openstack/python-keystoneclient
Code Issues Proposed changes
6d0afcc98e
python-keystoneclient/keystoneclient/access.py

466 lines
13 KiB
Python
Raw Normal View History

removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
# Copyright 2012 Nebula, Inc.
#
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
import datetime
from keystoneclient.openstack.common import timeutils
Use AuthRef for some client fields This tackles some TODO items left over. Change-Id: Ib062744acbf56f05d09857d244b78b35c0ef4d39 Signed-off-by: Julien Danjou <julien@danjou.info>
2013-01-24 17:46:29 +01:00
from keystoneclient import service_catalog
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
# gap, in seconds, to determine whether the given token is about to expire
Fix STALE_TOKEN_DURATION usage Change-Id: I9856684d93d8b45310e599863553a020180aa509 Signed-off-by: Julien Danjou <julien@danjou.info>
2013-01-22 17:55:49 +01:00
STALE_TOKEN_DURATION = 30
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
class AccessInfo(dict):
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
"""Encapsulates a raw authentication token from keystone.
Provides helper methods for extracting useful values from that token.
"""
@classmethod
def factory(cls, resp=None, body=None, **kwargs):
"""Create AccessInfo object given a successful auth response & body
or a user-provided dict.
"""
if body is not None or len(kwargs):
if AccessInfoV3.is_valid(body, **kwargs):
token = None
if resp:
token = resp.headers['X-Subject-Token']
if body:
return AccessInfoV3(token, **body['token'])
else:
return AccessInfoV3(token, **kwargs)
elif AccessInfoV2.is_valid(body, **kwargs):
if body:
return AccessInfoV2(**body['access'])
else:
return AccessInfoV2(**kwargs)
else:
raise NotImplementedError('Unrecognized auth response')
else:
return AccessInfoV2(**kwargs)
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
Use AuthRef for some client fields This tackles some TODO items left over. Change-Id: Ib062744acbf56f05d09857d244b78b35c0ef4d39 Signed-off-by: Julien Danjou <julien@danjou.info>
2013-01-24 17:46:29 +01:00
def __init__(self, *args, **kwargs):
super(AccessInfo, self).__init__(*args, **kwargs)
self.service_catalog = service_catalog.ServiceCatalog(
resource_dict=self, region_name=self.get('region_name'))
def has_service_catalog(self):
return 'serviceCatalog' in self
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
def will_expire_soon(self, stale_duration=None):
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
"""Determines if expiration is about to occur.
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
:return: boolean : true if expiration is within the given duration
"""
Fix STALE_TOKEN_DURATION usage Change-Id: I9856684d93d8b45310e599863553a020180aa509 Signed-off-by: Julien Danjou <julien@danjou.info>
2013-01-22 17:55:49 +01:00
stale_duration = (STALE_TOKEN_DURATION if stale_duration is None
else stale_duration)
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
norm_expires = timeutils.normalize_time(self.expires)
# (gyee) should we move auth_token.will_expire_soon() to timeutils
# instead of duplicating code here?
soon = (timeutils.utcnow() + datetime.timedelta(
seconds=stale_duration))
return norm_expires < soon
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
@classmethod
def is_valid(cls, body, **kwargs):
"""Determines if processing v2 or v3 token given a successful
auth body or a user-provided dict.
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
:return: boolean : true if auth body matches implementing class
"""
raise NotImplementedError()
def has_service_catalog(self):
"""Returns true if the authorization token has a service catalog.
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
:returns: boolean
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
"""
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
raise NotImplementedError()
bug-1040361: use keyring to store tokens User can optionally turn off keyring by specifying the --no-cache option. It can also be disabled with environment variable OS-NO-CACHE. Change-Id: I8935260bf7fd6befa14798da9b4d02c81e65c417
2012-11-08 16:32:17 -08:00
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
@property
def auth_token(self):
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
"""Returns the token_id associated with the auth request, to be used
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
in headers for authenticating OpenStack API requests.
:returns: str
"""
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
raise NotImplementedError()
@property
def expires(self):
"""Returns the token expiration (as datetime object)
:returns: datetime
"""
raise NotImplementedError()
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
@property
def username(self):
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
"""Returns the username associated with the authentication request.
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
Follows the pattern defined in the V2 API of first looking for 'name',
returning that if available, and falling back to 'username' if name
is unavailable.
:returns: str
"""
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
raise NotImplementedError()
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
@property
def user_id(self):
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
"""Returns the user id associated with the authentication request.
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
:returns: str
"""
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
raise NotImplementedError()
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
@property
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
def user_domain_id(self):
"""Returns the domain id of the user associated with the authentication
request.
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
For v2, it always returns 'default' which maybe different from the
Keystone configuration.
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
:returns: str
"""
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
raise NotImplementedError()
@property
def domain_name(self):
"""Returns the domain name associated with the authentication token.
:returns: str or None (if no domain associated with the token)
"""
raise NotImplementedError()
@property
def domain_id(self):
"""Returns the domain id associated with the authentication token.
:returns: str or None (if no domain associated with the token)
"""
raise NotImplementedError()
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
@property
def project_name(self):
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
"""Returns the project name associated with the authentication request.
:returns: str or None (if no project associated with the token)
"""
raise NotImplementedError()
@property
def tenant_name(self):
"""Synonym for project_name"""
return self.project_name
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
@property
def scoped(self):
Fix and enable H401 Remove leading spaces from doc comments. Change-Id: I75b055c0d64dda478c63839d44158e301900107f
2013-06-21 19:04:50 +02:00
"""Returns true if the authorization token was scoped to a tenant
(project), and contains a populated service catalog.
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
Fix and enable H401 Remove leading spaces from doc comments. Change-Id: I75b055c0d64dda478c63839d44158e301900107f
2013-06-21 19:04:50 +02:00
This is deprecated, use project_scoped instead.
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
:returns: bool
"""
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
raise NotImplementedError()
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
@property
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
def project_scoped(self):
Fix and enable H401 Remove leading spaces from doc comments. Change-Id: I75b055c0d64dda478c63839d44158e301900107f
2013-06-21 19:04:50 +02:00
"""Returns true if the authorization token was scoped to a tenant
(project).
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
:returns: bool
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
"""
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
raise NotImplementedError()
@property
def domain_scoped(self):
Fix and enable H401 Remove leading spaces from doc comments. Change-Id: I75b055c0d64dda478c63839d44158e301900107f
2013-06-21 19:04:50 +02:00
"""Returns true if the authorization token was scoped to a domain.
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
:returns: bool
"""
raise NotImplementedError()
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
@property
def project_id(self):
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
"""Returns the project ID associated with the authentication
request, or None if the authentication request wasn't scoped to a
project.
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
:returns: str or None ((if no project associated with the token)
"""
raise NotImplementedError()
Factorize endpoint retrieval in access Change-Id: Iaace7020696b238e7829dbcae60f0bc7c74a79e4 Signed-off-by: Julien Danjou <julien@danjou.info>
2013-01-23 15:50:00 +01:00
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
@property
def tenant_id(self):
"""Synonym for project_id """
return self.project_id
@property
def project_domain_id(self):
"""Returns the domain id of the project associated with the
authentication request.
For v2, it always returns 'default' which maybe different from the
keystone configuration.
:returns: str
"""
raise NotImplementedError()
Factorize endpoint retrieval in access Change-Id: Iaace7020696b238e7829dbcae60f0bc7c74a79e4 Signed-off-by: Julien Danjou <julien@danjou.info>
2013-01-23 15:50:00 +01:00
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
@property
def auth_url(self):
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
"""Returns a tuple of URLs from publicURL and adminURL for the service
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
'identity' from the service catalog associated with the authorization
request. If the authentication request wasn't scoped to a tenant
(project), this property will return None.
:returns: tuple of urls
"""
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
raise NotImplementedError()
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
@property
def management_url(self):
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
"""Returns the first adminURL for 'identity' from the service catalog
removing repeat attempt at authorization in client blueprint solidify-python-api * extended and updated documentation strings * updated README.rst with latest options * made debug a pass-through value, optionally set on client (instead of just being pulled from environment variable) * adding AccessInfo object and associated tests (access.AccessInfo meant to be a cacheable object external to client and ultimately to replace service_catalog and it's existing functionality) * extending authtoken to support lists of endpoints * maintaining a single entity for client.management_url with first from list of possible endpoints * create project_name and project_id synonyms to match tenant_name and tenant_id * replacing authenticate call to a pure method, not overloading the resource/manager path that confuses base URL concepts. * throw AuthorizationFailure if client attempts to access keystone resources before it has a management url * special case listing tenant using auth_url for unscoped tokens authorized through client * special case listing tokens.authenticate for Dashboard to allow unscoped tokens to hand back parity information to dashboard Change-Id: I4bb3a1b6a5ce2c4b3fbcebeb59116286cac8b2e3
2012-10-13 00:15:39 +00:00
associated with the authorization request, or None if the
authentication request wasn't scoped to a tenant (project).
:returns: tuple of urls
"""
Implements v3 auth client. Added support for domain scoping. Enhancement on AccessInfo to support reading v2/v3 token information. Enhancement on ServiceCatalog for reading/filtering v2/v3 service catalog information. Change-Id: Ibb678b9933d3673e37d0fba857a152a3c5d2b4f4
2013-02-13 22:52:05 -06:00
raise NotImplementedError()
@property
def version(self):
"""Returns the version of the auth token from identity service.
:returns: str
"""
return self.get('version')
class AccessInfoV2(AccessInfo):
"""An object for encapsulating a raw v2 auth token from identity
service.
"""
def __init__(self, *args, **kwargs):
super(AccessInfo, self).__init__(*args, **kwargs)
self.update(version='v2.0')
self.service_catalog = service_catalog.ServiceCatalog.factory(
resource_dict=self,
token=self['token']['id'],
region_name=self.get('region_name'))
@classmethod
def is_valid(cls, body, **kwargs):
if body:
return 'access' in body
elif kwargs:
return kwargs.get('version') == 'v2.0'
else:
return False
def has_service_catalog(self):
return 'serviceCatalog' in self
@property
def auth_token(self):
return self['token']['id']
@property
def expires(self):
return timeutils.parse_isotime(self['token']['expires'])
@property
def username(self):
return self['user'].get('name', self['user'].get('username'))
@property
def user_id(self):
return self['user']['id']
@property
def user_domain_id(self):
return 'default'
@property
def domain_name(self):
return None
@property
def domain_id(self):
return None
@property
def project_name(self):
tenant_dict = self['token'].get('tenant', None)
if tenant_dict:
return tenant_dict.get('name', None)
@property
def scoped(self):
if ('serviceCatalog' in self
and self['serviceCatalog']
and 'tenant' in self['token']):
return True
return False
@property
def project_scoped(self):
return 'tenant' in self['token']
@property
def domain_scoped(self):
return False
@property
def project_id(self):
tenant_dict = self['token'].get('tenant', None)
if tenant_dict:
return tenant_dict.get('id', None)
return None
@property
def project_domain_id(self):
if self.project_id:
return 'default'
@property
def auth_url(self):
if self.service_catalog:
return self.service_catalog.get_urls(service_type='identity',
endpoint_type='publicURL')
else:
return None
@property
def management_url(self):
if self.service_catalog:
return self.service_catalog.get_urls(service_type='identity',
endpoint_type='adminURL')
else:
return None
class AccessInfoV3(AccessInfo):
"""An object for encapsulating a raw v3 auth token from identity
service.
"""
def __init__(self, token, *args, **kwargs):
super(AccessInfo, self).__init__(*args, **kwargs)
self.update(version='v3')
self.service_catalog = service_catalog.ServiceCatalog.factory(
resource_dict=self,
token=token,
region_name=self.get('region_name'))
if token:
self.update(auth_token=token)
@classmethod
def is_valid(cls, body, **kwargs):
if body:
return 'token' in body
elif kwargs:
return kwargs.get('version') == 'v3'
else:
return False
def has_service_catalog(self):
return 'catalog' in self
@property
def auth_token(self):
return self['auth_token']
@property
def expires(self):
return timeutils.parse_isotime(self['expires_at'])
@property
def user_id(self):
return self['user']['id']
@property
def user_domain_id(self):
return self['user']['domain']['id']
@property
def username(self):
return self['user']['name']
@property
def domain_name(self):
domain = self.get('domain')
if domain:
return domain['name']
@property
def domain_id(self):
domain = self.get('domain')
if domain:
return domain['id']
@property
def project_id(self):
project = self.get('project')
if project:
return project['id']
@property
def project_domain_id(self):
project = self.get('project')
if project:
return project['domain']['id']
@property
def project_name(self):
project = self.get('project')
if project:
return project['name']
@property
def scoped(self):
return ('catalog' in self and self['catalog'] and 'project' in self)
@property
def project_scoped(self):
return 'project' in self
@property
def domain_scoped(self):
return 'domain' in self
@property
def auth_url(self):
if self.service_catalog:
return self.service_catalog.get_urls(service_type='identity',
endpoint_type='public')
else:
return None
@property
def management_url(self):
if self.service_catalog:
return self.service_catalog.get_urls(service_type='identity',
endpoint_type='admin')
else:
return None
Copy Permalink