keystone.application_credential.backends.sql module

class keystone.application_credential.backends.sql.AccessRuleModel(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

application_credential
attributes = ['external_id', 'user_id', 'service', 'path', 'method']
external_id
id
method
path
service
user_id
class keystone.application_credential.backends.sql.ApplicationCredential[source]

Bases: keystone.application_credential.backends.base.ApplicationCredentialDriverBase

authenticate(application_credential_id, secret)[source]

Validate an application credential.

Parameters
  • application_credential_id (str) – Application Credential ID

  • secret (str) – Secret

Raises

AssertionError – If id or secret is invalid.

create_application_credential(application_credential, roles, access_rules=None)[source]

Create a new application credential.

Parameters
  • application_credential (dict) – Application Credential data

  • roles (list) – A list of roles that apply to the application_credential.

Returns

a new application credential

delete_access_rule(access_rule_id)[source]

Delete one access rule.

Parameters

access_rule_id (str) – Access Rule ID

delete_access_rules_for_user(user_id)[source]

Delete all access rules for user.

This is called when the user itself is deleted.

Parameters

user_id (str) – User ID

delete_application_credential(application_credential_id)[source]

Delete a single application credential.

Parameters

application_credential_id (str) – ID of the application credential to delete.

delete_application_credentials_for_user(user_id)[source]

Delete all application credentials for a user.

Parameters

user_id – ID of a user to whose application credentials should be deleted.

delete_application_credentials_for_user_on_project(user_id, project_id)[source]

Delete all application credentials for a user on a given project.

Parameters
  • user_id (str) – ID of a user to whose application credentials should be deleted.

  • project_id (str) – ID of a project on which to filter application credentials.

get_access_rule(access_rule_id)[source]

Get an access rule by its ID.

Parameters

access_rule_id (str) – Access Rule ID

get_application_credential(application_credential_id)[source]

Get an application credential by the credential id.

Parameters

application_credential_id (str) – Application Credential ID

list_access_rules_for_user(user_id, hints)[source]

List the access rules that a user has created.

Access rules are only created as attributes of application credentials, they cannot be created independently.

Parameters

user_id (str) – User ID

list_application_credentials_for_user(user_id, hints)[source]

List application credentials for a user.

Parameters
  • user_id (str) – User ID

  • hints – contains the list of filters yet to be satisfied. Any filters satisfied here will be removed so that the caller will know if any filters remain.

class keystone.application_credential.backends.sql.ApplicationCredentialAccessRuleModel(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

access_rule_id
application_credential_id
attributes = ['application_credential_id', 'access_rule_id']
class keystone.application_credential.backends.sql.ApplicationCredentialModel(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

access_rules
attributes = ['internal_id', 'id', 'name', 'secret_hash', 'description', 'user_id', 'project_id', 'system', 'expires_at', 'unrestricted']
description
expires_at
id
internal_id
name
project_id
roles
secret_hash
system
unrestricted
user_id
class keystone.application_credential.backends.sql.ApplicationCredentialRoleModel(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

application_credential_id
attributes = ['application_credential_id', 'role_id']
role_id