55a39fc2d0
Particularly for allowing the CLI to store and reuse previous authentication allow an application to extract and reinstall the auth state from a plugin. We provide a method that returns a dictionary of all of the identifiable information that is used to create a plugin. This dictionary is hashed to uniquely identify the plugin. We then have a get_auth_state and set_auth_state function, the return of which is intended to be opaque to the calling application. If the plugin created returns an ID of an existing authentication you can call set_auth_state to load that state. If the state is out of date it will be refreshed as per normal otherwise it will be used instead of authenticating again. There is not support for caching federated tokens in this patch. They will follow the exact same pattern and are not much harder they just need a way for subclasses to signal they are cachable and so can be done as a follow up. Implements: bp cachable-auth Change-Id: I4eebe7ff8060a37f19af5decfa3a8313cfb7c207
76 lines
3.0 KiB
Python
76 lines
3.0 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from keystoneauth1.identity.v3 import base
|
|
|
|
|
|
__all__ = ('PasswordMethod', 'Password')
|
|
|
|
|
|
class PasswordMethod(base.AuthMethod):
|
|
"""Construct a User/Password based authentication method.
|
|
|
|
:param string password: Password for authentication.
|
|
:param string username: Username for authentication.
|
|
:param string user_id: User ID for authentication.
|
|
:param string user_domain_id: User's domain ID for authentication.
|
|
:param string user_domain_name: User's domain name for authentication.
|
|
"""
|
|
|
|
_method_parameters = ['user_id',
|
|
'username',
|
|
'user_domain_id',
|
|
'user_domain_name',
|
|
'password']
|
|
|
|
def get_auth_data(self, session, auth, headers, **kwargs):
|
|
user = {'password': self.password}
|
|
|
|
if self.user_id:
|
|
user['id'] = self.user_id
|
|
elif self.username:
|
|
user['name'] = self.username
|
|
|
|
if self.user_domain_id:
|
|
user['domain'] = {'id': self.user_domain_id}
|
|
elif self.user_domain_name:
|
|
user['domain'] = {'name': self.user_domain_name}
|
|
|
|
return 'password', {'user': user}
|
|
|
|
def get_cache_id_elements(self):
|
|
return dict(('password_%s' % p, getattr(self, p))
|
|
for p in self._method_parameters)
|
|
|
|
|
|
class Password(base.AuthConstructor):
|
|
"""A plugin for authenticating with a username and password.
|
|
|
|
:param string auth_url: Identity service endpoint for authentication.
|
|
:param string password: Password for authentication.
|
|
:param string username: Username for authentication.
|
|
:param string user_id: User ID for authentication.
|
|
:param string user_domain_id: User's domain ID for authentication.
|
|
:param string user_domain_name: User's domain name for authentication.
|
|
:param string trust_id: Trust ID for trust scoping.
|
|
:param string domain_id: Domain ID for domain scoping.
|
|
:param string domain_name: Domain name for domain scoping.
|
|
:param string project_id: Project ID for project scoping.
|
|
:param string project_name: Project name for project scoping.
|
|
:param string project_domain_id: Project's domain ID for project.
|
|
:param string project_domain_name: Project's domain name for project.
|
|
:param bool reauthenticate: Allow fetching a new token if the current one
|
|
is going to expire. (optional) default True
|
|
"""
|
|
|
|
_auth_method_class = PasswordMethod
|