diff options
author | Zuul <zuul@review.opendev.org> | 2019-07-10 20:15:19 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2019-07-10 20:15:19 +0000 |
commit | 6a37e0da9b7db0d14f35408be9753b48b2a3923a (patch) | |
tree | b9f8c14efb79d02aebc14140c6ca8eed877501c4 | |
parent | 319fd1a5321cb4271969886beed82c975b80d024 (diff) | |
parent | 147efb0469734f793e917641649fd24bb9da317f (diff) | |
download | python-keystoneclient-6a37e0da9b7db0d14f35408be9753b48b2a3923a.tar.gz |
Merge "Add support for app cred access rules header"
-rw-r--r-- | keystoneclient/v3/tokens.py | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/keystoneclient/v3/tokens.py b/keystoneclient/v3/tokens.py index 6e6fffd..7e0cb07 100644 --- a/keystoneclient/v3/tokens.py +++ b/keystoneclient/v3/tokens.py @@ -57,7 +57,8 @@ class TokenManager(object): resp, body = self._client.get(path) return body - def get_token_data(self, token, include_catalog=True, allow_expired=False): + def get_token_data(self, token, include_catalog=True, allow_expired=False, + access_rules_support=None): """Fetch the data about a token from the identity server. :param str token: The ID of the token to be fetched. @@ -65,11 +66,18 @@ class TokenManager(object): included in the response. :param allow_expired: If True the token will be validated and returned if it has already expired. + :param access_rules_support: Version number indicating that the client + is capable of enforcing keystone + access rules, if unset this client + does not support access rules. + :type access_rules_support: float :rtype: dict """ headers = {'X-Subject-Token': token} + if access_rules_support: + headers['OpenStack-Identity-Access-Rules'] = access_rules_support flags = [] url = '/auth/tokens' @@ -85,7 +93,8 @@ class TokenManager(object): resp, body = self._client.get(url, headers=headers) return body - def validate(self, token, include_catalog=True, allow_expired=False): + def validate(self, token, include_catalog=True, allow_expired=False, + access_rules_support=None): """Validate a token. :param token: The token to be validated. @@ -95,6 +104,11 @@ class TokenManager(object): :param allow_expired: If True the token will be validated and returned if it has already expired. :type allow_expired: bool + :param access_rules_support: Version number indicating that the client + is capable of enforcing keystone + access rules, if unset this client + does not support access rules. + :type access_rules_support: float :rtype: :class:`keystoneclient.access.AccessInfoV3` @@ -102,5 +116,6 @@ class TokenManager(object): token_id = _calc_id(token) body = self.get_token_data(token_id, include_catalog=include_catalog, - allow_expired=allow_expired) + allow_expired=allow_expired, + access_rules_support=access_rules_support) return access.AccessInfo.factory(auth_token=token_id, body=body) |