keystone.application_credential.backends.sql module¶
- class keystone.application_credential.backends.sql.AccessRuleModel(*args, **kwargs)[source]¶
Bases:
sqlalchemy.orm.decl_api.Base,keystone.common.sql.core.ModelDictMixin- application_credential¶
- attributes = ['external_id', 'user_id', 'service', 'path', 'method']¶
- external_id¶
- id¶
- method¶
- path¶
- service¶
- user_id¶
- class keystone.application_credential.backends.sql.ApplicationCredential[source]¶
Bases:
keystone.application_credential.backends.base.ApplicationCredentialDriverBase- authenticate(application_credential_id, secret)[source]¶
Validate an application credential.
- Parameters
application_credential_id (str) – Application Credential ID
secret (str) – Secret
- Raises
AssertionError – If id or secret is invalid.
- create_application_credential(application_credential, roles, access_rules=None)[source]¶
Create a new application credential.
- Parameters
application_credential (dict) – Application Credential data
roles (list) – A list of roles that apply to the application_credential.
- Returns
a new application credential
- delete_access_rule(access_rule_id)[source]¶
Delete one access rule.
- Parameters
access_rule_id (str) – Access Rule ID
- delete_access_rules_for_user(user_id)[source]¶
Delete all access rules for user.
This is called when the user itself is deleted.
- Parameters
user_id (str) – User ID
- delete_application_credential(application_credential_id)[source]¶
Delete a single application credential.
- Parameters
application_credential_id (str) – ID of the application credential to delete.
- delete_application_credentials_for_user(user_id)[source]¶
Delete all application credentials for a user.
- Parameters
user_id – ID of a user to whose application credentials should be deleted.
- delete_application_credentials_for_user_on_project(user_id, project_id)[source]¶
Delete all application credentials for a user on a given project.
- Parameters
user_id (str) – ID of a user to whose application credentials should be deleted.
project_id (str) – ID of a project on which to filter application credentials.
- get_access_rule(access_rule_id)[source]¶
Get an access rule by its ID.
- Parameters
access_rule_id (str) – Access Rule ID
- get_application_credential(application_credential_id)[source]¶
Get an application credential by the credential id.
- Parameters
application_credential_id (str) – Application Credential ID
- class keystone.application_credential.backends.sql.ApplicationCredentialAccessRuleModel(*args, **kwargs)[source]¶
Bases:
sqlalchemy.orm.decl_api.Base,keystone.common.sql.core.ModelDictMixin- access_rule_id¶
- application_credential_id¶
- attributes = ['application_credential_id', 'access_rule_id']¶
- class keystone.application_credential.backends.sql.ApplicationCredentialModel(*args, **kwargs)[source]¶
Bases:
sqlalchemy.orm.decl_api.Base,keystone.common.sql.core.ModelDictMixin- access_rules¶
- attributes = ['internal_id', 'id', 'name', 'secret_hash', 'description', 'user_id', 'project_id', 'system', 'expires_at', 'unrestricted']¶
- description¶
- expires_at¶
- id¶
- internal_id¶
- name¶
- project_id¶
- roles¶
- secret_hash¶
- system¶
- unrestricted¶
- user_id¶
