keystoneauth1.identity.v3.federation module

class keystoneauth1.identity.v3.federation.FederationBaseAuth(auth_url: str, identity_provider: str, protocol: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)

Bases: _Rescoped

Federation authentication plugin.

Parameters:

  • auth_url (string) – URL of the Identity Service

  • identity_provider (string) – name of the Identity Provider the client will authenticate against. This parameter will be used to build a dynamic URL used to obtain unscoped OpenStack token.

  • protocol (string) – name of the protocol the client will authenticate against.

__abstractmethods__ = frozenset({'get_unscoped_auth_ref'})
__annotations__ = {'MIN_TOKEN_LIFE_SECONDS': 'int', '_discovery_cache': 'dict[str, discover.Discover]', 'auth_ref': 'ty.Optional[access.AccessInfo]', 'auth_url': 'str', 'reauthenticate': 'bool'}
__doc__ = 'Federation authentication plugin.\n\n:param auth_url: URL of the Identity Service\n:type auth_url: string\n:param identity_provider: name of the Identity Provider the client\n                          will authenticate against. This parameter\n                          will be used to build a dynamic URL used to\n                          obtain unscoped OpenStack token.\n:type identity_provider: string\n:param protocol: name of the protocol the client will authenticate\n                 against.\n:type protocol: string\n\n'
__firstlineno__ = 95
__init__(auth_url: str, identity_provider: str, protocol: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)
__module__ = 'keystoneauth1.identity.v3.federation'
__static_attributes__ = ('identity_provider', 'protocol')
_abc_impl = <_abc._abc_data object>
_discovery_cache: dict[str, discover.Discover]
auth_ref: ty.Optional[access.AccessInfo]
auth_url: str
property federated_token_url: str

Full URL where authorization data is sent.

reauthenticate: bool
class keystoneauth1.identity.v3.federation._Rescoped(auth_url: str, *, trust_id: str | None = None, system_scope: str | None = None, domain_id: str | None = None, domain_name: str | None = None, project_id: str | None = None, project_name: str | None = None, project_domain_id: str | None = None, project_domain_name: str | None = None, reauthenticate: bool = True, include_catalog: bool = True)

Bases: BaseAuth

A plugin that is always going to go through a rescope process.

The original keystone plugins could simply pass a project or domain to along with the credentials and get a scoped token. For federation, K2K and newer mechanisms we always get an unscoped token first and then rescope.

This is currently not public as it’s generally an abstraction of a flow used by plugins within keystoneauth1.

It also cannot go in base as it depends on token.Token for rescoping which would create a circular dependency.

__abstractmethods__ = frozenset({'get_unscoped_auth_ref'})
__annotations__ = {'MIN_TOKEN_LIFE_SECONDS': 'int', '_discovery_cache': 'dict[str, discover.Discover]', 'auth_ref': 'ty.Optional[access.AccessInfo]', 'auth_url': 'str', 'reauthenticate': 'bool'}
__doc__ = "A plugin that is always going to go through a rescope process.\n\nThe original keystone plugins could simply pass a project or domain to\nalong with the credentials and get a scoped token. For federation, K2K and\nnewer mechanisms we always get an unscoped token first and then rescope.\n\nThis is currently not public as it's generally an abstraction of a flow\nused by plugins within keystoneauth1.\n\nIt also cannot go in base as it depends on token.Token for rescoping which\nwould create a circular dependency.\n"
__firstlineno__ = 24
__module__ = 'keystoneauth1.identity.v3.federation'
__static_attributes__ = ()
_abc_impl = <_abc._abc_data object>
get_auth_ref(session: Session) AccessInfoV3

Authenticate retrieve token information.

This is a multi-step process where a client does federated authn receives an unscoped token.

If an unscoped token is successfully received and scoping information is present then the token is rescoped to that target.

Parameters:

session (keystoneauth1.session.Session) – a session object to send out HTTP requests.

Returns:

a token data representation

Return type:

keystoneauth1.access.AccessInfo

abstract get_unscoped_auth_ref(session: Session) AccessInfoV3

Fetch unscoped federated token.

rescoping_plugin

alias of Token