keystoneauth1.access.access module

class keystoneauth1.access.access.AccessInfo(body: dict[str, Any], auth_token: str | None = None)

Bases: object

Encapsulates a raw authentication token from keystone.

Provides helper methods for extracting useful values from that token.

__annotations__ = {'_data': typing.Any, '_service_catalog': 'ty.Optional[service_catalog.ServiceCatalog]', '_service_catalog_class': typing.Type[keystoneauth1.access.service_catalog.ServiceCatalog], '_service_providers': 'ty.Optional[service_providers.ServiceProviders]'}

__dict__ = mappingproxy({'__module__': 'keystoneauth1.access.access', '__firstlineno__': 54, '__annotations__': {'_service_catalog_class': typing.Type[keystoneauth1.access.service_catalog.ServiceCatalog], '_data': typing.Any, '_service_catalog': 'ty.Optional[service_catalog.ServiceCatalog]', '_service_providers': 'ty.Optional[service_providers.ServiceProviders]'}, '__doc__': 'Encapsulates a raw authentication token from keystone.\n\nProvides helper methods for extracting useful values from that token.\n', '__init__': <function AccessInfo.__init__>, 'service_catalog': <property object>, 'will_expire_soon': <function AccessInfo.will_expire_soon>, 'has_service_catalog': <function AccessInfo.has_service_catalog>, 'auth_token': <property object>, 'expires': <property object>, 'issued': <property object>, 'username': <property object>, 'user_id': <property object>, 'user_domain_id': <property object>, 'user_domain_name': <property object>, 'role_ids': <property object>, 'role_names': <property object>, 'domain_name': <property object>, 'domain_id': <property object>, 'project_name': <property object>, 'tenant_name': <property object>, 'scoped': <property object>, 'project_scoped': <property object>, 'domain_scoped': <property object>, 'system_scoped': <property object>, 'trust_id': <property object>, 'trust_scoped': <property object>, 'trustee_user_id': <property object>, 'trustor_user_id': <property object>, 'project_id': <property object>, 'tenant_id': <property object>, 'project_domain_id': <property object>, 'project_domain_name': <property object>, 'oauth_access_token_id': <property object>, 'oauth_consumer_id': <property object>, 'is_federated': <property object>, 'is_admin_project': <property object>, 'audit_id': <property object>, 'audit_chain_id': <property object>, 'initial_audit_id': <property object>, 'service_providers': <property object>, 'bind': <property object>, 'project_is_domain': <property object>, '__static_attributes__': ('_auth_token', '_data', '_service_catalog', '_service_providers'), '__dict__': <attribute '__dict__' of 'AccessInfo' objects>, '__weakref__': <attribute '__weakref__' of 'AccessInfo' objects>})

__doc__ = 'Encapsulates a raw authentication token from keystone.\n\nProvides helper methods for extracting useful values from that token.\n'

__firstlineno__ = 54

__init__(body: dict[str, Any], auth_token: str | None = None)

__module__ = 'keystoneauth1.access.access'

__static_attributes__ = ('_auth_token', '_data', '_service_catalog', '_service_providers')

__weakref__

list of weak references to the object

_data: Any

_service_catalog: ServiceCatalog | None

_service_catalog_class: Type[ServiceCatalog]

_service_providers: ServiceProviders | None

property audit_chain_id: str | None

Return the audit chain ID if present.

In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.

Returns:

str or None.

property audit_id: str | None

Return the audit ID if present.

Returns:

str or None.

property auth_token: str | None

Return the token_id associated with the auth request.

To be used in headers for authenticating OpenStack API requests.

Returns:

str

property bind: dict[str, Any] | None

Information about external mechanisms the token is bound to.

If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.

Returns:

A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.

property domain_id: str | None

Return the domain id associated with the auth request.

Returns:

str or None (if no domain associated with the token)

property domain_name: str | None

Return the domain name associated with the auth request.

Returns:

str or None (if no domain associated with the token)

property domain_scoped: bool

Return true if the auth token was scoped to a domain.

Returns:

bool

property expires: datetime | None

Return the token expiration (as datetime object).

Returns:

datetime

has_service_catalog() → bool

Return true if the auth token has a service catalog.

Returns:

boolean

property initial_audit_id: str | None

The audit ID of the initially requested token.

This is the audit_chain_id if present or the audit_id.

property is_admin_project: bool

Return true if the current project scope is the admin project.

For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.

:returns boolean

property is_federated: bool

Return true if federation was used to get the token.

Returns:

boolean

property issued: datetime | None

Return the token issue time (as datetime object).

Returns:

datetime

property oauth_access_token_id: str | None

Return the access token ID if OAuth authentication used.

Returns:

str or None.

property oauth_consumer_id: str | None

Return the consumer ID if OAuth authentication used.

Returns:

str or None.

property project_domain_id: str | None

Return the project’s domain id associated with the auth request.

Returns:

str

property project_domain_name: str | None

Return the project’s domain name associated with the auth request.

Returns:

str

property project_id: str | None

Return the project ID associated with the auth request.

This returns None if the auth token wasn’t scoped to a project.

Returns:

str or None (if no project associated with the token)

property project_is_domain: bool | None

Return if a project act as a domain.

Returns:

bool

property project_name: str | None

Return the project name associated with the auth request.

Returns:

str or None (if no project associated with the token)

property project_scoped: bool

Return true if the auth token was scoped to a tenant (project).

Returns:

bool

property role_ids: list[str] | None

Return a list of user’s role ids associated with the auth request.

Returns:

a list of strings of role ids

property role_names: list[str] | None

Return a list of user’s role names associated with the auth request.

Returns:

a list of strings of role names

property scoped: bool

Return true if the auth token was scoped.

Returns true if scoped to a tenant(project) or domain, and contains a populated service catalog.

This is deprecated, use project_scoped instead.

Returns:

bool

property service_catalog: ServiceCatalog

property service_providers: ServiceProviders | None

Return an object representing the list of trusted service providers.

Used for Keystone2Keystone federating-out.

Returns:

keystoneauth1.service_providers.ServiceProviders or None

property system_scoped: bool

Return true if the auth token was scoped to the system.

Returns:

bool

property tenant_id: str | None

Synonym for project_id.

property tenant_name: str | None

Synonym for project_name.

property trust_id: str | None

Return the trust id associated with the auth request.

Returns:

str or None (if no trust associated with the token)

property trust_scoped: bool

Return true if the auth token was scoped from a delegated trust.

The trust delegation is via the OS-TRUST v3 extension.

Returns:

bool

property trustee_user_id: str | None

Return the trustee user id associated with a trust.

Returns:

str or None (if no trust associated with the token)

property trustor_user_id: str | None

Return the trustor user id associated with a trust.

Returns:

str or None (if no trust associated with the token)

property user_domain_id: str | None

Return the user’s domain id associated with the auth request.

Returns:

str

property user_domain_name: str | None

Return the user’s domain name associated with the auth request.

Returns:

str

property user_id: str | None

Return the user id associated with the auth request.

Returns:

str

property username: str | None

Return the username associated with the auth request.

Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.

Returns:

str

will_expire_soon(stale_duration: int = 30) → bool

Determine if expiration is about to occur.

Returns:

true if expiration is within the given duration

Return type:

boolean

class keystoneauth1.access.access.AccessInfoV2(body: dict[str, Any], auth_token: str | None = None)

Bases: AccessInfo

An object for encapsulating raw v2 auth token from identity service.

__annotations__ = {'_data': <class 'keystoneauth1.access.types.TokenResponseV2'>, '_service_catalog': 'ty.Optional[service_catalog.ServiceCatalog]', '_service_catalog_class': 'ty.Type[service_catalog.ServiceCatalog]', '_service_providers': 'ty.Optional[service_providers.ServiceProviders]'}

__doc__ = 'An object for encapsulating raw v2 auth token from identity service.'

__firstlineno__ = 420

__module__ = 'keystoneauth1.access.access'

__static_attributes__ = ()

_data: TokenResponseV2

_service_catalog: ServiceCatalog | None

_service_catalog_class

alias of ServiceCatalogV2

_service_providers: ServiceProviders | None

property _token: TokenV2

property _trust: TrustV2 | None

property _user: UserV2

property audit_chain_id: str | None

Return the audit chain ID if present.

In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.

Returns:

str or None.

property audit_id: str | None

Return the audit ID if present.

Returns:

str or None.

property auth_token: str | None

Return the token_id associated with the auth request.

To be used in headers for authenticating OpenStack API requests.

Returns:

str

property bind: dict[str, Any] | None

Information about external mechanisms the token is bound to.

If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.

Returns:

A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.

property domain_id: str | None

Return the domain id associated with the auth request.

Returns:

str or None (if no domain associated with the token)

property domain_name: str | None

Return the domain name associated with the auth request.

Returns:

str or None (if no domain associated with the token)

property domain_scoped: bool

Return true if the auth token was scoped to a domain.

Returns:

bool

property expires: datetime | None

Return the token expiration (as datetime object).

Returns:

datetime

has_service_catalog() → bool

Return true if the auth token has a service catalog.

Returns:

boolean

property is_admin_project: bool

Return true if the current project scope is the admin project.

For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.

:returns boolean

property is_federated: bool

Return true if federation was used to get the token.

Returns:

boolean

property issued: datetime | None

Return the token issue time (as datetime object).

Returns:

datetime

property oauth_access_token_id: str | None

Return the access token ID if OAuth authentication used.

Returns:

str or None.

property oauth_consumer_id: str | None

Return the consumer ID if OAuth authentication used.

Returns:

str or None.

property project_domain_id: str | None

Return the project’s domain id associated with the auth request.

Returns:

str

property project_domain_name: str | None

Return the project’s domain name associated with the auth request.

Returns:

str

property project_id: str | None

Return the project ID associated with the auth request.

This returns None if the auth token wasn’t scoped to a project.

Returns:

str or None (if no project associated with the token)

property project_is_domain: bool | None

Return if a project act as a domain.

Returns:

bool

property project_name: str | None

Return the project name associated with the auth request.

Returns:

str or None (if no project associated with the token)

property role_ids: list[str] | None

Return a list of user’s role ids associated with the auth request.

Returns:

a list of strings of role ids

property role_names: list[str] | None

Return a list of user’s role names associated with the auth request.

Returns:

a list of strings of role names

property service_providers: ServiceProviders | None

Return an object representing the list of trusted service providers.

Used for Keystone2Keystone federating-out.

Returns:

keystoneauth1.service_providers.ServiceProviders or None

property system_scoped: bool

Return true if the auth token was scoped to the system.

Returns:

bool

property trust_id: str | None

Return the trust id associated with the auth request.

Returns:

str or None (if no trust associated with the token)

property trust_scoped: bool

Return true if the auth token was scoped from a delegated trust.

The trust delegation is via the OS-TRUST v3 extension.

Returns:

bool

property trustee_user_id: str | None

Return the trustee user id associated with a trust.

Returns:

str or None (if no trust associated with the token)

property trustor_user_id: str | None

Return the trustor user id associated with a trust.

Returns:

str or None (if no trust associated with the token)

property user_domain_id: str | None

Return the user’s domain id associated with the auth request.

Returns:

str

property user_domain_name: str | None

Return the user’s domain name associated with the auth request.

Returns:

str

property user_id: str | None

Return the user id associated with the auth request.

Returns:

str

property username: str | None

Return the username associated with the auth request.

Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.

Returns:

str

version = 'v2.0'

class keystoneauth1.access.access.AccessInfoV3(body: dict[str, Any], auth_token: str | None = None)

Bases: AccessInfo

An object encapsulating raw v3 auth token from identity service.

__annotations__ = {'_data': <class 'keystoneauth1.access.types.TokenResponseV3'>, '_service_catalog': 'ty.Optional[service_catalog.ServiceCatalog]', '_service_catalog_class': 'ty.Type[service_catalog.ServiceCatalog]', '_service_providers': 'ty.Optional[service_providers.ServiceProviders]'}

__doc__ = 'An object encapsulating raw v3 auth token from identity service.'

__firstlineno__ = 596

__module__ = 'keystoneauth1.access.access'

__static_attributes__ = ('_service_providers',)

property _application_credential: ApplicationCredentialV3 | None

_data: TokenResponseV3

property _domain: DomainV3 | None

property _oauth: OAuth1V3 | None

property _oauth2_credential: OAuth2V3 | None

property _project: ProjectV3 | None

property _project_domain: ProjectDomainV3 | None

_service_catalog: ServiceCatalog | None

_service_catalog_class

alias of ServiceCatalogV3

_service_providers: ServiceProviders | None

property _token: TokenV3

property _trust: TrustV3 | None

property _user: UserV3

property _user_domain: UserDomainV3

property application_credential: ApplicationCredentialV3

property application_credential_access_rules: list[ApplicationCredentialAccessRuleV3] | None

property application_credential_id: str | None

property audit_chain_id: str | None

Return the audit chain ID if present.

In the event that a token was rescoped then this ID will be the audit_id of the initial token. Returns None if no value present.

Returns:

str or None.

property audit_id: str | None

Return the audit ID if present.

Returns:

str or None.

property bind: dict[str, Any] | None

Information about external mechanisms the token is bound to.

If a token is bound to an external authentication mechanism it can only be used in conjunction with that mechanism. For example if bound to a kerberos principal it may only be accepted if there is also kerberos authentication performed on the request.

Returns:

A dictionary or None. The key will be the bind type the value is a dictionary that is specific to the format of the bind type. Returns None if there is no bind information in the token.

property domain_id: str | None

Return the domain id associated with the auth request.

Returns:

str or None (if no domain associated with the token)

property domain_name: str | None

Return the domain name associated with the auth request.

Returns:

str or None (if no domain associated with the token)

property domain_scoped: bool

Return true if the auth token was scoped to a domain.

Returns:

bool

property expires: datetime | None

Return the token expiration (as datetime object).

Returns:

datetime

has_service_catalog() → bool

Return true if the auth token has a service catalog.

Returns:

boolean

property is_admin_project: bool

Return true if the current project scope is the admin project.

For backwards compatibility purposes if there is nothing specified in the token we always assume we are in the admin project, so this will default to True.

:returns boolean

property is_federated: bool

Return true if federation was used to get the token.

Returns:

boolean

property issued: datetime | None

Return the token issue time (as datetime object).

Returns:

datetime

property oauth2_credential: OAuth2V3

property oauth2_credential_thumbprint: str | None

property oauth_access_token_id: str | None

Return the access token ID if OAuth authentication used.

Returns:

str or None.

property oauth_consumer_id: str | None

Return the consumer ID if OAuth authentication used.

Returns:

str or None.

property project_domain_id: str | None

Return the project’s domain id associated with the auth request.

Returns:

str

property project_domain_name: str | None

Return the project’s domain name associated with the auth request.

Returns:

str

property project_id: str | None

Return the project ID associated with the auth request.

This returns None if the auth token wasn’t scoped to a project.

Returns:

str or None (if no project associated with the token)

property project_is_domain: bool | None

Return if a project act as a domain.

Returns:

bool

property project_name: str | None

Return the project name associated with the auth request.

Returns:

str or None (if no project associated with the token)

property role_ids: list[str] | None

Return a list of user’s role ids associated with the auth request.

Returns:

a list of strings of role ids

property role_names: list[str] | None

Return a list of user’s role names associated with the auth request.

Returns:

a list of strings of role names

property service_providers: ServiceProviders | None

Return an object representing the list of trusted service providers.

Used for Keystone2Keystone federating-out.

Returns:

keystoneauth1.service_providers.ServiceProviders or None

property system: SystemV3 | None

property system_scoped: bool

Return true if the auth token was scoped to the system.

Returns:

bool

property trust_id: str | None

Return the trust id associated with the auth request.

Returns:

str or None (if no trust associated with the token)

property trust_scoped: bool

Return true if the auth token was scoped from a delegated trust.

The trust delegation is via the OS-TRUST v3 extension.

Returns:

bool

property trustee_user_id: str | None

Return the trustee user id associated with a trust.

Returns:

str or None (if no trust associated with the token)

property trustor_user_id: str | None

Return the trustor user id associated with a trust.

Returns:

str or None (if no trust associated with the token)

property user_domain_id: str | None

Return the user’s domain id associated with the auth request.

Returns:

str

property user_domain_name: str | None

Return the user’s domain name associated with the auth request.

Returns:

str

property user_id: str | None

Return the user id associated with the auth request.

Returns:

str

property username: str | None

Return the username associated with the auth request.

Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.

Returns:

str

version = 'v3'

keystoneauth1.access.access.create(resp: Response | None = None, body: dict[str, object] | None = None, auth_token: str | None = None) → AccessInfo