From 5d60b22a81fd7fbfd6e07918bc11434a39c20f72 Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Mon, 15 Dec 2014 11:26:41 +1000 Subject: Add generic auth plugin documentation Add some documentation regarding the existence of generic plugins. Those that can be used against the v2 or v3 APIs. Change-Id: Ie52f0653e20cbc9338481f874aaefa4cdee97116 --- doc/source/authentication-plugins.rst | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'doc') diff --git a/doc/source/authentication-plugins.rst b/doc/source/authentication-plugins.rst index e90e51b..5afc0bc 100644 --- a/doc/source/authentication-plugins.rst +++ b/doc/source/authentication-plugins.rst @@ -37,6 +37,9 @@ They include: - :py:class:`~keystoneclient.auth.identity.v2.Token`: Authenticate against a V2 identity service using an existing token. +V2 identity plugins must use an auth_url that points to the root of a V2 +identity server URL, i.e.: `http://hostname:5000/v2.0`. + V3 Identity Plugins ------------------- @@ -87,6 +90,31 @@ like the V2 plugins: This will have exactly the same effect as using the single :py:class:`~keystoneclient.auth.identity.v3.PasswordMethod` above. +V3 identity plugins must use an auth_url that points to the root of a V3 +identity server URL, i.e.: `http://hostname:5000/v3`. + +Version Independent Identity Plugins +------------------------------------ + +Standard version independent identity plugins are defined in the module +:py:mod:`keystoneclient.auth.identity.generic`. + +For the cases of plugins that exist under both the identity V2 and V3 APIs +there is an abstraction to allow the plugin to determine which of the V2 and V3 +APIs are supported by the server and use the most appropriate API. + +These plugins are: + +- :py:class:`~keystoneclient.auth.identity.generic.Password`: Authenticate + using a user/password against either v2 or v3 API. +- :py:class:`~keystoneclient.auth.identity.generic.Token`: Authenticate using + an existing token against either v2 or v3 API. + +These plugins work by first querying the identity server to determine available +versions and so the `auth_url` used with the plugins should point to the base +URL of the identity server to use. If the `auth_url` points to either a V2 or +V3 endpoint it will restrict the plugin to only working with that version of +the API. Simple Plugins -------------- -- cgit v1.2.1