From 95f640599824536e817051ee70df96435226c236 Mon Sep 17 00:00:00 2001 From: Brant Knudson Date: Mon, 17 Aug 2015 10:07:54 -0500 Subject: [PATCH] Correct docstring for common.authorization The docstring for the common.authorization module was incomplete because it was missing several fields that are put into the auth context dict. Change-Id: Ib60cfd9989d55f2be3faa122728431ca93a98813 --- keystone/common/authorization.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/keystone/common/authorization.py b/keystone/common/authorization.py index 8db618df42..2c578dfd30 100644 --- a/keystone/common/authorization.py +++ b/keystone/common/authorization.py @@ -29,13 +29,23 @@ Auth context is essentially the user credential used for policy enforcement. It is a dictionary with the following attributes: +* ``token``: Token from the request * ``user_id``: user ID of the principal * ``project_id`` (optional): project ID of the scoped project if auth is project-scoped * ``domain_id`` (optional): domain ID of the scoped domain if auth is domain-scoped +* ``domain_name`` (optional): domain name of the scoped domain if auth is + domain-scoped +* ``is_delegated_auth``: True if this is delegated (via trust or oauth) +* ``trust_id``: Trust ID if trust-scoped, or None +* ``trustor_id``: Trustor ID if trust-scoped, or None +* ``trustee_id``: Trustee ID if trust-scoped, or None +* ``consumer_id``: OAuth consumer ID, or None +* ``access_token_id``: OAuth access token ID, or None * ``roles`` (optional): list of role names for the given scope -* ``group_ids``: list of group IDs for which the API user has membership +* ``group_ids`` (optional): list of group IDs for which the API user has + membership if token was for a federated user """