summaryrefslogtreecommitdiff
path: root/keystoneclient/auth
diff options
context:
space:
mode:
authorJamie Lennox <jamielennox@redhat.com>2014-12-22 10:45:04 +1000
committerJamie Lennox <jamielennox@redhat.com>2015-02-04 06:42:45 +1100
commit59cdbe8ed474dee9749ef8219aead5e20b91de69 (patch)
tree7fe5452cce2038803164fe8b80081e81fa3dcf2c /keystoneclient/auth
parentcef7775cda6d4113171ff713ee36b93731b89242 (diff)
downloadpython-keystoneclient-59cdbe8ed474dee9749ef8219aead5e20b91de69.tar.gz
Basic AccessInfo plugin
Generally we want people to use the existing plugins to manage their authentication, however there are a number of existing services that know how to work with an AccessInfo object directly and either cache it or manipulate it manually. Provide a simple Identity plugin that just takes an existing AccessInfo and allows it to be used as an authentication plugin. Change-Id: I388283c03a0a8a3d1afe43138eebbe5e66ca9102
Diffstat (limited to 'keystoneclient/auth')
-rw-r--r--keystoneclient/auth/identity/access.py47
1 files changed, 47 insertions, 0 deletions
diff --git a/keystoneclient/auth/identity/access.py b/keystoneclient/auth/identity/access.py
new file mode 100644
index 0000000..46df3bf
--- /dev/null
+++ b/keystoneclient/auth/identity/access.py
@@ -0,0 +1,47 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneclient.auth.identity import base
+from keystoneclient import utils
+
+
+class AccessInfoPlugin(base.BaseIdentityPlugin):
+ """A plugin that turns an existing AccessInfo object into a usable plugin.
+
+ There are cases where reuse of an auth_ref or AccessInfo object is
+ warranted such as from a cache, from auth_token middleware, or another
+ source.
+
+ Turn the existing access info object into an identity plugin. This plugin
+ cannot be refreshed as the AccessInfo object does not contain any
+ authorizing information.
+
+ :param auth_ref: the existing AccessInfo object.
+ :type auth_ref: keystoneclient.access.AccessInfo
+ :param auth_url: the url where this AccessInfo was retrieved from. Required
+ if using the AUTH_INTERFACE with get_endpoint. (optional)
+ """
+
+ @utils.positional()
+ def __init__(self, auth_ref, auth_url=None):
+ super(AccessInfoPlugin, self).__init__(auth_url=auth_url,
+ reauthenticate=False)
+ self.auth_ref = auth_ref
+
+ def get_auth_ref(self, session, **kwargs):
+ return self.auth_ref
+
+ def invalidate(self):
+ # NOTE(jamielennox): Don't allow the default invalidation to occur
+ # because on next authentication request we will only get the same
+ # auth_ref object again.
+ return False