diff options
-rw-r--r-- | doc/requirements.txt | 3 | ||||
-rw-r--r-- | keystoneclient/v3/tokens.py | 21 | ||||
-rw-r--r-- | test-requirements.txt | 5 |
3 files changed, 23 insertions, 6 deletions
diff --git a/doc/requirements.txt b/doc/requirements.txt index e557e26..7e42ea9 100644 --- a/doc/requirements.txt +++ b/doc/requirements.txt @@ -4,7 +4,8 @@ # These are needed for docs generation openstackdocstheme>=1.18.1 # Apache-2.0 -sphinx!=1.6.6,!=1.6.7,>=1.6.2 # BSD +sphinx!=1.6.6,!=1.6.7,>=1.6.2,<2.0.0;python_version=='2.7' # BSD +sphinx!=1.6.6,!=1.6.7,>=1.6.2;python_version>='3.4' # BSD reno>=2.5.0 # Apache-2.0 lxml!=3.7.0,>=3.4.1 # BSD fixtures>=3.0.0 # Apache-2.0/BSD diff --git a/keystoneclient/v3/tokens.py b/keystoneclient/v3/tokens.py index 6e6fffd..7e0cb07 100644 --- a/keystoneclient/v3/tokens.py +++ b/keystoneclient/v3/tokens.py @@ -57,7 +57,8 @@ class TokenManager(object): resp, body = self._client.get(path) return body - def get_token_data(self, token, include_catalog=True, allow_expired=False): + def get_token_data(self, token, include_catalog=True, allow_expired=False, + access_rules_support=None): """Fetch the data about a token from the identity server. :param str token: The ID of the token to be fetched. @@ -65,11 +66,18 @@ class TokenManager(object): included in the response. :param allow_expired: If True the token will be validated and returned if it has already expired. + :param access_rules_support: Version number indicating that the client + is capable of enforcing keystone + access rules, if unset this client + does not support access rules. + :type access_rules_support: float :rtype: dict """ headers = {'X-Subject-Token': token} + if access_rules_support: + headers['OpenStack-Identity-Access-Rules'] = access_rules_support flags = [] url = '/auth/tokens' @@ -85,7 +93,8 @@ class TokenManager(object): resp, body = self._client.get(url, headers=headers) return body - def validate(self, token, include_catalog=True, allow_expired=False): + def validate(self, token, include_catalog=True, allow_expired=False, + access_rules_support=None): """Validate a token. :param token: The token to be validated. @@ -95,6 +104,11 @@ class TokenManager(object): :param allow_expired: If True the token will be validated and returned if it has already expired. :type allow_expired: bool + :param access_rules_support: Version number indicating that the client + is capable of enforcing keystone + access rules, if unset this client + does not support access rules. + :type access_rules_support: float :rtype: :class:`keystoneclient.access.AccessInfoV3` @@ -102,5 +116,6 @@ class TokenManager(object): token_id = _calc_id(token) body = self.get_token_data(token_id, include_catalog=include_catalog, - allow_expired=allow_expired) + allow_expired=allow_expired, + access_rules_support=access_rules_support) return access.AccessInfo.factory(auth_token=token_id, body=body) diff --git a/test-requirements.txt b/test-requirements.txt index 873b0e6..4683c46 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7,7 +7,8 @@ flake8-docstrings==0.2.1.post1 # MIT coverage!=4.4,>=4.0 # Apache-2.0 fixtures>=3.0.0 # Apache-2.0/BSD -keyring>=5.5.1 # MIT/PSF +keyring>=5.5.1,<19.0.0;python_version=='2.7' # MIT/PSF +keyring>=5.5.1;python_version>='3.4' # MIT/PSF lxml!=3.7.0,>=3.4.1 # BSD mock>=2.0.0 # BSD oauthlib>=0.6.2 # BSD @@ -20,4 +21,4 @@ testscenarios>=0.4 # Apache-2.0/BSD testtools>=2.2.0 # MIT # Bandit security code scanner -bandit>=1.1.0 # Apache-2.0 +bandit!=1.6.0,>=1.1.0 # Apache-2.0 |