55a39fc2d0
Particularly for allowing the CLI to store and reuse previous authentication allow an application to extract and reinstall the auth state from a plugin. We provide a method that returns a dictionary of all of the identifiable information that is used to create a plugin. This dictionary is hashed to uniquely identify the plugin. We then have a get_auth_state and set_auth_state function, the return of which is intended to be opaque to the calling application. If the plugin created returns an ID of an existing authentication you can call set_auth_state to load that state. If the state is out of date it will be refreshed as per normal otherwise it will be used instead of authenticating again. There is not support for caching federated tokens in this patch. They will follow the exact same pattern and are not much harder they just need a way for subclasses to signal they are cachable and so can be done as a follow up. Implements: bp cachable-auth Change-Id: I4eebe7ff8060a37f19af5decfa3a8313cfb7c207
55 lines
2.0 KiB
Python
55 lines
2.0 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from keystoneauth1.identity.v3 import base
|
|
|
|
|
|
__all__ = ('TokenMethod', 'Token')
|
|
|
|
|
|
class TokenMethod(base.AuthMethod):
|
|
"""Construct an Auth plugin to fetch a token from a token.
|
|
|
|
:param string token: Token for authentication.
|
|
"""
|
|
|
|
_method_parameters = ['token']
|
|
|
|
def get_auth_data(self, session, auth, headers, **kwargs):
|
|
headers['X-Auth-Token'] = self.token
|
|
return 'token', {'id': self.token}
|
|
|
|
def get_cache_id_elements(self):
|
|
return {'token_token': self.token}
|
|
|
|
|
|
class Token(base.AuthConstructor):
|
|
"""A plugin for authenticating with an existing Token.
|
|
|
|
:param string auth_url: Identity service endpoint for authentication.
|
|
:param string token: Token for authentication.
|
|
:param string trust_id: Trust ID for trust scoping.
|
|
:param string domain_id: Domain ID for domain scoping.
|
|
:param string domain_name: Domain name for domain scoping.
|
|
:param string project_id: Project ID for project scoping.
|
|
:param string project_name: Project name for project scoping.
|
|
:param string project_domain_id: Project's domain ID for project.
|
|
:param string project_domain_name: Project's domain name for project.
|
|
:param bool reauthenticate: Allow fetching a new token if the current one
|
|
is going to expire. (optional) default True
|
|
"""
|
|
|
|
_auth_method_class = TokenMethod
|
|
|
|
def __init__(self, auth_url, token, **kwargs):
|
|
super(Token, self).__init__(auth_url, token=token, **kwargs)
|