Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2012 OpenStack LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License.
"""Return a unique ID for a token.
The returned value is useful as the primary key of a database table, memcache store, or other lookup table.
:returns: Given a PKI token, returns it's hashed value. Otherwise, returns the passed-in value (such as a UUID token ID or an existing hash). """
"""Determine when a fresh token should expire.
Expiration time varies based on configuration (see ``[token] expiration``).
:returns: a naive UTC datetime.datetime object
"""
"""Validate user and tenant auth info.
Validate the user and tenant auth into in order to ensure that user and tenant information is valid and not disabled.
Consolidate the checks here to ensure consistency between token auth and ec2 auth.
:params context: keystone's request context :params user_ref: the authenticating user :params tenant_ref: the scope of authorization, if any :raises Unauthorized: if any of the user, user's domain, tenant or tenant's domain are either disabled or otherwise invalid """ # If the user is disabled don't allow them to authenticate
# If the user's domain is disabled don't allow them to authenticate context, user_ref['domain_id'])
# If the project is disabled don't allow them to authenticate
# If the project's domain is disabled don't allow them to authenticate context, tenant_ref['domain_id']) not project_domain_ref.get('enabled', True)): msg = 'Domain is disabled: %s' % project_domain_ref['id'] LOG.warning(msg) raise exception.Unauthorized(msg)
"""Default pivot point for the Token backend.
See :mod:`keystone.common.manager.Manager` for more details on how this dynamically calls the backend.
"""
"""Interface description for a Token driver."""
"""Get a token by id.
:param token_id: identity of the token :type token_id: string :returns: token_ref :raises: keystone.exception.TokenNotFound
"""
"""Create a token by id and data.
:param token_id: identity of the token :type token_id: string :param data: dictionary with additional reference information
::
{ expires='' id=token_id, user=user_ref, tenant=tenant_ref, metadata=metadata_ref }
:type data: dict :returns: token_ref or None.
"""
"""Deletes a token by id.
:param token_id: identity of the token :type token_id: string :returns: None. :raises: keystone.exception.TokenNotFound
"""
"""Deletes tokens by user. If the tenant_id is not None, only delete the tokens by user id under the specified tenant. If the trust_id is not None, it will be used to query tokens and the user_id will be ignored.
:param user_id: identity of user :type user_id: string :param tenant_id: identity of the tenant :type tenant_id: string :param trust_id: identified of the trust :type trust_id: string :returns: None. :raises: keystone.exception.TokenNotFound
""" tenant_id=tenant_id, trust_id=trust_id) except exception.NotFound: pass
"""Returns a list of current token_id's for a user
:param user_id: identity of the user :type user_id: string :param tenant_id: identity of the tenant :type tenant_id: string :param trust_id: identified of the trust :type trust_id: string :returns: list of token_id's
"""
"""Returns a list of all revoked tokens
:returns: list of token_id's
"""
"""Archive or delete tokens that have expired. """ |