The keystone.token.core Module

Main entry point into the Token service.

class keystone.token.core.Driver

Bases: object

Interface description for a Token driver.

create_token(token_id, data)

Create a token by id and data.

Parameters:
  • token_id (string) – identity of the token
  • data – dictionary with additional reference information
{
    expires=''
    id=token_id,
    user=user_ref,
    tenant=tenant_ref,
    metadata=metadata_ref
}
Returns:token_ref or None.
delete_token(token_id)

Deletes a token by id.

Parameters:token_id (string) – identity of the token
Returns:None.
Raises :keystone.exception.TokenNotFound
get_token(token_id)

Get a token by id.

Parameters:token_id (string) – identity of the token
Returns:token_ref
Raises :keystone.exception.TokenNotFound
list_revoked_tokens()

Returns a list of all revoked tokens

Returns:list of token_id’s
list_tokens(user_id, tenant_id=None, trust_id=None)

Returns a list of current token_id’s for a user

Parameters:
  • user_id (string) – identity of the user
  • tenant_id (string) – identity of the tenant
  • trust_id (string) – identified of the trust
Returns:

list of token_id’s

class keystone.token.core.Manager(*args, **kwargs)

Bases: keystone.common.manager.Manager

Default pivot point for the Token backend.

See keystone.common.manager.Manager for more details on how this dynamically calls the backend.

keystone.token.core.default_expire_time()

Determine when a fresh token should expire.

Expiration time varies based on configuration (see [token] expiration).

Returns:a naive UTC datetime.datetime object
keystone.token.core.unique_id(token_id)

Return a unique ID for a token.

The returned value is useful as the primary key of a database table, memcache store, or other lookup table.

Returns:Given a PKI token, returns it’s hashed value. Otherwise, returns the passed-in value (such as a UUID token ID or an existing hash).
keystone.token.core.validate_auth_info(self, context, user_ref, tenant_ref)

Validate user and tenant auth info.

Validate the user and tenant auth into in order to ensure that user and tenant information is valid and not disabled.

Consolidate the checks here to ensure consistency between token auth and ec2 auth.

Params context:keystone’s request context
Params user_ref:
 the authenticating user
Params tenant_ref:
 the scope of authorization, if any
Raises Unauthorized:
 if any of the user, user’s domain, tenant or tenant’s domain are either disabled or otherwise invalid

Previous topic

The keystone.token.controllers Module

Next topic

The keystone.token.routers Module

This Page