1# Copyright 2018 SUSE Linux GmbH
2#
3# Licensed under the Apache License, Version 2.0 (the "License"); you may
4# not use this file except in compliance with the License. You may obtain
5# a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12# License for the specific language governing permissions and limitations
13# under the License.
14
15from keystoneauth1.identity.v3 import base
16
17
18__all__ = ('ApplicationCredentialMethod', 'ApplicationCredential')
19
20
21class ApplicationCredentialMethod(base.AuthMethod):
22    """Construct a User/Passcode based authentication method.
23
24    :param string application_credential_secret: Application credential secret.
25    :param string application_credential_id: Application credential id.
26    :param string application_credential_name: The name of the application
27                                               credential, if an ID is not
28                                               provided.
29    :param string username: Username for authentication, if an application
30                            credential ID is not provided.
31    :param string user_id: User ID for authentication, if an application
32                           credential ID is not provided.
33    :param string user_domain_id: User's domain ID for authentication, if an
34                                  application credential ID is not provided.
35    :param string user_domain_name: User's domain name for authentication, if
36                                    an application credential ID is not
37                                    provided.
38    """
39
40    _method_parameters = ['application_credential_secret',
41                          'application_credential_id',
42                          'application_credential_name',
43                          'user_id',
44                          'username',
45                          'user_domain_id',
46                          'user_domain_name']
47
48    def get_auth_data(self, session, auth, headers, **kwargs):
49        auth_data = {'secret': self.application_credential_secret}
50
51        if self.application_credential_id:
52            auth_data['id'] = self.application_credential_id
53        else:
54            auth_data['name'] = self.application_credential_name
55            auth_data['user'] = {}
56            if self.user_id:
57                auth_data['user']['id'] = self.user_id
58            elif self.username:
59                auth_data['user']['name'] = self.username
60
61                if self.user_domain_id:
62                    auth_data['user']['domain'] = {'id': self.user_domain_id}
63                elif self.user_domain_name:
64                    auth_data['user']['domain'] = {
65                        'name': self.user_domain_name}
66
67        return 'application_credential', auth_data
68
69    def get_cache_id_elements(self):
70        return dict(('application_credential_%s' % p, getattr(self, p))
71                    for p in self._method_parameters)
72
73
74class ApplicationCredential(base.AuthConstructor):
75    """A plugin for authenticating with an application credential.
76
77    :param string auth_url: Identity service endpoint for authentication.
78    :param string application_credential_secret: Application credential secret.
79    :param string application_credential_id: Application credential ID.
80    :param string application_credential_name: Application credential name.
81    :param string username: Username for authentication.
82    :param string user_id: User ID for authentication.
83    :param string user_domain_id: User's domain ID for authentication.
84    :param string user_domain_name: User's domain name for authentication.
85    :param bool reauthenticate: Allow fetching a new token if the current one
86                                is going to expire. (optional) default True
87    """
88
89    _auth_method_class = ApplicationCredentialMethod
90