Keystone Client functionality for use by resources.
heat.engine.clients.os.keystone.heat_keystoneclient.
AccessKey
(id, access, secret)¶Bases: tuple
access
¶Alias for field number 1
id
¶Alias for field number 0
secret
¶Alias for field number 2
heat.engine.clients.os.keystone.heat_keystoneclient.
KeystoneClient
[source]¶Bases: object
Keystone Auth Client.
Delay choosing the backend client module until the client’s class needs to be initialized.
heat.engine.clients.os.keystone.heat_keystoneclient.
KsClientWrapper
(context)[source]¶Bases: object
Wrap keystone client so we can encapsulate logic used in resources.
Note this is intended to be initialized from a resource on a per-session
basis, so the session context is passed in on initialization
Also note that an instance of this is created in each request context as
part of a lazy-loaded cloud backend and it can be easily referenced in
each resource as self.keystone()
, so there should not be any need to
directly instantiate instances of this class inside resources themselves.
client
¶context
¶create_stack_domain_user
(username, project_id, password=None)[source]¶Create a domain user defined as part of a stack.
The user is defined either via template or created internally by a resource. This user will be added to the heat_stack_user_role as defined in the config, and created in the specified project (which is expected to be in the stack_domain).
Returns the keystone ID of the resulting user.
create_stack_user
(username, password='')[source]¶Create a user defined as part of a stack.
The user is defined either via template or created internally by a resource. This user will be added to the heat_stack_user_role as defined in the config.
Returns the keystone ID of the resulting user.
create_trust_context
()[source]¶Create a trust using the trustor identity in the current context.
The trust is created with the trustee as the heat service user.
If the current context already contains a trust_id, we do nothing and return the current context.
Returns a context containing the new trust_id.
delete_ec2_keypair
(credential_id=None, access=None, user_id=None)[source]¶Delete credential containing ec2 keypair.
domain_admin_auth
¶domain_admin_client
¶get_ec2_keypair
(credential_id=None, access=None, user_id=None)[source]¶Get an ec2 keypair via v3/credentials, by id or access.
region_name
¶stack_domain
¶Domain scope data.
This is only used for checking for scoping data, not using the value.
stack_domain_id
¶Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.