keystone.endpoint_policy.backends.sql module

class keystone.endpoint_policy.backends.sql.EndpointPolicy

Bases: keystone.endpoint_policy.backends.base.EndpointPolicyDriverBase

check_policy_association(policy_id, endpoint_id=None, service_id=None, region_id=None)

Check existence of a policy association.

Parameters

• policy_id (string) – identity of policy that is being associated

• endpoint_id (string) – identity of endpoint to associate

• service_id (string) – identity of the service to associate

• region_id (string) – identity of the region to associate

Raises

keystone.exception.PolicyAssociationNotFound – If there is no match for the specified association.

Returns

None

create_policy_association(policy_id, endpoint_id=None, service_id=None, region_id=None)

Create a policy association.

Parameters

• policy_id (string) – identity of policy that is being associated

• endpoint_id (string) – identity of endpoint to associate

• service_id (string) – identity of the service to associate

• region_id (string) – identity of the region to associate

Returns

None

There are three types of association permitted:

• Endpoint (in which case service and region must be None)

• Service and region (in which endpoint must be None)

• Service (in which case endpoint and region must be None)

delete_association_by_endpoint(endpoint_id)

Remove all the policy associations with the specific endpoint.

Parameters

endpoint_id (string) – identity of endpoint to check

Returns

None

delete_association_by_policy(policy_id)

Remove all the policy associations with the specific policy.

Parameters

policy_id (string) – identity of endpoint to check

Returns

None

delete_association_by_region(region_id)

Remove all the policy associations with the specific region.

Parameters

region_id (string) – identity of endpoint to check

Returns

None

delete_association_by_service(service_id)

Remove all the policy associations with the specific service.

Parameters

service_id (string) – identity of endpoint to check

Returns

None

delete_policy_association(policy_id, endpoint_id=None, service_id=None, region_id=None)

Delete a policy association.

Parameters

• policy_id (string) – identity of policy that is being associated

• endpoint_id (string) – identity of endpoint to associate

• service_id (string) – identity of the service to associate

• region_id (string) – identity of the region to associate

Returns

None

get_policy_association(endpoint_id=None, service_id=None, region_id=None)

Get the policy for an explicit association.

This method is not exposed as a public API, but is used by get_policy_for_endpoint().

Parameters

• endpoint_id (string) – identity of endpoint

• service_id (string) – identity of the service

• region_id (string) – identity of the region

Raises

keystone.exception.PolicyAssociationNotFound – If there is no match for the specified association.

Returns

dict containing policy_id (value is a tuple containing only the policy_id)

list_associations_for_policy(policy_id)

List the associations for a policy.

This method is not exposed as a public API, but is used by list_endpoints_for_policy().

Parameters

policy_id (string) – identity of policy

Returns

List of association dicts

class keystone.endpoint_policy.backends.sql.PolicyAssociation(*args, **kwargs)

Bases: sqlalchemy.orm.decl_api.Base, keystone.common.sql.core.ModelDictMixin

attributes = ['policy_id', 'endpoint_id', 'region_id', 'service_id']

endpoint_id

id

policy_id

region_id

service_id

to_dict()

Return the model’s attributes as a dictionary.

We override the standard method in order to hide the id column, since this only exists to provide the table with a primary key.