Main entry point into the Token service.
Bases: object
Interface description for a Token driver.
Create a token by id and data.
Parameters: |
|
---|
{
expires=''
id=token_id,
user=user_ref,
tenant=tenant_ref,
metadata=metadata_ref
}
Returns: | token_ref or None. |
---|
Deletes a token by id.
Parameters: | token_id (string) – identity of the token |
---|---|
Returns: | None. |
Raises : | keystone.exception.TokenNotFound |
Get a token by id.
Parameters: | token_id (string) – identity of the token |
---|---|
Returns: | token_ref |
Raises : | keystone.exception.TokenNotFound |
Returns a list of all revoked tokens
Returns: | list of token_id’s |
---|
Returns a list of current token_id’s for a user
Parameters: | user_id (string) – identity of the user |
---|---|
Returns: | list of token_id’s |
Invalidates all tokens held by a user (optionally for a tenant).
Raises : | keystone.exception.UserNotFound, keystone.exception.ProjectNotFound |
---|
Bases: keystone.common.manager.Manager
Default pivot point for the Token backend.
See keystone.common.manager.Manager for more details on how this dynamically calls the backend.
Invalidates all tokens held by a user (optionally for a tenant).
If a specific tenant ID is not provided, all tokens held by user will be revoked.
Determine when a fresh token should expire.
Expiration time varies based on configuration (see [token] expiration).
Returns: | a naive UTC datetime.datetime object |
---|
Return a unique ID for a token.
The returned value is useful as the primary key of a database table, memcache store, or other lookup table.
Returns: | Given a PKI token, returns it’s hashed value. Otherwise, returns the passed-in value (such as a UUID token ID or an existing hash). |
---|
Validate user and tenant auth info.
Validate the user and tenant auth into in order to ensure that user and tenant information is valid and not disabled.
Consolidate the checks here to ensure consistency between token auth and ec2 auth.
Params context: | keystone’s request context |
---|---|
Params user_ref: | |
the authenticating user | |
Params tenant_ref: | |
the scope of authorization, if any | |
Raises Unauthorized: | |
if any of the user, user’s domain, tenant or tenant’s domain are either disabled or otherwise invalid |