keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

receipt_model.py
Go to the documentation of this file.
1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
2 # not use this file except in compliance with the License. You may obtain
3 # a copy of the License at
4 #
5 # http://www.apache.org/licenses/LICENSE-2.0
6 #
7 # Unless required by applicable law or agreed to in writing, software
8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10 # License for the specific language governing permissions and limitations
11 # under the License.
12 
13 """Unified in-memory receipt model."""
14 
15 from oslo_log import log
16 from oslo_serialization import msgpackutils
17 from oslo_utils import reflection
18 
19 from keystone.auth import core
20 from keystone.common import cache
21 from keystone.common import provider_api
22 from keystone import exception
23 from keystone.identity.backends import resource_options as ro
24 
25 LOG = log.getLogger(__name__)
26 PROVIDERS = provider_api.ProviderAPIs
27 
28 
29 class ReceiptModel(object):
30  """An object that represents a receipt emitted by keystone.
31 
32  This is a queryable object that other parts of keystone can use to reason
33  about a user's receipt.
34  """
35 
36  def __init__(self):
37  self.user_id = None
38  self.__user = None
39  self.__user_domain = None
40 
41  self.methods = None
42  self.__required_methods = None
43 
44  self.__expires_at = None
45  self.__issued_at = None
46 
47  def __repr__(self):
48  """Return string representation of KeystoneReceipt."""
49  desc = ('<%(type)s at %(loc)s>')
50  self_cls_name = reflection.get_class_name(self, fully_qualified=False)
51  return desc % {'type': self_cls_name, 'loc': hex(id(self))}
52 
53  @property
54  def expires_at(self):
55  return self.__expires_at
56 
57  @expires_at.setter
58  def expires_at(self, value):
59  if not isinstance(value, str):
60  raise ValueError('expires_at must be a string.')
61  self.__expires_at = value
62 
63  @property
64  def issued_at(self):
65  return self.__issued_at
66 
67  @issued_at.setter
68  def issued_at(self, value):
69  if not isinstance(value, str):
70  raise ValueError('issued_at must be a string.')
71  self.__issued_at = value
72 
73  @property
74  def user(self):
75  if not self.__user:
76  if self.user_id:
77  self.__user = PROVIDERS.identity_api.get_user(self.user_id)
78  return self.__user
79 
80  @property
81  def user_domain(self):
82  if not self.__user_domain:
83  if self.user:
84  self.__user_domain = PROVIDERS.resource_api.get_domain(
85  self.user['domain_id']
86  )
87  return self.__user_domain
88 
89  @property
90  def required_methods(self):
91  if not self.__required_methods:
92  mfa_rules = self.user['options'].get(
93  ro.MFA_RULES_OPT.option_name, [])
94  rules = core.UserMFARulesValidator._parse_rule_structure(
95  mfa_rules, self.user_id)
96  methods = set(self.methods)
97  active_methods = set(core.AUTH_METHODS.keys())
98 
99  required_auth_methods = []
100  for r in rules:
101  r_set = set(r).intersection(active_methods)
102  if r_set.intersection(methods):
103  required_auth_methods.append(list(r_set))
104 
105  self.__required_methods = required_auth_methods
106 
107  return self.__required_methods
108 
109  def mint(self, receipt_id, issued_at):
110  """Set the ``id`` and ``issued_at`` attributes of a receipt.
111 
112  The process of building a Receipt requires setting attributes about the
113  partial authentication context, like ``user_id`` and ``methods`` for
114  example. Once a Receipt object accurately represents this information
115  it should be "minted". Receipt are minted when they get an ``id``
116  attribute and their creation time is recorded.
117  """
118  self.id = receipt_id
119  self.issued_at = issued_at
120 
121 
122 class _ReceiptModelHandler(object):
123  identity = 125
124  handles = (ReceiptModel,)
125 
126  def __init__(self, registry):
127  self._registry = registry
128 
129  def serialize(self, obj):
130  serialized = msgpackutils.dumps(obj.__dict__, registry=self._registry)
131  return serialized
132 
133  def deserialize(self, data):
134  receipt_data = msgpackutils.loads(data, registry=self._registry)
135  try:
136  receipt_model = ReceiptModel()
137  for k, v in iter(receipt_data.items()):
138  setattr(receipt_model, k, v)
139  except Exception:
140  LOG.debug(
141  "Failed to deserialize ReceiptModel. Data is %s", receipt_data
142  )
144  ReceiptModel.__name__, receipt_data
145  )
146  return receipt_model
147 
148 
149 cache.register_model_handler(_ReceiptModelHandler)
keystone.models.receipt_model.ReceiptModel.required_methods
def required_methods(self)
Definition: receipt_model.py:90
keystone.models.receipt_model._ReceiptModelHandler.deserialize
def deserialize(self, data)
Definition: receipt_model.py:133
keystone.models.receipt_model.ReceiptModel.methods
methods
Definition: receipt_model.py:41
keystone.models.receipt_model.ReceiptModel.__expires_at
__expires_at
Definition: receipt_model.py:44
keystone.auth
Definition: __init__.py:1
keystone.models.receipt_model.ReceiptModel
Definition: receipt_model.py:29
keystone.models.receipt_model._ReceiptModelHandler
Definition: receipt_model.py:122
keystone.models.receipt_model._ReceiptModelHandler._registry
_registry
Definition: receipt_model.py:127
keystone.models.receipt_model.ReceiptModel.mint
def mint(self, receipt_id, issued_at)
Definition: receipt_model.py:109
keystone.models.receipt_model.ReceiptModel.__init__
def __init__(self)
Definition: receipt_model.py:36
keystone.models.receipt_model.ReceiptModel.__user
__user
Definition: receipt_model.py:38
keystone.models.receipt_model._ReceiptModelHandler.serialize
def serialize(self, obj)
Definition: receipt_model.py:129
keystone.models.receipt_model.ReceiptModel.id
id
Definition: receipt_model.py:118
keystone.models.receipt_model._ReceiptModelHandler.__init__
def __init__(self, registry)
Definition: receipt_model.py:126
keystone.exception.CacheDeserializationError
Definition: exception.py:705
keystone.models.receipt_model.ReceiptModel.user_id
user_id
Definition: receipt_model.py:37
keystone.models.receipt_model.ReceiptModel.issued_at
issued_at
Definition: receipt_model.py:119
keystone.models.receipt_model.ReceiptModel.__user_domain
__user_domain
Definition: receipt_model.py:39
keystone.models.receipt_model.ReceiptModel.expires_at
def expires_at(self)
Definition: receipt_model.py:54
keystone.models.receipt_model.ReceiptModel.__issued_at
__issued_at
Definition: receipt_model.py:45
keystone.common
Definition: __init__.py:1
keystone.identity.backends
Definition: __init__.py:1
keystone.models.receipt_model.ReceiptModel.user
def user(self)
Definition: receipt_model.py:74
keystone.models.receipt_model.ReceiptModel.__required_methods
__required_methods
Definition: receipt_model.py:42
keystone.models.receipt_model.ReceiptModel.__repr__
def __repr__(self)
Definition: receipt_model.py:47
keystone.models.receipt_model.ReceiptModel.user_domain
def user_domain(self)
Definition: receipt_model.py:81