BaseAuthPlugin

The base class for an authenticator. A plugin must define the get_token, get_endpoint, and get_versions methods. The simpliest example would be something that is just given such as:

class SimpleAuthenticator(base.BaseAuthPlugin):
    def __init__(self, token, endpoint, versions):
        super(SimpleAuthenticator, self).__init__()
        self.token = token
        self.endpoint = endpoint
        self.versions = versions

    def get_token(self, transport, **kwargs):
        return self.token

    def get_endpoint(self, transport, service, **kwargs):
        return self.endpoint

    def get_versions(self, transport, service, **kwargs):
        return self.versions

Connection Object

class openstack.auth.base.BaseAuthPlugin
get_token(transport, **kwargs)

Obtain a token.

How the token is obtained is up to the authenticator. If it is still valid it may be re-used, retrieved from cache or invoke an authentication request against a server.

There are no required kwargs. They are implementation specific to an authenticator.

An authenticator may raise an exception if it fails to retrieve a token.

Parameters:transport (Transport) – A transport object so the authenticator can make HTTP calls.
Return string:A token to use.
get_endpoint(transport, service, **kwargs)

Return an endpoint for the client.

There are no required keyword arguments to get_endpoint as an authenticator should use best effort with the information available to determine the endpoint.

Parameters:
  • transport (Transport) – Authenticator may need to make HTTP calls.
  • service (ServiceFilter) – Filter to identify the desired service.
Returns string:

The base URL that will be used to talk to the required service or None if not available.

get_versions(transport, service, **kwargs)

Return the valid versions for the given service.

Parameters:
  • transport (Transport) – Authenticator may need to make HTTP calls.
  • service (ServiceFilter) – Filter to identify the desired service.
Returns list:

Returns list of versions that match the filter.

invalidate()

Invalidate the current authentication data.

This should result in fetching a new token on next call.

A plugin may be invalidated if an Unauthorized HTTP response is returned to indicate that the token may have been revoked or is otherwise now invalid.

Returns bool:True if there was something that the plugin did to invalidate. This means that it makes sense to try again. If nothing happens returns False to indicate give up.

Table Of Contents

Previous topic

Transport

Next topic

Identity Base Authorization Plugin

This Page