domain_id: Optional[str] = None, project_domain_name: Optional[str] = None, reauthenticate: bool = True, include_catalog: bool = True) Bases:
keystoneauth1.identity.v3.federation._Rescoped
Federation authentication plugin.
- Parameters
auth_url (string) – URL of the Identity Service
identity_provider (string) – name of the Identity Provider the client will authenticate against. This parameter will be used to build a dynamic URL used to obtain unscoped OpenStack token.
protocol (string) – name of the protocol the client will authenticate against.
-
__abstractmethods__
= frozenset({'get_unscoped_auth_ref'})
-
__annotations__
= {'MIN_TOKEN_LIFE_SECONDS': 'int', '_discovery_cache': 'dict[str, discover.Discover]', 'auth_ref': 'ty.Optional[access.AccessInfo]', 'auth_url': <class 'str'>, 'reauthenticate': 'bool'}
-
__doc__
= 'Federation authentication plugin.\n\n :param auth_url: URL of the Identity Service\n :type auth_url: string\n :param identity_provider: name of the Identity Provider the client\n will authenticate against. This parameter\n will be used to build a dynamic URL used to\n obtain unscoped OpenStack token.\n :type identity_provider: string\n :param protocol: name of the protocol the client will authenticate\n against.\n :type protocol: string\n\n '
-
__init__
(auth_url: str, identity_provider: str, protocol: str, *, trust_id: Optional[str] = None, system_scope: Optional[str] = None, domain_id: Optional[str] = None, domain_name: Optional[str] = None, project_id: Optional[str] = None, project_name: Optional[str] = None, project_domain_id: Optional[str] = None, project_domain_name: Optional[str] = None, reauthenticate: bool = True, include_catalog: bool = True) Initialize self. See help(type(self)) for accurate signature.
-
__module__
= 'keystoneauth1.identity.v3.federation'
-
_abc_impl
= <_abc._abc_data object>
-
_discovery_cache
: dict[str, discover.Discover]
-
auth_ref
: ty.Optional[access.AccessInfo]
-
auth_url
: str
-
property
federated_token_url
Full URL where authorization data is sent.
-
reauthenticate
: bool
-
class
keystoneauth1.identity.v3.federation.
_Rescoped
(auth_url: str, *, trust_id: Optional[str] = None, system_scope: Optional[str] = None, domain_id: Optional[str] = None, domain_name: Optional[str] = None, project_id: Optional[str] = None, project_name: Optional[str] = None, project_domain_id: Optional[str] = None, project_domain_name: Optional[str] = None, reauthenticate: bool = True, include_catalog: bool = True) Bases:
keystoneauth1.identity.v3.base.BaseAuth
A plugin that is always going to go through a rescope process.
The original keystone plugins could simply pass a project or domain to along with the credentials and get a scoped token. For federation, K2K and newer mechanisms we always get an unscoped token first and then rescope.
This is currently not public as it’s generally an abstraction of a flow used by plugins within keystoneauth1.
It also cannot go in base as it depends on token.Token for rescoping which would create a circular dependency.
-
__abstractmethods__
= frozenset({'get_unscoped_auth_ref'})
-
__doc__
= "A plugin that is always going to go through a rescope process.\n\n The original keystone plugins could simply pass a project or domain to\n along with the credentials and get a scoped token. For federation, K2K and\n newer mechanisms we always get an unscoped token first and then rescope.\n\n This is currently not public as it's generally an abstraction of a flow\n used by plugins within keystoneauth1.\n\n It also cannot go in base as it depends on token.Token for rescoping which\n would create a circular dependency.\n "
-
__module__
= 'keystoneauth1.identity.v3.federation'
-
_abc_impl
= <_abc._abc_data object>
-
_discovery_cache
: dict[str, discover.Discover]
-
auth_ref
: ty.Optional[access.AccessInfo]
-
auth_url
: str
-
get_auth_ref
(session: keystoneauth1.session.Session) → keystoneauth1.access.access.AccessInfoV3 Authenticate retrieve token information.
This is a multi-step process where a client does federated authn receives an unscoped token.
If an unscoped token is successfully received and scoping information is present then the token is rescoped to that target.
- Parameters
session (keystoneauth1.session.Session) – a session object to send out HTTP requests.
- Returns
a token data representation
- Return type
keystoneauth1.access.AccessInfo
-
abstract
get_unscoped_auth_ref
(session: keystoneauth1.session.Session) → keystoneauth1.access.access.AccessInfoV3 Fetch unscoped federated token.
-
reauthenticate
: bool
-
rescoping_plugin
alias of
keystoneauth1.identity.v3.token.Token
-