diff options
| author | Jamie Lennox <jamielennox@redhat.com> | 2014-12-22 10:45:04 +1000 |
|---|---|---|
| committer | Jamie Lennox <jamielennox@redhat.com> | 2015-02-04 06:42:45 +1100 |
| commit | 59cdbe8ed474dee9749ef8219aead5e20b91de69 (patch) | |
| tree | 7fe5452cce2038803164fe8b80081e81fa3dcf2c /keystoneclient/auth | |
| parent | cef7775cda6d4113171ff713ee36b93731b89242 (diff) | |
| download | python-keystoneclient-59cdbe8ed474dee9749ef8219aead5e20b91de69.tar.gz | |
Basic AccessInfo plugin
Generally we want people to use the existing plugins to manage their
authentication, however there are a number of existing services that
know how to work with an AccessInfo object directly and either cache it
or manipulate it manually.
Provide a simple Identity plugin that just takes an existing AccessInfo
and allows it to be used as an authentication plugin.
Change-Id: I388283c03a0a8a3d1afe43138eebbe5e66ca9102
Diffstat (limited to 'keystoneclient/auth')
| -rw-r--r-- | keystoneclient/auth/identity/access.py | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/keystoneclient/auth/identity/access.py b/keystoneclient/auth/identity/access.py new file mode 100644 index 0000000..46df3bf --- /dev/null +++ b/keystoneclient/auth/identity/access.py @@ -0,0 +1,47 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystoneclient.auth.identity import base +from keystoneclient import utils + + +class AccessInfoPlugin(base.BaseIdentityPlugin): + """A plugin that turns an existing AccessInfo object into a usable plugin. + + There are cases where reuse of an auth_ref or AccessInfo object is + warranted such as from a cache, from auth_token middleware, or another + source. + + Turn the existing access info object into an identity plugin. This plugin + cannot be refreshed as the AccessInfo object does not contain any + authorizing information. + + :param auth_ref: the existing AccessInfo object. + :type auth_ref: keystoneclient.access.AccessInfo + :param auth_url: the url where this AccessInfo was retrieved from. Required + if using the AUTH_INTERFACE with get_endpoint. (optional) + """ + + @utils.positional() + def __init__(self, auth_ref, auth_url=None): + super(AccessInfoPlugin, self).__init__(auth_url=auth_url, + reauthenticate=False) + self.auth_ref = auth_ref + + def get_auth_ref(self, session, **kwargs): + return self.auth_ref + + def invalidate(self): + # NOTE(jamielennox): Don't allow the default invalidation to occur + # because on next authentication request we will only get the same + # auth_ref object again. + return False |