Identity Base Authorization Plugin

The base identity plugin. Identity plugins must define the authorize method. For examples of this class, see the v2 and v3 authentication plugins.

BaseIdentityPlugin Object

class openstack.auth.identity.base.BaseIdentityPlugin(auth_url=None, reauthenticate=True)

Create an identity authorization plugin.

Parameters:
  • auth_url (string) – Authorization URL
  • reauthenticate (bool) – Should the plugin attempt reauthorization.
BEST_BEFORE_SECONDS = 1

Consider a token valid if it does not expire for this many seconds

authorize(transport, **kwargs)

Obtain access information from an OpenStack Identity Service.

Thus method will authenticate and fetch a new AccessInfo when invoked.

Parameters:

transport (Transport) – A transport object for the authenticator.

Raises:
  • InvalidResponse – The response returned wasn’t appropriate.
  • HttpError – An error from an invalid HTTP response.
Returns AccessInfo:
 

Token access information.

get_token(transport, **kwargs)

Return a valid auth token.

If a valid token is not present then a new one will be fetched.

Parameters:transport (Transport) – A transport object for the authenticator.
Raises HttpError:
 An error from an invalid HTTP response.
Return string:A valid token.
get_access(transport)

Fetch or return a current AccessInfo object.

If a valid AccessInfo is present then it is returned otherwise a new one will be fetched.

Parameters:transport (Transport) – A transport object for the authenticator.
Raises HttpError:
 An error from an invalid HTTP response.
Returns AccessInfo:
 Valid AccessInfo
invalidate()

Invalidate the current authentication data.

This should result in fetching a new token on next call.

A plugin may be invalidated if an Unauthorized HTTP response is returned to indicate that the token may have been revoked or is otherwise now invalid.

Returns bool:True if there was something that the plugin did to invalidate. This means that it makes sense to try again. If nothing happens returns False to indicate give up.
get_endpoint(transport, service, **kwargs)

Return a valid endpoint for a service.

If a valid token is not present then a new one will be fetched using the transport.

Parameters:
  • transport (Transport) – A transport object for the authenticator.
  • service (ServiceFilter) – The filter to identify the desired service.
Raises HttpError:
 

An error from an invalid HTTP response.

Return string or None:
 

A valid endpoint URL or None if not available.

get_versions(transport, service, **kwargs)

Return the valid versions for the given service.

Parameters:
  • transport (Transport) – Authenticator may need to make HTTP calls.
  • service (ServiceFilter) – Filter to identify the desired service.
Returns list:

Returns list of versions that match the filter.

Table Of Contents

Previous topic

BaseAuthPlugin

Next topic

Identity v2 Authorization Plugin

This Page