keystone.assignment.backends package¶
Submodules¶
keystone.assignment.backends.base module¶
-
class
keystone.assignment.backends.base.AssignmentDriverBase[source]¶ Bases:
object-
add_role_to_user_and_project(user_id, tenant_id, role_id)[source]¶ Add a role to a user within given tenant.
Raises: keystone.exception.Conflict – If a duplicate role assignment exists.
-
check_grant_role_id(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶ Check an assignment/grant role id.
Raises: keystone.exception.RoleAssignmentNotFound – If the role assignment doesn’t exist. Returns: None or raises an exception if grant not found
-
create_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶ Create a new assignment/grant.
If the assignment is to a domain, then optionally it may be specified as inherited to owned projects (this requires the OS-INHERIT extension to be enabled).
-
delete_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶ Delete assignments/grants.
Raises: keystone.exception.RoleAssignmentNotFound – If the role assignment doesn’t exist.
-
delete_group_assignments(group_id)[source]¶ Delete all assignments for a group.
Raises: keystone.exception.RoleNotFound – If the role doesn’t exist.
-
delete_project_assignments(project_id)[source]¶ Delete all assignments for a project.
Raises: keystone.exception.ProjectNotFound – If the project doesn’t exist.
-
delete_user_assignments(user_id)[source]¶ Delete all assignments for a user.
Raises: keystone.exception.RoleNotFound – If the role doesn’t exist.
-
list_grant_role_ids(user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶ List role ids for assignments/grants.
-
list_role_assignments(role_id=None, user_id=None, group_ids=None, domain_id=None, project_ids=None, inherited_to_projects=None)[source]¶ Return a list of role assignments for actors on targets.
Available parameters represent values in which the returned role assignments attributes need to be filtered on.
-
remove_role_from_user_and_project(user_id, tenant_id, role_id)[source]¶ Remove a role from a user within given tenant.
Raises: keystone.exception.RoleNotFound – If the role doesn’t exist.
-
keystone.assignment.backends.sql module¶
-
class
keystone.assignment.backends.sql.Assignment[source]¶ Bases:
keystone.assignment.backends.base.AssignmentDriverBase-
check_grant_role_id(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶
-
create_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶
-
delete_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶
-
list_grant_role_ids(user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶
-
-
class
keystone.assignment.backends.sql.AssignmentType[source]¶ Bases:
object-
GROUP_DOMAIN= 'GroupDomain'¶
-
GROUP_PROJECT= 'GroupProject'¶
-
USER_DOMAIN= 'UserDomain'¶
-
USER_PROJECT= 'UserProject'¶
-
-
class
keystone.assignment.backends.sql.RoleAssignment(*args, **kwargs)[source]¶ Bases:
sqlalchemy.ext.declarative.api.Base,keystone.common.sql.core.DictBase-
actor_id¶
-
attributes= ['type', 'actor_id', 'target_id', 'role_id', 'inherited']¶
-
inherited¶
-
role_id¶
-
target_id¶
-
to_dict()[source]¶ Override parent method with a simpler implementation.
RoleAssignment doesn’t have non-indexed ‘extra’ attributes, so the parent implementation is not applicable.
-
type¶
-