keystone.federation.backends.sql module¶

class keystone.federation.backends.sql.Federation[source]¶

Bases: keystone.federation.backends.base.FederationDriverBase

create_idp(idp_id, idp)[source]¶

Create an identity provider.

Parameters

idp_id (string) – ID of IdP object
idp (dict) – idp object

Returns

idp ref

Return type

dict

create_mapping(mapping_id, mapping)[source]¶

Create a mapping.

Parameters

mapping_id (string) – ID of mapping object
mapping (dict) – mapping ref with mapping name

Returns

mapping ref

Return type

dict

create_protocol(idp_id, protocol_id, protocol)[source]¶

Add an IdP-Protocol configuration.

Parameters

idp_id (string) – ID of IdP object
protocol_id (string) – ID of protocol object
protocol (dict) – protocol object

Raises

keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.

Returns

protocol ref

Return type

dict

create_sp(sp_id, sp)[source]¶

Create a service provider.

Parameters

sp_id (string) – id of the service provider
sp (dict) – service provider object

Returns

service provider ref

Return type

dict

delete_idp(idp_id)[source]¶

Delete an identity provider.

Parameters: idp_id (string) – ID of IdP object
Raises: keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.

delete_mapping(mapping_id)[source]¶

Delete a mapping.

Parameters: mapping_id – id of mapping to delete
Returns: None

delete_protocol(idp_id, protocol_id)[source]¶

Delete an IdP-Protocol configuration.

Parameters

idp_id (string) – ID of IdP object
protocol_id (string) – ID of protocol object

Raises

keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
keystone.exception.FederatedProtocolNotFound – If the federated protocol cannot be found.

delete_sp(sp_id)[source]¶

Delete a service provider.

Parameters: sp_id (string) – id of the service provider
Raises: keystone.exception.ServiceProviderNotFound – If the service provider doesn’t exist.

get_enabled_service_providers()[source]¶

List enabled service providers for Service Catalog.

Service Provider in a catalog contains three attributes: id, auth_url, sp_url, where:

id is a unique, user defined identifier for service provider object
auth_url is an authentication URL of remote Keystone
sp_url a URL accessible at the remote service provider where SAML assertion is transmitted.

Returns: list of dictionaries with enabled service providers
Return type: list of dicts

get_idp(idp_id)[source]¶

Get an identity provider by ID.

Parameters: idp_id (string) – ID of IdP object
Raises: keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
Returns: idp ref
Return type: dict

get_idp_from_remote_id(remote_id)[source]¶

Get an identity provider by remote ID.

Parameters: remote_id – ID of remote IdP
Raises: keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
Returns: idp ref
Return type: dict

get_mapping(mapping_id)[source]¶

Get a mapping, returns the mapping based on mapping_id.

Parameters: mapping_id – id of mapping to get
Raises: keystone.exception.MappingNotFound – If the mapping cannot be found.
Returns: mapping ref
Return type: dict

get_mapping_from_idp_and_protocol(idp_id, protocol_id)[source]¶

Get mapping based on idp_id and protocol_id.

Parameters

idp_id (string) – id of the identity provider
protocol_id (string) – id of the protocol

Raises

keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
keystone.exception.FederatedProtocolNotFound – If the federated protocol cannot be found.

Returns

mapping ref

Return type

dict

get_protocol(idp_id, protocol_id)[source]¶

Get an IdP-Protocol configuration.

Parameters

idp_id (string) – ID of IdP object
protocol_id (string) – ID of protocol object

Raises

keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
keystone.exception.FederatedProtocolNotFound – If the federated protocol cannot be found.

Returns

protocol ref

Return type

dict

get_sp(sp_id)[source]¶

Get a service provider.

Parameters: sp_id (string) – id of the service provider
Returns: service provider ref
Return type: dict
Raises: keystone.exception.ServiceProviderNotFound – If the service provider doesn’t exist.

list_idps(hints=None)[source]¶

List all identity providers.

Parameters: hints – filter hints which the driver should implement if at all possible.
Returns: list of idp refs
Return type: list of dicts
Raises: keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.

list_mappings()[source]¶

List all mappings.

Returns: list of mapping refs
Return type: list of dicts

list_protocols(idp_id)[source]¶

List an IdP’s supported protocols.

Parameters: idp_id (string) – ID of IdP object
Raises: keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
Returns: list of protocol ref
Return type: list of dict

list_sps(hints=None)[source]¶

List all service providers.

Parameters: hints – filter hints which the driver should implement if at all possible.
Returns: List of service provider ref objects
Return type: list of dicts
Raises: keystone.exception.ServiceProviderNotFound – If the SP doesn’t exist.

update_idp(idp_id, idp)[source]¶

Update an identity provider by ID.

Parameters

idp_id (string) – ID of IdP object
idp (dict) – idp object

Raises

keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.

Returns

idp ref

Return type

dict

update_mapping(mapping_id, mapping)[source]¶

Update a mapping.

Parameters

mapping_id (string) – id of mapping to update
mapping_ref (dict) – new mapping ref

Returns

mapping ref

Return type

dict

update_protocol(idp_id, protocol_id, protocol)[source]¶

Change an IdP-Protocol configuration.

Parameters

idp_id (string) – ID of IdP object
protocol_id (string) – ID of protocol object
protocol (dict) – protocol object

Raises

keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
keystone.exception.FederatedProtocolNotFound – If the federated protocol cannot be found.

Returns

protocol ref

Return type

dict

update_sp(sp_id, sp)[source]¶

Update a service provider.

Parameters

sp_id (string) – id of the service provider
sp (dict) – service prvider object

Returns

service provider ref

Return type

dict

Raises

keystone.exception.ServiceProviderNotFound – If the service provider doesn’t exist.

class keystone.federation.backends.sql.FederationProtocolModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

attributes = ['id', 'idp_id', 'mapping_id', 'remote_id_attribute']¶

classmethod from_dict(dictionary)[source]¶: Return a model instance from a dictionary.

id¶

idp_id¶

mapping_id¶

mutable_attributes = frozenset({'mapping_id', 'remote_id_attribute'})¶

remote_id_attribute¶

to_dict()[source]¶: Return a dictionary with model’s attributes.

class keystone.federation.backends.sql.IdPRemoteIdsModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

attributes = ['idp_id', 'remote_id']¶

classmethod from_dict(dictionary)[source]¶: Return a model instance from a dictionary.

idp_id¶

mutable_attributes = frozenset({'idp_id', 'remote_id'})¶

remote_id¶

to_dict()[source]¶: Return a dictionary with model’s attributes.

class keystone.federation.backends.sql.IdentityProviderModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

attributes = ['id', 'domain_id', 'enabled', 'description', 'remote_ids', 'authorization_ttl']¶

authorization_ttl¶

description¶

domain_id¶

enabled¶

expiring_user_group_memberships¶

classmethod from_dict(dictionary)[source]¶: Return a model instance from a dictionary.

id¶

mutable_attributes = frozenset({'authorization_ttl', 'description', 'enabled', 'remote_ids'})¶

remote_ids¶

to_dict()[source]¶: Return a dictionary with model’s attributes.

class keystone.federation.backends.sql.MappingModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

attributes = ['id', 'rules']¶

classmethod from_dict(dictionary)[source]¶: Return a model instance from a dictionary.

id¶

rules¶

to_dict()[source]¶: Return a dictionary with model’s attributes.

class keystone.federation.backends.sql.ServiceProviderModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

attributes = ['auth_url', 'id', 'enabled', 'description', 'relay_state_prefix', 'sp_url']¶

auth_url¶

description¶

enabled¶

classmethod from_dict(dictionary)[source]¶: Return a model instance from a dictionary.

id¶

mutable_attributes = frozenset({'auth_url', 'description', 'enabled', 'relay_state_prefix', 'sp_url'})¶

relay_state_prefix¶

sp_url¶

to_dict()[source]¶: Return a dictionary with model’s attributes.