### Install Kerberos extras Source: https://docs.openstack.org/keystoneauth/latest/extras.html Install the necessary dependencies for the Kerberos plugin using pip. ```bash pip install keystoneauth1[kerberos] ``` -------------------------------- ### Example response-body.log output Source: https://docs.openstack.org/keystoneauth/latest/using-sessions.html This example demonstrates the content logged to 'response-body.log', which includes request commands, response headers, and response bodies. ```log 2017-09-19 22:10:09,490 keystoneauth.session.request curl -g -i -X GET http://cloud.example.com/volume/v2/137155c35fb34172a284a3c2540c92ab/volumes/detail?marker=34cd00cf-bf67-4667-a900-5ce233e383d5 -H "User-Agent: os-client-config/1.28.0 shade/1.23.1 keystoneauth1/3.2.0 python-requests/2.18.4 CPython/2.7.12" -H "X-Auth-Token: {SHA1}a1d03d2a4cbee590a55f1786d452e1027d5fd781" 2017-09-19 22:10:09,751 keystoneauth.session.response [200] Date: Tue, 19 Sep 2017 22:10:09 GMT Server: Apache/2.4.18 (Ubuntu) x-compute-request-id: req-2e9181d2-9f3e-404e-a12f-1f1566736ab3 Content-Type: application/json Content-Length: 15 x-openstack-request-id: req-2e9181d2-9f3e-404e-a12f-1f1566736ab3 Connection: close 2017-09-19 22:10:09,751 keystoneauth.session.body {"volumes": []} ``` -------------------------------- ### LoadingFixture Setup Method Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.fixture.html Prepares the Fixture for use. Concrete fixtures should implement _setUp. Overriding setUp is supported but not recommended. After completion, the fixture will have usable attributes. ```python setUp() → None Prepare the Fixture for use. This should not be overridden. Concrete fixtures should implement _setUp. Overriding of setUp is still supported, just not recommended. After setUp has completed, the fixture will have one or more attributes which can be used (these depend totally on the concrete subclass). Raises: MultipleExceptions if _setUp fails. The last exception captured within the MultipleExceptions will be a SetupError exception. Returns: None. Changed in 1.3: The recommendation to override setUp has been reversed - before 1.3, setUp() should be overridden, now it should not be. Changed in 1.3.1: BaseException is now caught, and only subclasses of Exception are wrapped in MultipleExceptions. ``` -------------------------------- ### Install Kerberos dependencies Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.extras.kerberos.html Install the required extra package to enable Kerberos authentication support. ```bash $ pip install keystoneauth1[kerberos] ``` -------------------------------- ### Install OAuth1 dependencies Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.extras.oauth1.v3.html Install the required extra package to enable OAuth1 authentication functionality. ```bash $ pip install keystoneauth['oauth1'] ``` -------------------------------- ### Example request.log output Source: https://docs.openstack.org/keystoneauth/latest/using-sessions.html This example shows the format and content of messages logged to 'request.log', typically including request IDs and response headers. ```log 2017-09-19 22:10:09,466 keystoneauth.session.request-id GET call to volumev2 for http://cloud.example.com/volume/v2/137155c35fb34172a284a3c2540c92ab/volumes/detail used request id req-f4f2058a-9308-4c4a-94e6-5ee1cd6c78bd 2017-09-19 22:10:09,751 keystoneauth.session.response [200] Date: Tue, 19 Sep 2017 22:10:09 GMT Server: Apache/2.4.18 (Ubuntu) x-compute-request-id: req-2e9181d2-9f3e-404e-a12f-1f1566736ab3 Content-Type: application/json Content-Length: 15 x-openstack-request-id: req-2e9181d2-9f3e-404e-a12f-1f1566736ab3 Connection: close ``` -------------------------------- ### GET / Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.session.html Perform a GET request using the session. ```APIDOC ## GET / (get) ### Description Perform a GET request. This calls the internal request() method with the method set to GET. ### Method GET ### Endpoint / ### Parameters #### Query Parameters - **kwargs** (Any) - Optional - Additional arguments passed to the request method. ``` -------------------------------- ### Password Plugin - Environment Variables Source: https://docs.openstack.org/keystoneauth/latest/plugin-options.html Example of using the password authentication plugin via environment variables. ```APIDOC ## GET /api/users/{id} ### Description Retrieves details for a specific user by their unique identifier. ### Method GET ### Endpoint /api/users/{id} ### Parameters #### Path Parameters - **id** (string) - Required - The unique identifier of the user to retrieve. #### Query Parameters - **fields** (string) - Optional - Comma-separated list of fields to include in the response. ### Response #### Success Response (200) - **id** (string) - The unique identifier for the user. - **username** (string) - The username of the user. - **email** (string) - The email address of the user. - **created_at** (string) - Timestamp when the user was created. #### Response Example ```json { "id": "a1b2c3d4-e5f6-7890-1234-567890abcdef", "username": "testuser", "email": "test@example.com", "created_at": "2023-10-27T10:00:00Z" } ``` ``` -------------------------------- ### Create and Use KeystoneAuth Adapter Source: https://docs.openstack.org/keystoneauth/latest/using-sessions.html Instantiate an Adapter with session, service type, interface, and version. Use the adapter to make REST requests, such as GET requests to retrieve volumes. ```python adapter = keystoneauth1.adapter.Adapter( session=session, service_type='volume', interface='public', version=1) response = adapter.get('/volumes') ``` -------------------------------- ### Password Plugin - clouds.yaml Configuration Source: https://docs.openstack.org/keystoneauth/latest/plugin-options.html Example of configuring the password authentication plugin in a clouds.yaml file. ```APIDOC ## PUT /api/users/{id} ### Description Updates an existing user's information. ### Method PUT ### Endpoint /api/users/{id} ### Parameters #### Path Parameters - **id** (string) - Required - The unique identifier of the user to update. #### Request Body - **email** (string) - Optional - The updated email address for the user. - **password** (string) - Optional - The updated password for the user. ### Request Example ```json { "email": "updated.test@example.com" } ``` ### Response #### Success Response (200) - **id** (string) - The unique identifier for the user. - **username** (string) - The username of the user. - **email** (string) - The updated email address of the user. - **updated_at** (string) - Timestamp when the user was last updated. #### Response Example ```json { "id": "a1b2c3d4-e5f6-7890-1234-567890abcdef", "username": "testuser", "email": "updated.test@example.com", "updated_at": "2023-10-27T11:00:00Z" } ``` ``` -------------------------------- ### GET /plugins/{plugin_name}/options Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.loading.base.html Retrieves the list of registered options for a specified authentication plugin. ```APIDOC ## GET /plugins/{plugin_name}/options ### Description Retrieves the list of options that are registered and loaded by the specified authentication plugin. ### Method GET ### Endpoint /plugins/{plugin_name}/options ### Parameters #### Path Parameters - **plugin_name** (string) - Required - The name of the authentication plugin to query. ### Response #### Success Response (200) - **options** (list) - A list of `keystoneauth1.loading.Opt` objects representing the plugin configuration options. ### Errors - **404 Not Found**: Raised as `keystoneauth1.exceptions.auth_plugins.NoMatchingPlugin` if the specified plugin cannot be created or found. ``` -------------------------------- ### Get domain-scoped token with Kerberos Source: https://docs.openstack.org/keystoneauth/latest/extras.html Instantiate the Kerberos plugin and retrieve a domain-scoped token using a session. ```python from keystoneauth1.extras import kerberos from keystoneauth1 import session plugin = kerberos.Kerberos('http://example.com:5000/v3') sess = session.Session(plugin) token = plugin.get_token(sess) ``` -------------------------------- ### Retrieve raw version data structure Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.discover.html Example of the list of dictionaries returned by get_version_data, representing available service versions. ```json [ { 'status': 'STABLE', 'id': 'v2.3', 'links': [ {'href': 'http://network.example.com/v2.3', 'rel': 'self'}, {'href': 'http://network.example.com/', 'rel': 'collection'}, ], 'min_version': '2.0', 'max_version': '2.7', }, ..., ] ``` -------------------------------- ### Password Plugin - CLI Usage Source: https://docs.openstack.org/keystoneauth/latest/plugin-options.html Example of using the password authentication plugin via OpenStack CLI options. ```APIDOC ## POST /api/users ### Description This endpoint allows for the creation of new user resources. ### Method POST ### Endpoint /api/users ### Parameters #### Query Parameters - **limit** (integer) - Optional - The maximum number of users to return. #### Request Body - **username** (string) - Required - The desired username for the new user. - **email** (string) - Required - The email address for the new user. - **password** (string) - Required - The password for the new user. ### Request Example ```json { "username": "testuser", "email": "test@example.com", "password": "securepassword123" } ``` ### Response #### Success Response (201) - **id** (string) - The unique identifier for the newly created user. - **username** (string) - The username of the created user. - **email** (string) - The email address of the created user. #### Response Example ```json { "id": "a1b2c3d4-e5f6-7890-1234-567890abcdef", "username": "testuser", "email": "test@example.com" } ``` ``` -------------------------------- ### Password Plugin - Config File Configuration Source: https://docs.openstack.org/keystoneauth/latest/plugin-options.html Example of configuring the password authentication plugin in an INI-style config file. ```APIDOC ## DELETE /api/users/{id} ### Description Deletes a user by their unique identifier. ### Method DELETE ### Endpoint /api/users/{id} ### Parameters #### Path Parameters - **id** (string) - Required - The unique identifier of the user to delete. ### Response #### Success Response (204) No content is returned upon successful deletion. #### Response Example (No content) ``` -------------------------------- ### Initialize a Session with Keystone Client Source: https://docs.openstack.org/keystoneauth/latest/using-sessions.html Demonstrates creating a password-based authentication plugin and a session to initialize an OpenStack client. ```python >>> from keystoneauth1.identity import v3 >>> from keystoneauth1 import session >>> from keystoneclient.v3 import client >>> auth = v3.Password(auth_url='https://my.keystone.com:5000/v3', ... username='myuser', ... password='mypassword', ... project_name='proj', ... user_domain_id='default', ... project_domain_id='default') >>> sess = session.Session(auth=auth, ... verify='/path/to/ca.cert') >>> ks = client.Client(session=sess) >>> users = ks.users.list() ``` -------------------------------- ### Initialize Client Adapter with Default Behavior Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.base.html Initialize the client adapter without explicit version constraints. The client will use the catalog's default or attempt discovery if necessary. ```python client = adapter.Adapter(session, service_type='block-storage') ``` -------------------------------- ### Make Unauthenticated GET Request Source: https://docs.openstack.org/keystoneauth/latest/using-sessions.html Use this when making a GET request to a service endpoint that does not require authentication, such as the root of a Keystone service. ```python >>> # In keystone this route is unprotected by default >>> resp = sess.get('https://my.keystone.com:5000/v3', authenticated=False) ``` -------------------------------- ### Initialize Client Adapter with Version Constraints Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.base.html Use this when you need to specify version constraints for the API. The client will attempt to discover the endpoint based on these constraints. ```python client = adapter.Adapter( session, service_type='block-storage', min_version=2, max_version=3, ) volume_version = client.get_api_major_version() ``` -------------------------------- ### Get Cache ID Elements Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.html Get the elements that make up the unique identifier for this auth plugin. This method should be overridden by plugins that support caching. ```python get_cache_id_elements() → dict[str, str | None] Get the elements for this auth plugin that make up unique. As part of the get_cache_id requirement we need to determine what aspects of this plugin and its values that make up the unique elements. This should be overridden by plugins that wish to allow caching. Returns: The unique attributes and values of this plugin. Return type: A flat dict with a str key and str or None value. This is required as we feed these values into a hash. Pairs where the value is None are ignored in the hashed id. ``` -------------------------------- ### Create V3 Session with Password Method Source: https://docs.openstack.org/keystoneauth/latest/authentication-plugins.html Instantiate a V3 session using a PasswordMethod for authentication. Requires username, password, user domain name, and project ID. ```python >>> from keystoneauth1 import session >>> from keystoneauth1.identity import v3 >>> password = v3.PasswordMethod(username='user', ... password='password', ... user_domain_name='default') >>> auth = v3.Auth(auth_url='http://my.keystone.com:5000/v3', ... auth_methods=[password], ... project_id='projectid') >>> sess = session.Session(auth=auth) ``` -------------------------------- ### Create V3 Session with Helper Password Plugin Source: https://docs.openstack.org/keystoneauth/latest/authentication-plugins.html Instantiate a V3 session using the helper Password plugin, which simplifies authentication with a single PasswordMethod. Requires username, password, project ID, and user domain name. ```python >>> auth = v3.Password(auth_url='http://my.keystone.com:5000/v3', ... username='username', ... password='password', ... project_id='projectid', ... user_domain_name='default') >>> sess = session.Session(auth=auth) ``` -------------------------------- ### Get Remote Keystone Auth URL Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.v3.k2k.html Returns the auth_url of the remote Keystone Service Provider. This is used for getting federated unscoped tokens and for token scoping. ```python @classmethod def _remote_auth_url(_auth_url : str_) -> str: """Return auth_url of the remote Keystone Service Provider. Remote cloud’s auth_url is an endpoint for getting federated unscoped token, typically that would be `https://remote.example.com:5000/v3/OS-FEDERATION/identity_providers/ /protocols//auth`. However we need to generate a real auth_url, used for token scoping. This function assumes there are static values today in the remote auth_url stored in the Service Provider attribute and those can be used as a delimiter. If the sp_auth_url doesn’t comply with standard federation auth url the function will simply return whole string. :param auth_url: auth_url of the remote cloud :return: auth_url of remote cloud where a token can be validated or scoped. """ pass ``` -------------------------------- ### Adapter Class Methods Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.loading.adapter.html This section covers the core methods of the Adapter class, including retrieving configuration options, loading from configuration, and registering configuration options. ```APIDOC ## GET /_get_conf_options ### Description Retrieves oslo_config options necessary for an `Adapter`. These can be used for config file generation or manipulation before registration. ### Method GET ### Endpoint /_get_conf_options ### Parameters #### Query Parameters - **include_deprecated** (bool) - Optional - If True (default), deprecated options are included. If False, they are excluded. - **deprecated_opts** (dict) - Optional - Deprecated options to be included in the definition of new options. Format: {'new_option_name': [oslo.DeprecatedOpt('old_option_name', 'old_group')]}. ### Response #### Success Response (200) - **options** (list[cfg.Opt]) - A list of oslo_config options. ## GET /get_options ### Description Returns the list of parameters associated with the auth plugin, which can be used to generate CLI or config arguments. ### Method GET ### Endpoint /get_options ### Response #### Success Response (200) - **params** (list[opts.Opt]) - A list of Param objects describing available plugin parameters. ## POST /load_from_conf_options ### Description Creates an Adapter object from an oslo_config object. The options must have been previously registered with register_conf_options. ### Method POST ### Endpoint /load_from_conf_options ### Parameters #### Request Body - **conf** (cfg.ConfigOpts) - The config object to register with. - **group** (str) - The ini group to register options in. - **kwargs** (dict) - Additional parameters to pass to Adapter construction. ### Response #### Success Response (200) - **adapter** (Adapter) - A new Adapter object. ## POST /register_conf_options ### Description Registers the oslo_config options required for an Adapter. ### Method POST ### Endpoint /register_conf_options ### Parameters #### Request Body - **conf** (cfg.ConfigOpts) - The config object to register with. - **group** (str) - The ini group to register options in. - **include_deprecated** (bool) - Optional - If True (default), deprecated options are included. If False, they are excluded. - **deprecated_opts** (dict) - Optional - Deprecated options to be included in the definition of new options. Format: {'new_option_name': [oslo.DeprecatedOpt('old_option_name', 'old_group')]}. ### Response #### Success Response (200) - **registered_options** (list[cfg.Opt]) - A list of registered oslo_config options. ``` -------------------------------- ### Get Unscoped Auth Ref for OIDC Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.v3.html Authenticates using an OpenID Connect access token to retrieve user claims. This process involves exchanging the access token with the OIDC Provider to get user information, which is then sent to Keystone. ```python get_unscoped_auth_ref(_session : Session_) → AccessInfoV3 Authenticate with OpenID Connect and get back claims. We exchange the access token upon accessing the protected Keystone endpoint (federated auth URL). This will trigger the OpenID Connect Provider to perform a user introspection and retrieve information (specified in the scope) about the user in the form of an OpenID Connect Claim. These claims will be sent to Keystone in the form of environment variables. Parameters: **session** (_keystoneauth1.session.Session_) – a session object to send out HTTP requests. Returns: a token data representation Return type: `keystoneauth1.access.AccessInfoV3` ``` -------------------------------- ### GET /version-data Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.session.html Retrieve version data for all services in the catalog. ```APIDOC ## GET /version-data (get_all_version_data) ### Description Get version data for all services in the catalog. ### Method GET ### Endpoint /version-data ### Parameters #### Query Parameters - **auth** (BaseAuthPlugin) - Optional - The auth plugin to use for token. Overrides the plugin on the session. - **interface** (str|list[str]) - Optional - Type of endpoint to get version data for. Defaults to 'public'. - **region_name** (string) - Optional - Region of endpoints to get version data for. - **service_type** (string) - Optional - Limit the version data to a single service. ### Response #### Success Response (200) - **data** (dict) - A dictionary keyed by region_name with values containing dictionaries keyed by interface with values being a list of VersionData. ``` -------------------------------- ### Create Plugin Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.fixture.html Creates a TestPlugin instance. ```python create_plugin() → TestPlugin ``` -------------------------------- ### GET /get_headers Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.v3.html Fetches authentication headers for tokenless scope identification. ```APIDOC ## GET get_headers ### Description Overrides default headers to provide tokenless auth scope headers. ### Parameters - **session** (keystoneauth1.session.Session) - Required - The session object. ### Response - **Returns** (dict) - Headers for message authentication or None for failure. ``` -------------------------------- ### OpenID Connect Plugin Initialization Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.v3.oidc.html Initializes the OpenID Connect plugin with necessary authentication details. ```APIDOC ## __init__ OpenID Connect Plugin ### Description Initializes the OpenID Connect plugin with various parameters required for authentication against an OpenID Connect Provider. ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters - **auth_url** (string) – URL of the Identity Service - **identity_provider** (string) – Name of the Identity Provider the client will authenticate against - **protocol** (string) – Protocol name as configured in keystone - **client_id** (string) – OAuth 2.0 Client ID - **client_secret** (string | None) – OAuth 2.0 Client Secret - **access_token_type** (string) – OAuth 2.0 Authorization Server Introspection token type. Valid values are: "access_token" or "id_token". - **scope** (string) – OpenID Connect scope requested from OP. Defaults to "openid profile". - **access_token_endpoint** (string | None) – OpenID Connect Provider Token Endpoint. Overrides discovered endpoint if provided. - **discovery_endpoint** (string | None) – OpenID Connect Discovery Document URL. Used to discover endpoints if not explicitly provided. - **trust_id** (string | None) – Trust ID for the identity provider. - **system_scope** (string | None) – System-wide scope for the authentication. - **domain_id** (string | None) – Domain ID for the authentication context. - **domain_name** (string | None) – Domain name for the authentication context. - **project_id** (string | None) – Project ID for the authentication context. - **project_name** (string | None) – Project name for the authentication context. - **project_domain_id** (string | None) – Project domain ID for the authentication context. - **project_domain_name** (string | None) – Project domain name for the authentication context. - **reauthenticate** (bool) – Flag to force re-authentication. - **include_catalog** (bool) – Flag to include service catalog in the response. ``` -------------------------------- ### Configure Multi-Factor Authentication with V3 Auth Class Source: https://docs.openstack.org/keystoneauth/latest/authentication-plugins.html Supply multiple authentication methods upfront by building a v3.Auth class with specific method instances. ```python from keystoneauth1 import session from keystoneauth1.identity import v3 auth = v3.Auth( auth_url='http://my.keystone.com:5000/v3', auth_methods=[ v3.PasswordMethod( username='user', password='password', user_domain_id="default", ), v3.TOTPMethod( username='user', passcode='123456', user_domain_id="default", ) ], project_id='projectid', ) sess = session.Session(auth=auth) ``` -------------------------------- ### get_cache_id_elements Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.v3.totp.html Gets the unique elements for this auth method to enable caching. ```APIDOC ## get_cache_id_elements ### Description Get the elements for this auth method that make it unique. These elements will be used as part of the `keystoneauth1.plugin.BaseIdentityPlugin.get_cache_id()` to allow caching of the auth plugin. Plugins should override this if they want to allow caching of their state. To avoid collision or overrides the keys of the returned dictionary should be prefixed with the plugin identifier. For example the password plugin returns its username value as ‘password_username’. ### Returns * dict[str, str | None] - A dictionary of unique elements for caching. ``` -------------------------------- ### Get Plugin Loader Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.fixture.html Retrieves the TestPluginLoader for a given authentication type. ```python get_plugin_loader(_auth_type : str_) → _TestPluginLoader ``` -------------------------------- ### Reuse Authentication Plugins across Sessions Source: https://docs.openstack.org/keystoneauth/latest/using-sessions.html Shows how to create a new session while reusing an existing authentication plugin. ```python >>> new_sess = session.Session(auth=sess.auth, verify='/path/to/different-cas.cert') ``` -------------------------------- ### GET get_endpoint Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.adapter.html Retrieves an endpoint URL as provided by the authentication plugin. ```APIDOC ## GET get_endpoint ### Description Get an endpoint as provided by the auth plugin. ### Parameters #### Request Body - **auth** (keystoneauth1.plugin.BaseAuthPlugin) - Optional - The auth plugin to use for token. ### Response - **Returns** (str | None) - An endpoint if available or None. ``` -------------------------------- ### keystoneauth1.loading.adapter.process_conf_options Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.loading.adapter.html Sets Adapter constructor keyword arguments based on configuration options. ```APIDOC ## process_conf_options ### Description Set Adapter constructor kwargs based on conf options. ### Parameters #### Arguments - **confgrp** (oslo_config.cfg.OptGroup) - Required - Config object group containing options to inspect. - **kwargs** (dict) - Required - Keyword arguments suitable for the constructor of keystoneauth1.adapter.Adapter. Will be modified by this method. ### Errors - **TypeError** - If invalid conf option values or combinations are found. ``` -------------------------------- ### Configure Password Plugin via Environment Variables Source: https://docs.openstack.org/keystoneauth/latest/plugin-options.html Set OS_ prefixed environment variables to configure authentication plugins. ```bash export OS_AUTH_TYPE=password export OS_AUTH_URL=http://keystone.example.com:5000/ export OS_USERNAME=myuser export OS_PASSWORD=mypassword export OS_PROJECT_NAME=myproject export OS_DEFAULT_DOMAIN_NAME=mydomain ``` -------------------------------- ### GET get_api_major_version Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.adapter.html Retrieves the major API version as provided by the authentication plugin. ```APIDOC ## GET get_api_major_version ### Description Get the major API version as provided by the auth plugin. ### Parameters #### Request Body - **auth** (keystoneauth1.plugin.BaseAuthPlugin) - Optional - The auth plugin to use for token. ### Response - **Returns** (tuple | None) - The major version of the API of the service discovered. ``` -------------------------------- ### Normalize version with latest minor Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.discover.html Examples of inputs that normalize to (2, LATEST). ```python '2.latest', 'v2.latest', (2, LATEST), ('2', 'latest') ``` -------------------------------- ### Requesting a Microversion via Adapter Source: https://docs.openstack.org/keystoneauth/latest/using-sessions.html Use an Adapter to handle service-specific microversioning automatically. ```python adapter = keystoneauth1.adapter.Adapter( session=session, service_type='compute', interface='public', min_version='2.1') response = adapter.get('/servers', microversion='2.38') ``` -------------------------------- ### Normalize latest version specifiers Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.discover.html Examples of inputs that normalize to (LATEST, LATEST). ```python 'latest', 'vlatest', ('latest', 'latest'), (LATEST, LATEST) ``` -------------------------------- ### GET /get_auth_ref Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.v3.html Obtains a token from an OpenStack Identity Service using an existing session. ```APIDOC ## GET /get_auth_ref ### Description Obtains a token from an OpenStack Identity Service. This method is expected to be invoked via the do_authenticate function and fetches a new AccessInfo object if the current one is invalid. ### Parameters #### Request Body - **session** (keystoneauth1.session.Session) - Required - A session object that can be used for communication. ### Response #### Success Response (200) - **AccessInfo** (object) - Token access information. ### Errors - **InvalidResponse**: The response returned wasn’t appropriate. - **HttpError**: An error from an invalid HTTP response. ``` -------------------------------- ### Get Token URL Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.v3.base.html Returns the full URL endpoint for sending authentication data. ```python _property _token_url _: str_ ``` -------------------------------- ### Import Kerberos plugin Source: https://docs.openstack.org/keystoneauth/latest/extras.html Import the Kerberos plugin module from the extras package. ```python from keystoneauth1.extras import kerberos ``` -------------------------------- ### GET get_endpoint_data Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.adapter.html Retrieves the full endpoint data object for the current adapter configuration. ```APIDOC ## GET get_endpoint_data ### Description Get the endpoint data for this Adapter’s endpoint. ### Parameters #### Request Body - **auth** (keystoneauth1.plugin.BaseAuthPlugin) - Optional - The auth plugin to use for token. ### Response - **Returns** (discover.EndpointData | None) - The endpoint data object. ``` -------------------------------- ### V3 Fixture Initialization Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.fixture.v3.html Initializes a new V3 authentication fixture with optional user, project, and trust details. ```APIDOC ## Initialization ### Description Creates a new instance of the V3 fixture to represent an authentication token or session. ### Parameters #### Request Body - **expires** (datetime | str) - Optional - Expiration time - **issued** (datetime | str) - Optional - Issue time - **user_id** (str) - Optional - User ID - **user_name** (str) - Optional - User name - **project_id** (str) - Optional - Project ID - **project_name** (str) - Optional - Project name - **trust_id** (str) - Optional - Trust ID ``` -------------------------------- ### Normalize version representations Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.discover.html Examples of various input formats that normalize to (1, 0). ```python 1, '1', 'v1', [1], (1,), ['1'], 1.0, '1.0', 'v1.0', (1, 0) ``` -------------------------------- ### Configure Password Plugin via CLI Source: https://docs.openstack.org/keystoneauth/latest/plugin-options.html Use CLI flags prefixed with --os- to configure the password authentication plugin. ```bash openstack --os-auth-type password \ --os-auth-url http://keystone.example.com:5000/ \ --os-username myuser \ --os-password mypassword \ --os-project-name myproject \ --os-default-domain-name mydomain \ operation ``` -------------------------------- ### keystoneauth1.loading.cli.load_from_argparse_arguments Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.loading.cli.html Loads and creates an authentication plugin from the results of argparse parsing. ```APIDOC ## load_from_argparse_arguments ### Description Loads and creates the auth plugin from the information parsed from the command line by argparse. ### Parameters - **namespace** (Namespace) - Required - The result from CLI parsing. - **kwargs** (Any) - Optional - Additional arguments. ### Returns - **BaseAuthPlugin** - An auth plugin, or None if a name is not provided. ### Raises - **keystoneauth1.exceptions.auth_plugins.NoMatchingPlugin** - If a plugin cannot be created. ``` -------------------------------- ### GET /get_endpoint Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.v3.html Retrieves a valid service endpoint using the provided session and service type. ```APIDOC ## GET get_endpoint ### Description Returns a valid endpoint for a specific service type. ### Parameters - **session** (keystoneauth1.session.Session) - Required - Session object for communication. - **service_type** (string) - Optional - The type of service to lookup. ### Response - **Returns** (string | None) - A valid endpoint URL or None if not available. ``` -------------------------------- ### Get unscoped federated token with Kerberos Source: https://docs.openstack.org/keystoneauth/latest/extras.html Use MappedKerberos to retrieve an unscoped federated token. ```python from keystoneauth1.extras import kerberos from keystoneauth1 import session plugin = kerberos.MappedKerberos( auth_url='http://example.com:5000/v3', protocol='example_protocol', identity_provider='example_identity_provider') sess = session.Session() token = plugin.get_token(sess) ``` -------------------------------- ### Initialize Identity V3 Plugin Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.v3.html Constructor for the Identity V3 authentication plugin, defining parameters for authentication URL, methods, and scoping. ```python __init__(_auth_url : str_, _auth_methods : list[AuthMethod]_, _*_ , _unscoped : bool = False_, _trust_id : str | None = None_, _system_scope : str | None = None_, _domain_id : str | None = None_, _domain_name : str | None = None_, _project_id : str | None = None_, _project_name : str | None = None_, _project_domain_id : str | None = None_, _project_domain_name : str | None = None_, _reauthenticate : bool = True_, _include_catalog : bool = True_) ``` -------------------------------- ### Create Plugin from Parameters Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.generic.html Creates an authentication plugin based on session, version, and URL. ```APIDOC ## POST /create_plugin ### Description Creates a plugin from the given parameters. This function will be called multiple times with the version and url of a potential endpoint. If a plugin can be constructed that fits the params then it should return it. If not return None and then another call will be made with other available URLs. ### Method POST ### Endpoint /create_plugin ### Parameters #### Request Body - **session** (Session) - Required - A session object. - **version** (tuple) - Required - A tuple of the API version at the URL. - **url** (string) - Required - The base URL for this version. - **raw_status** (string) - Optional - The status that was in the discovery field. ### Request Example { "session": "", "version": [3, 0], "url": "https://keystone.example.com/v3", "raw_status": "200 OK" } ### Response #### Success Response (200) - **plugin** (Token | None) - A plugin that can match the parameters or None if nothing. #### Response Example { "plugin": "" } ``` -------------------------------- ### Get Cache ID Elements Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.generic.html Retrieves unique elements of the auth plugin for caching purposes. ```APIDOC ## GET /get_cache_id_elements ### Description Get the elements for this auth plugin that make it unique. As part of the get_cache_id requirement we need to determine what aspects of this plugin and its values that make up the unique elements. This should be overridden by plugins that wish to allow caching. ### Method GET ### Endpoint /get_cache_id_elements ### Parameters None ### Response #### Success Response (200) - **cache_elements** (dict[str, str | None]) - The unique attributes and values of this plugin. Pairs where the value is None are ignored in the hashed id. #### Response Example { "cache_elements": { "auth_url": "https://keystone.example.com/v3", "token": "..." } } ``` -------------------------------- ### OpenStack KeystoneAuth Plugin Initialization Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.identity.v3.html Details on initializing the Keystone authentication plugin with various parameters. ```APIDOC ## KeystoneAuth Plugin Initialization ### Description Initializes the Keystone authentication plugin with a username and TOTP passcode, supporting various authentication and scoping options. ### Parameters #### Request Body - **auth_url** (string) - Required - Identity service endpoint for authentication. - **passcode** (string) - Required - TOTP passcode for authentication. - **user_id** (string) - Optional - User ID for authentication. - **username** (string) - Optional - Username for authentication. - **user_domain_id** (string) - Optional - User's domain ID for authentication. - **user_domain_name** (string) - Optional - User's domain name for authentication. - **trust_id** (string) - Optional - Trust ID for trust scoping. - **domain_id** (string) - Optional - Domain ID for domain scoping. - **domain_name** (string) - Optional - Domain name for domain scoping. - **project_id** (string) - Optional - Project ID for project scoping. - **project_name** (string) - Optional - Project name for project scoping. - **project_domain_id** (string) - Optional - Project's domain ID for project. - **project_domain_name** (string) - Optional - Project's domain name for project. - **reauthenticate** (boolean) - Optional - Allow fetching a new token if the current one is going to expire. Defaults to True. ### Request Example ```json { "auth_url": "https://identity.openstack.org/v3", "passcode": "123456", "username": "testuser", "user_domain_name": "default", "project_name": "myproject", "project_domain_name": "default" } ``` ### Response #### Success Response (200) This initialization does not directly return a response body but sets up the authentication object. #### Response Example (No direct response body for initialization.) ``` -------------------------------- ### GET get_all_version_data Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.adapter.html Retrieves version data for all versions of a service across specified interfaces and regions. ```APIDOC ## GET get_all_version_data ### Description Get data about all versions of a service. ### Parameters #### Query Parameters - **interface** (str | list[str]) - Optional - Type of endpoint to get version data for. Defaults to 'public'. - **region_name** (string) - Optional - Region of endpoints to get version data for. ### Response - **Returns** (dict) - A dictionary keyed by region_name with values containing dictionaries keyed by interface with values being a list of VersionData. ``` -------------------------------- ### keystoneauth1.loading Package Overview Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.loading.html This module provides the infrastructure for loading various authentication components. It includes submodules for adapters, CLI integration, configuration management, identity plugins, and session handling. ```APIDOC ## keystoneauth1.loading Package ### Description The loading package is responsible for dynamically loading authentication plugins and session configurations. It serves as the entry point for configuring Keystone authentication in OpenStack applications. ### Submodules - **adapter**: Handles adapter-specific loading logic. - **base**: Defines base classes for loading mechanisms. - **cli**: Provides utilities for command-line interface integration. - **conf**: Manages configuration-based loading. - **identity**: Handles identity plugin loading. - **opts**: Defines available configuration options. - **session**: Manages session object creation and configuration. ``` -------------------------------- ### Normalize complex version strings Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.discover.html Examples of version inputs that normalize to (1, 20, 3). ```python 'v1.20.3', '1.20.3', (1, 20, 3), ['1', '20', '3'] ``` -------------------------------- ### POST /keystoneauth1/loading/load_from_options Source: https://docs.openstack.org/keystoneauth/latest/api/keystoneauth1.loading.html Creates an authentication plugin instance using arguments retrieved from the get_options method. ```APIDOC ## POST /keystoneauth1/loading/load_from_options ### Description Create a plugin from the arguments retrieved from get_options. This method can be overridden to perform argument validation or handle differences between registered options and initialization requirements. ### Method POST ### Endpoint /keystoneauth1/loading/load_from_options ### Request Body - **kwargs** (Any) - Optional - Arguments retrieved from get_options to initialize the plugin. ### Response #### Success Response (200) - **plugin** (V3PluginT) - The initialized authentication plugin instance. ```