keystone.application_credential.backends.sql module¶
-
class
keystone.application_credential.backends.sql.
AccessRuleModel
(*args, **kwargs)[source]¶ Bases:
sqlalchemy.ext.declarative.api.Base
,keystone.common.sql.core.ModelDictMixin
-
application_credential
¶
-
attributes
= ['external_id', 'user_id', 'service', 'path', 'method']¶
-
external_id
¶
-
id
¶
-
method
¶
-
path
¶
-
service
¶
-
user_id
¶
-
-
class
keystone.application_credential.backends.sql.
ApplicationCredential
[source]¶ Bases:
keystone.application_credential.backends.base.ApplicationCredentialDriverBase
-
authenticate
(application_credential_id, secret)[source]¶ Validate an application credential.
- Parameters
application_credential_id (str) – Application Credential ID
secret (str) – Secret
- Raises
AssertionError – If id or secret is invalid.
-
create_application_credential
(application_credential, roles, access_rules=None)[source]¶ Create a new application credential.
- Parameters
application_credential (dict) – Application Credential data
roles (list) – A list of roles that apply to the application_credential.
- Returns
a new application credential
-
delete_access_rule
(access_rule_id)[source]¶ Delete one access rule.
- Parameters
access_rule_id (str) – Access Rule ID
-
delete_access_rules_for_user
(user_id)[source]¶ Delete all access rules for user.
This is called when the user itself is deleted.
- Parameters
user_id (str) – User ID
-
delete_application_credential
(application_credential_id)[source]¶ Delete a single application credential.
- Parameters
application_credential_id (str) – ID of the application credential to delete.
-
delete_application_credentials_for_user
(user_id)[source]¶ Delete all application credentials for a user.
- Parameters
user_id – ID of a user to whose application credentials should be deleted.
-
delete_application_credentials_for_user_on_project
(user_id, project_id)[source]¶ Delete all application credentials for a user on a given project.
- Parameters
user_id (str) – ID of a user to whose application credentials should be deleted.
project_id (str) – ID of a project on which to filter application credentials.
-
get_access_rule
(access_rule_id)[source]¶ Get an access rule by its ID.
- Parameters
access_rule_id (str) – Access Rule ID
-
get_application_credential
(application_credential_id)[source]¶ Get an application credential by the credential id.
- Parameters
application_credential_id (str) – Application Credential ID
-
-
class
keystone.application_credential.backends.sql.
ApplicationCredentialAccessRuleModel
(*args, **kwargs)[source]¶ Bases:
sqlalchemy.ext.declarative.api.Base
,keystone.common.sql.core.ModelDictMixin
-
access_rule_id
¶
-
application_credential_id
¶
-
attributes
= ['application_credential_id', 'access_rule_id']¶
-
-
class
keystone.application_credential.backends.sql.
ApplicationCredentialModel
(*args, **kwargs)[source]¶ Bases:
sqlalchemy.ext.declarative.api.Base
,keystone.common.sql.core.ModelDictMixin
-
access_rules
¶
-
attributes
= ['internal_id', 'id', 'name', 'secret_hash', 'description', 'user_id', 'project_id', 'system', 'expires_at', 'unrestricted']¶
-
description
¶
-
expires_at
¶
-
id
¶
-
internal_id
¶
-
name
¶
-
project_id
¶
-
roles
¶
-
secret_hash
¶
-
system
¶
-
unrestricted
¶
-
user_id
¶
-