diff options
author | Brant Knudson <bknudson@us.ibm.com> | 2014-10-08 19:34:25 -0500 |
---|---|---|
committer | Brant Knudson <bknudson@us.ibm.com> | 2014-10-08 19:34:25 -0500 |
commit | d2f6a247c9f92486e61c0438d7dc3a3174e28b45 (patch) | |
tree | 848a1caf9ecb99d3a25c04917c3f38203ad35db3 /keystonemiddleware/auth_token.py | |
parent | e9477a5b0b61aa5fa9f2f9b7b106f5642506b9e7 (diff) | |
download | keystonemiddleware-d2f6a247c9f92486e61c0438d7dc3a3174e28b45.tar.gz |
Docstring cleanup
Minor cleanups for the doc strings in middleware.
Change-Id: I96058ee05645f03b6d9946f4db73b76b0a368d08
Diffstat (limited to 'keystonemiddleware/auth_token.py')
-rw-r--r-- | keystonemiddleware/auth_token.py | 45 |
1 files changed, 24 insertions, 21 deletions
diff --git a/keystonemiddleware/auth_token.py b/keystonemiddleware/auth_token.py index 8d36525..315275a 100644 --- a/keystonemiddleware/auth_token.py +++ b/keystonemiddleware/auth_token.py @@ -14,26 +14,35 @@ # limitations under the License. """ -TOKEN-BASED AUTH MIDDLEWARE +Token-based Authentication Middleware This WSGI component: * Verifies that incoming client requests have valid tokens by validating tokens with the auth service. -* Rejects unauthenticated requests UNLESS it is in 'delay_auth_decision' - mode, which means the final decision is delegated to the downstream WSGI - component (usually the OpenStack service) +* Rejects unauthenticated requests unless the auth_token middleware is in + 'delay_auth_decision' mode, which means the final decision is delegated to + the downstream WSGI component (usually the OpenStack service). * Collects and forwards identity information based on a valid token such as user name, tenant, etc Refer to: http://docs.openstack.org/developer/python-keystoneclient/ middlewarearchitecture.html -HEADERS +Run this module directly to start a protected echo service on port 8000:: + + $ python -m keystonemiddleware.auth_token + +When the ``auth_token`` module authenticates a request, the echo service +will respond with all the environment variables presented to it by this +module. + + +Headers ------- -* Headers starting with HTTP\_ is a standard http header -* Headers starting with HTTP_X is an extended http header +The auth_token middleware uses headers sent in by the client on the request +and sets headers and environment variables for the downstream WSGI component. Coming in from initial call from client or customer ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -51,8 +60,8 @@ WWW-Authenticate HTTP header returned to a user indicating which endpoint to use to retrieve a new token -What we add to the request for use by the OpenStack service -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +What auth_token adds to the request for use by the OpenStack service +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ When using composite authentication (a user and service token are present) additional service headers relating to the service user @@ -144,8 +153,11 @@ HTTP_X_ROLE *Deprecated* in favor of HTTP_X_ROLES Will contain the same values as HTTP_X_ROLES. -OTHER ENVIRONMENT VARIABLES ---------------------------- +Environment Variables +^^^^^^^^^^^^^^^^^^^^^ + +These variables are set in the request environment for use by the downstream +WSGI component. keystone.token_info Information about the token discovered in the process of @@ -582,7 +594,7 @@ class _UserAuthPlugin(base_identity.BaseIdentityPlugin): class AuthProtocol(object): - """Auth Middleware that handles authenticating client calls.""" + """Middleware that handles authenticating client calls.""" def __init__(self, app, conf): self._LOG = logging.getLogger(conf.get('log_name', __name__)) @@ -1916,15 +1928,6 @@ def app_factory(global_conf, **local_conf): if __name__ == '__main__': - """Run this module directly to start a protected echo service:: - - $ python -m keystonemiddleware.auth_token - - When the ``auth_token`` module authenticates a request, the echo service - will respond with all the environment variables presented to it by this - module. - - """ def echo_app(environ, start_response): """A WSGI application that echoes the CGI environment to the user.""" start_response('200 OK', [('Content-Type', 'application/json')]) |