keystone.models package¶
Submodules¶
keystone.models.receipt_model module¶
Unified in-memory receipt model.
-
class
keystone.models.receipt_model.
ReceiptModel
[source]¶ Bases:
object
An object that represents a receipt emitted by keystone.
This is a queryable object that other parts of keystone can use to reason about a user’s receipt.
-
property
expires_at
¶
-
property
issued_at
¶
-
mint
(receipt_id, issued_at)[source]¶ Set the
id
andissued_at
attributes of a receipt.The process of building a Receipt requires setting attributes about the partial authentication context, like
user_id
andmethods
for example. Once a Receipt object accurately represents this information it should be “minted”. Receipt are minted when they get anid
attribute and their creation time is recorded.
-
property
required_methods
¶
-
property
user
¶
-
property
user_domain
¶
-
property
keystone.models.revoke_model module¶
-
keystone.models.revoke_model.
is_revoked
(events, token_data)[source]¶ Check if a token matches a revocation event.
Compare a token against every revocation event. If the token matches an event in the events list, the token is revoked. If the token is compared against every item in the list without a match, it is not considered revoked from the revoke_api.
- Parameters
events – a list of RevokeEvent instances
token_data – map based on a flattened view of the token. The required fields are expires_at,`user_id`, project_id, identity_domain_id, assignment_domain_id, trust_id, trustor_id, trustee_id consumer_id and access_token_id
- Returns
True if the token matches an existing revocation event, meaning the token is revoked. False is returned if the token does not match any revocation events, meaning the token is considered valid by the revocation API.
-
keystone.models.revoke_model.
matches
(event, token_values)[source]¶ See if the token matches the revocation event.
A brute force approach to checking. Compare each attribute from the event with the corresponding value from the token. If the event does not have a value for the attribute, a match is still possible. If the event has a value for the attribute, and it does not match the token, no match is possible, so skip the remaining checks.
- Parameters
event – a RevokeEvent instance
token_values – dictionary with set of values taken from the token
- Returns
True if the token matches the revocation event, indicating the token has been revoked
keystone.models.token_model module¶
Unified in-memory token model.
-
class
keystone.models.token_model.
TokenModel
[source]¶ Bases:
object
An object that represents a token emitted by keystone.
This is a queryable object that other parts of keystone can use to reason about a user’s authentication or authorization.
-
property
access_token
¶
-
property
application_credential
¶
-
property
audit_ids
¶
-
property
domain
¶
-
property
domain_scoped
¶
-
property
expires_at
¶
-
property
issued_at
¶
-
mint
(token_id, issued_at)[source]¶ Set the
id
andissued_at
attributes of a token.The process of building a token requires setting attributes about the authentication and authorization context, like
user_id
andproject_id
for example. Once a Token object accurately represents this information it should be “minted”. Tokens are minted when they get anid
attribute and their creation time is recorded.
-
property
oauth_scoped
¶
-
property
project
¶
-
property
project_domain
¶
-
property
project_scoped
¶
-
property
roles
¶
-
property
system_scoped
¶
-
property
trust
¶
-
property
trust_project
¶
-
property
trust_project_domain
¶
-
property
trust_scoped
¶
-
property
trustee
¶
-
property
trustor
¶
-
property
unscoped
¶
-
property
user
¶
-
property
user_domain
¶
-
property