openstack/python-keystoneclient
Code Issues Proposed changes

Merge "Add support for app cred access rules header"

Browse Source
This commit is contained in:
Zuul
2019-07-10 20:15:19 +00:00
committed by Gerrit Code Review
parent 319fd1a532 147efb0469
commit 6a37e0da9b
1 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
keystoneclient/v3/tokens.py
View File

@@ -57,7 +57,8 @@ class TokenManager(object):
resp, body = self._client.get(path) resp, body = self._client.get(path)
return body return body
def get_token_data(self, token, include_catalog=True, allow_expired=False): def get_token_data(self, token, include_catalog=True, allow_expired=False,
access_rules_support=None):
"""Fetch the data about a token from the identity server. """Fetch the data about a token from the identity server.
:param str token: The ID of the token to be fetched. :param str token: The ID of the token to be fetched.
@@ -65,11 +66,18 @@ class TokenManager(object):
included in the response. included in the response.
:param allow_expired: If True the token will be validated and returned :param allow_expired: If True the token will be validated and returned
if it has already expired. if it has already expired.
:param access_rules_support: Version number indicating that the client
is capable of enforcing keystone
access rules, if unset this client
does not support access rules.
:type access_rules_support: float
:rtype: dict :rtype: dict
""" """
headers = {'X-Subject-Token': token} headers = {'X-Subject-Token': token}
if access_rules_support:
headers['OpenStack-Identity-Access-Rules'] = access_rules_support
flags = [] flags = []
url = '/auth/tokens' url = '/auth/tokens'
@@ -85,7 +93,8 @@ class TokenManager(object):
resp, body = self._client.get(url, headers=headers) resp, body = self._client.get(url, headers=headers)
return body return body
def validate(self, token, include_catalog=True, allow_expired=False): def validate(self, token, include_catalog=True, allow_expired=False,
access_rules_support=None):
"""Validate a token. """Validate a token.
:param token: The token to be validated. :param token: The token to be validated.
@@ -95,6 +104,11 @@ class TokenManager(object):
:param allow_expired: If True the token will be validated and returned :param allow_expired: If True the token will be validated and returned
if it has already expired. if it has already expired.
:type allow_expired: bool :type allow_expired: bool
:param access_rules_support: Version number indicating that the client
is capable of enforcing keystone
access rules, if unset this client
does not support access rules.
:type access_rules_support: float
:rtype: :class:`keystoneclient.access.AccessInfoV3` :rtype: :class:`keystoneclient.access.AccessInfoV3`
@@ -102,5 +116,6 @@ class TokenManager(object):
token_id = _calc_id(token) token_id = _calc_id(token)
body = self.get_token_data(token_id, body = self.get_token_data(token_id,
include_catalog=include_catalog, include_catalog=include_catalog,
allow_expired=allow_expired) allow_expired=allow_expired,
access_rules_support=access_rules_support)
return access.AccessInfo.factory(auth_token=token_id, body=body) return access.AccessInfo.factory(auth_token=token_id, body=body)