Bases: keystone.token.providers.common.BaseProvider
Issue a V2 formatted token.
Parameters: |
|
---|---|
Returns: | tuple containing the ID of the token and the token data |
Issue a V3 formatted token.
Here is where we need to detect what is given to us, and what kind of token the user is expecting. Depending on the outcome of that, we can pass all the information to be packed to the proper token format handler.
Parameters: |
|
---|---|
Returns: | tuple containing the id of the token and the token data |
Validate a V2 formatted token.
Parameters: | token_ref – reference describing the token to validate |
---|---|
Returns: | the token data |
Raises keystone.exception.Unauthorized: | |
if v3 token is used |
Validate a V3 formatted token.
Parameters: | token – a string describing the token to validate |
---|---|
Returns: | the token data |
Raises keystone.exception.Unauthorized: | |
if token format version isn’t supported |
Bases: object
Assemble the payload of a token.
Parameters: | args – whatever data should go into the payload |
---|---|
Returns: | the payload of a token |
Attempt to convert value to hex or return value.
Parameters: | value – value to attempt to convert to hex |
---|---|
Returns: | uuid value in hex or value |
Attempt to convert value to bytes or return value.
Parameters: | value – value to attempt to convert to bytes |
---|---|
Returns: | uuid value in bytes or value |
Generate uuid.hex format based on byte string.
Parameters: | uuid_byte_string – uuid string to generate from |
---|---|
Returns: | uuid hex formatted string |
Compress UUID formatted strings to bytes.
Parameters: | uuid_string – uuid string to compress to bytes |
---|---|
Returns: | a byte representation of the uuid |
Disassemble an unscoped payload into the component data.
Parameters: | payload – this variant of payload |
---|---|
Returns: | a tuple of the payloads component data |
Bases: keystone.token.providers.fernet.token_formatters.BasePayload
Assemble the payload of a domain-scoped token.
Parameters: |
|
---|---|
Returns: | the payload of a domain-scoped token |
Disassemble a payload into the component data.
Parameters: | payload – the payload of a token |
---|---|
Returns: | a tuple containing the user_id, auth methods, domain_id, expires_at_str, and audit_ids |
Bases: keystone.token.providers.fernet.token_formatters.BasePayload
Assemble the payload of a federated token.
Parameters: |
|
---|---|
Returns: | the payload of a federated token |
Validate a federated paylod.
Parameters: | token_string – a string representing the token |
---|---|
Returns: | a tuple containing the user_id, auth methods, audit_ids, and a dictionary containing federated information such as the the group IDs, the identity provider ID, the protocol ID, and the federated domain ID |
Bases: keystone.token.providers.fernet.token_formatters.BasePayload
Assemble the payload of a project-scoped token.
Parameters: |
|
---|---|
Returns: | the payload of a project-scoped token |
Disassemble a payload into the component data.
Parameters: | payload – the payload of a token |
---|---|
Returns: | a tuple containing the user_id, auth methods, project_id, expires_at_str, and audit_ids |
Bases: object
Packs and unpacks payloads into tokens for transport.
Given a set of payload attributes, generate a Fernet token.
Return a cryptography instance.
You can extend this class with a custom crypto @property to provide your own token encoding / decoding. For example, using a different cryptography library (e.g. python-keyczar) or to meet arbitrary security requirements.
This @property just needs to return an object that implements encrypt(plaintext) and decrypt(ciphertext).
Bases: keystone.token.providers.fernet.token_formatters.BasePayload
Assemble the payload of a trust-scoped token.
Parameters: |
|
---|---|
Returns: | the payload of a trust-scoped token |
Validate a trust-based payload.
Parameters: | token_string – a string representing the token |
---|---|
Returns: | a tuple containing the user_id, auth methods, project_id, expires_at_str, audit_ids, and trust_id |
Bases: keystone.token.providers.fernet.token_formatters.BasePayload
Assemble the payload of an unscoped token.
Parameters: |
|
---|---|
Returns: | the payload of an unscoped token |
Disassemble an unscoped payload into the component data.
Parameters: | payload – the payload of an unscoped token |
---|---|
Returns: | a tuple containing the user_id, auth methods, expires_at, and audit_ids |
If the configured key directory does not exist, attempt to create it.
Create a key repository and bootstrap it with a key.
Parameters: |
|
---|
Load keys from disk into a list.
The first key in the list is the primary key used for encryption. All other keys are active secondary keys that can be used for decrypting tokens.
Create a new primary key and revoke excess active keys.
Parameters: |
|
---|
Key rotation utilizes the following behaviors:
This strategy allows you to safely perform rotation on one node in a cluster, before syncing the results of the rotation to all other nodes (during both key rotation and synchronization, all nodes must recognize all primary keys).