summaryrefslogtreecommitdiff
path: root/keystoneclient/v3/tokens.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystoneclient/v3/tokens.py')
-rw-r--r--keystoneclient/v3/tokens.py21
1 files changed, 18 insertions, 3 deletions
diff --git a/keystoneclient/v3/tokens.py b/keystoneclient/v3/tokens.py
index 6e6fffd..7e0cb07 100644
--- a/keystoneclient/v3/tokens.py
+++ b/keystoneclient/v3/tokens.py
@@ -57,7 +57,8 @@ class TokenManager(object):
resp, body = self._client.get(path)
return body
- def get_token_data(self, token, include_catalog=True, allow_expired=False):
+ def get_token_data(self, token, include_catalog=True, allow_expired=False,
+ access_rules_support=None):
"""Fetch the data about a token from the identity server.
:param str token: The ID of the token to be fetched.
@@ -65,11 +66,18 @@ class TokenManager(object):
included in the response.
:param allow_expired: If True the token will be validated and returned
if it has already expired.
+ :param access_rules_support: Version number indicating that the client
+ is capable of enforcing keystone
+ access rules, if unset this client
+ does not support access rules.
+ :type access_rules_support: float
:rtype: dict
"""
headers = {'X-Subject-Token': token}
+ if access_rules_support:
+ headers['OpenStack-Identity-Access-Rules'] = access_rules_support
flags = []
url = '/auth/tokens'
@@ -85,7 +93,8 @@ class TokenManager(object):
resp, body = self._client.get(url, headers=headers)
return body
- def validate(self, token, include_catalog=True, allow_expired=False):
+ def validate(self, token, include_catalog=True, allow_expired=False,
+ access_rules_support=None):
"""Validate a token.
:param token: The token to be validated.
@@ -95,6 +104,11 @@ class TokenManager(object):
:param allow_expired: If True the token will be validated and returned
if it has already expired.
:type allow_expired: bool
+ :param access_rules_support: Version number indicating that the client
+ is capable of enforcing keystone
+ access rules, if unset this client
+ does not support access rules.
+ :type access_rules_support: float
:rtype: :class:`keystoneclient.access.AccessInfoV3`
@@ -102,5 +116,6 @@ class TokenManager(object):
token_id = _calc_id(token)
body = self.get_token_data(token_id,
include_catalog=include_catalog,
- allow_expired=allow_expired)
+ allow_expired=allow_expired,
+ access_rules_support=access_rules_support)
return access.AccessInfo.factory(auth_token=token_id, body=body)