keystone.models package

Submodules

keystone.models.revoke_model module

class keystone.models.revoke_model.RevokeEvent(**kwargs)[source]

Bases: object

to_dict()[source]
keystone.models.revoke_model.blank_token_data(issued_at)[source]
keystone.models.revoke_model.build_token_values(token_data)[source]
keystone.models.revoke_model.build_token_values_v2(access, default_domain_id)[source]
keystone.models.revoke_model.is_revoked(events, token_data)[source]

Check if a token matches a revocation event.

Compare a token against every revocation event. If the token matches an event in the events list, the token is revoked. If the token is compared against every item in the list without a match, it is not considered revoked from the revoke_api.

Parameters:
  • events – a list of RevokeEvent instances
  • token_data – map based on a flattened view of the token. The required fields are expires_at,`user_id`, project_id, identity_domain_id, assignment_domain_id, trust_id, trustor_id, trustee_id consumer_id and access_token_id
Returns:

True if the token matches an existing revocation event, meaning the token is revoked. False is returned if the token does not match any revocation events, meaning the token is considered valid by the revocation API.
keystone.models.revoke_model.matches(event, token_values)[source]

See if the token matches the revocation event.

A brute force approach to checking. Compare each attribute from the event with the corresponding value from the token. If the event does not have a value for the attribute, a match is still possible. If the event has a value for the attribute, and it does not match the token, no match is possible, so skip the remaining checks.

Parameters:
  • event – a RevokeEvent instance
  • token_values – dictionary with set of values taken from the token
Returns:

True if the token matches the revocation event, indicating the token has been revoked

keystone.models.token_model module

Unified in-memory token model.

class keystone.models.token_model.KeystoneToken(token_id, token_data)[source]

Bases: dict

An in-memory representation that unifies v2 and v3 tokens.

audit_chain_id None[source]
audit_id None[source]
auth_token None[source]
bind None[source]
domain_id None[source]
domain_name None[source]
domain_scoped None[source]
expires None[source]
federation_group_ids None[source]
federation_idp_id None[source]
federation_protocol_id None[source]
is_domain None[source]
is_federated_user None[source]
issued None[source]
metadata None[source]
methods None[source]
oauth_access_token_id None[source]
oauth_consumer_id None[source]
oauth_scoped None[source]
project_domain_id None[source]
project_domain_name None[source]
project_id None[source]
project_name None[source]
project_scoped None[source]
role_ids None[source]
role_names None[source]
scoped None[source]
trust_id None[source]
trust_impersonation None[source]
trust_scoped None[source]
trustee_user_id None[source]
trustor_user_id None[source]
user_domain_id None[source]
user_domain_name None[source]
user_id None[source]
user_name None[source]

Module contents

Table Of Contents

Previous topic

keystone.middleware package

Next topic

keystone.oauth1 package

This Page

Navigation

© Copyright 2012, OpenStack Foundation. Created using Sphinx 1.2b3.