keystone.application_credential.backends.sql module¶
-
class
keystone.application_credential.backends.sql.AccessRuleModel(*args, **kwargs)[source]¶ Bases:
sqlalchemy.ext.declarative.api.Base,keystone.common.sql.core.ModelDictMixin-
application_credential¶
-
attributes= ['external_id', 'user_id', 'service', 'path', 'method']¶
-
external_id¶
-
id¶
-
method¶
-
path¶
-
service¶
-
user_id¶
-
-
class
keystone.application_credential.backends.sql.ApplicationCredential[source]¶ Bases:
keystone.application_credential.backends.base.ApplicationCredentialDriverBase-
authenticate(application_credential_id, secret)[source]¶ Validate an application credential.
- Parameters
application_credential_id (str) – Application Credential ID
secret (str) – Secret
- Raises
AssertionError – If id or secret is invalid.
-
create_application_credential(application_credential, roles, access_rules=None)[source]¶ Create a new application credential.
- Parameters
application_credential (dict) – Application Credential data
roles (list) – A list of roles that apply to the application_credential.
- Returns
a new application credential
-
delete_access_rule(access_rule_id)[source]¶ Delete one access rule.
- Parameters
access_rule_id (str) – Access Rule ID
-
delete_access_rules_for_user(user_id)[source]¶ Delete all access rules for user.
This is called when the user itself is deleted.
- Parameters
user_id (str) – User ID
-
delete_application_credential(application_credential_id)[source]¶ Delete a single application credential.
- Parameters
application_credential_id (str) – ID of the application credential to delete.
-
delete_application_credentials_for_user(user_id)[source]¶ Delete all application credentials for a user.
- Parameters
user_id – ID of a user to whose application credentials should be deleted.
-
delete_application_credentials_for_user_on_project(user_id, project_id)[source]¶ Delete all application credentials for a user on a given project.
- Parameters
user_id (str) – ID of a user to whose application credentials should be deleted.
project_id (str) – ID of a project on which to filter application credentials.
-
get_access_rule(access_rule_id)[source]¶ Get an access rule by its ID.
- Parameters
access_rule_id (str) – Access Rule ID
-
get_application_credential(application_credential_id)[source]¶ Get an application credential by the credential id.
- Parameters
application_credential_id (str) – Application Credential ID
-
-
class
keystone.application_credential.backends.sql.ApplicationCredentialAccessRuleModel(*args, **kwargs)[source]¶ Bases:
sqlalchemy.ext.declarative.api.Base,keystone.common.sql.core.ModelDictMixin-
access_rule_id¶
-
application_credential_id¶
-
attributes= ['application_credential_id', 'access_rule_id']¶
-
-
class
keystone.application_credential.backends.sql.ApplicationCredentialModel(*args, **kwargs)[source]¶ Bases:
sqlalchemy.ext.declarative.api.Base,keystone.common.sql.core.ModelDictMixin-
access_rules¶
-
attributes= ['internal_id', 'id', 'name', 'secret_hash', 'description', 'user_id', 'project_id', 'system', 'expires_at', 'unrestricted']¶
-
description¶
-
expires_at¶
-
id¶
-
internal_id¶
-
name¶
-
project_id¶
-
roles¶
-
secret_hash¶
-
system¶
-
unrestricted¶
-
user_id¶
-
