keystone  18.0.0
About: OpenStack Keystone (Core Service: Identity) provides an authentication and authorization service for other OpenStack services. Provides a catalog of endpoints for all OpenStack services.
The "Victoria" series (maintained release).
  Fossies Dox: keystone-18.0.0.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

render_token.py
Go to the documentation of this file.
1 # Licensed under the Apache License, Version 2.0 (the "License"); you may
2 # not use this file except in compliance with the License. You may obtain
3 # a copy of the License at
4 #
5 # http://www.apache.org/licenses/LICENSE-2.0
6 #
7 # Unless required by applicable law or agreed to in writing, software
8 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10 # License for the specific language governing permissions and limitations
11 # under the License.
12 
13 from keystone.common import provider_api
14 import keystone.conf
15 
16 
17 CONF = keystone.conf.CONF
18 PROVIDERS = provider_api.ProviderAPIs
19 
20 
21 def render_token_response_from_model(token, include_catalog=True):
22  token_reference = {
23  'token': {
24  'methods': token.methods,
25  'user': {
26  'domain': {
27  'id': token.user_domain['id'],
28  'name': token.user_domain['name']
29  },
30  'id': token.user_id,
31  'name': token.user['name'],
32  'password_expires_at': token.user[
33  'password_expires_at'
34  ]
35  },
36  'audit_ids': token.audit_ids,
37  'expires_at': token.expires_at,
38  'issued_at': token.issued_at,
39  }
40  }
41  if token.system_scoped:
42  token_reference['token']['roles'] = token.roles
43  token_reference['token']['system'] = {'all': True}
44  elif token.domain_scoped:
45  token_reference['token']['domain'] = {
46  'id': token.domain['id'],
47  'name': token.domain['name']
48  }
49  token_reference['token']['roles'] = token.roles
50  elif token.trust_scoped:
51  token_reference['token']['OS-TRUST:trust'] = {
52  'id': token.trust_id,
53  'trustor_user': {'id': token.trustor['id']},
54  'trustee_user': {'id': token.trustee['id']},
55  'impersonation': token.trust['impersonation']
56  }
57  token_reference['token']['project'] = {
58  'domain': {
59  'id': token.project_domain['id'],
60  'name': token.project_domain['name']
61  },
62  'id': token.trust_project['id'],
63  'name': token.trust_project['name']
64  }
65  if token.trust.get('impersonation'):
66  trustor_domain = PROVIDERS.resource_api.get_domain(
67  token.trustor['domain_id']
68  )
69  token_reference['token']['user'] = {
70  'domain': {
71  'id': trustor_domain['id'],
72  'name': trustor_domain['name']
73  },
74  'id': token.trustor['id'],
75  'name': token.trustor['name'],
76  'password_expires_at': token.trustor[
77  'password_expires_at'
78  ]
79  }
80  token_reference['token']['roles'] = token.roles
81  elif token.project_scoped:
82  token_reference['token']['project'] = {
83  'domain': {
84  'id': token.project_domain['id'],
85  'name': token.project_domain['name']
86  },
87  'id': token.project['id'],
88  'name': token.project['name']
89  }
90  token_reference['token']['is_domain'] = token.project.get(
91  'is_domain', False
92  )
93  token_reference['token']['roles'] = token.roles
94  ap_name = CONF.resource.admin_project_name
95  ap_domain_name = CONF.resource.admin_project_domain_name
96  if ap_name and ap_domain_name:
97  is_ap = (
98  token.project['name'] == ap_name and
99  ap_domain_name == token.project_domain['name']
100  )
101  token_reference['token']['is_admin_project'] = is_ap
102  if include_catalog and not token.unscoped:
103  user_id = token.user_id
104  if token.trust_id:
105  user_id = token.trust['trustor_user_id']
106  catalog = PROVIDERS.catalog_api.get_v3_catalog(
107  user_id, token.project_id
108  )
109  token_reference['token']['catalog'] = catalog
110  sps = PROVIDERS.federation_api.get_enabled_service_providers()
111  if sps:
112  token_reference['token']['service_providers'] = sps
113  if token.is_federated:
114  PROVIDERS.federation_api.get_idp(token.identity_provider_id)
115  federated_dict = dict(
116  groups=token.federated_groups,
117  identity_provider={'id': token.identity_provider_id},
118  protocol={'id': token.protocol_id},
119 
120  )
121  token_reference['token']['user']['OS-FEDERATION'] = (
122  federated_dict
123  )
124  del token_reference['token']['user']['password_expires_at']
125  if token.access_token_id:
126  token_reference['token']['OS-OAUTH1'] = {
127  'access_token_id': token.access_token_id,
128  'consumer_id': token.access_token['consumer_id']
129  }
130  if token.application_credential_id:
131  key = 'application_credential'
132  token_reference['token'][key] = {}
133  token_reference['token'][key]['id'] = (
134  token.application_credential['id']
135  )
136  token_reference['token'][key]['name'] = (
137  token.application_credential['name']
138  )
139  restricted = not token.application_credential['unrestricted']
140  token_reference['token'][key]['restricted'] = restricted
141  if token.application_credential.get('access_rules'):
142  token_reference['token'][key]['access_rules'] = (
143  token.application_credential['access_rules']
144  )
145 
146  return token_reference
keystone.common.render_token.render_token_response_from_model
def render_token_response_from_model(token, include_catalog=True)
Definition: render_token.py:21
keystone.conf
Definition: __init__.py:1
keystone.common
Definition: __init__.py:1