keystone.identity.backends.sql module¶
-
class
keystone.identity.backends.sql.Identity(conf=None)[source]¶ Bases:
keystone.identity.backends.base.IdentityDriverBase-
add_user_to_group(user_id, group_id)[source]¶ Add a user to a group.
- Parameters
user_id (str) – User ID.
group_id (str) – Group ID.
- Raises
keystone.exception.UserNotFound – If the user doesn’t exist.
keystone.exception.GroupNotFound – If the group doesn’t exist.
-
authenticate(user_id, password)[source]¶ Authenticate a given user and password.
- Parameters
user_id (str) – User ID
password (str) – Password
- Returns
user. See user schema in
IdentityDriverBase.- Return type
dict
- Raises
AssertionError – If user or password is invalid.
-
change_password(user_id, new_password)[source]¶ Self-service password change.
- Parameters
user_id (str) – User ID.
new_password (str) – New password.
- Raises
keystone.exception.UserNotFound – If the user doesn’t exist.
keystone.exception.PasswordValidation – If password fails validation
-
check_user_in_group(user_id, group_id)[source]¶ Check if a user is a member of a group.
- Parameters
user_id (str) – User ID.
group_id (str) – Group ID.
- Raises
keystone.exception.NotFound – If the user is not a member of the group.
keystone.exception.UserNotFound – If the user doesn’t exist.
keystone.exception.GroupNotFound – If the group doesn’t exist.
-
create_group(group_id, group)[source]¶ Create a new group.
- Parameters
group_id (str) – group ID. The driver can ignore this value.
group (dict) – group info. See group schema in
IdentityDriverBase.
- Returns
group, matching the group schema.
- Return type
dict
- Raises
keystone.exception.Conflict – If a duplicate group exists.
-
create_user(user_id, user)[source]¶ Create a new user.
- Parameters
user_id (str) – user ID. The driver can ignore this value.
user (dict) – user info. See user schema in
IdentityDriverBase.
- Returns
user, matching the user schema. The driver should not return the password.
- Return type
dict
- Raises
keystone.exception.Conflict – If a duplicate user exists.
-
delete_group(group_id)[source]¶ Delete an existing group.
- Parameters
group_id (str) – Group ID.
- Raises
keystone.exception.GroupNotFound – If the group doesn’t exist.
-
delete_user(user_id)[source]¶ Delete an existing user.
- Raises
keystone.exception.UserNotFound – If the user doesn’t exist.
-
get_group(group_id)[source]¶ Get a group by ID.
- Parameters
group_id (str) – group ID.
- Returns
group info. See group schema in
IdentityDriverBase- Return type
dict
- Raises
keystone.exception.GroupNotFound – If the group doesn’t exist.
-
get_group_by_name(group_name, domain_id)[source]¶ Get a group by name.
- Parameters
group_name (str) – group name.
domain_id (str) – domain ID.
- Returns
group info. See group schema in
IdentityDriverBase.- Return type
dict
- Raises
keystone.exception.GroupNotFound – If the group doesn’t exist.
-
get_user(user_id)[source]¶ Get a user by ID.
- Parameters
user_id (str) – User ID.
- Returns
user. See user schema in
IdentityDriverBase.- Return type
dict
- Raises
keystone.exception.UserNotFound – If the user doesn’t exist.
-
get_user_by_name(user_name, domain_id)[source]¶ Get a user by name.
- Returns
user_ref
- Raises
keystone.exception.UserNotFound – If the user doesn’t exist.
-
property
is_sql¶ Indicate if this Driver uses SQL.
-
list_groups(hints)[source]¶ List groups in the system.
- Parameters
hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible.
- Returns
a list of group_refs or an empty list. See group schema in
IdentityDriverBase.
-
list_groups_for_user(user_id, hints)[source]¶ List groups a user is in.
- Parameters
user_id (str) – the user in question
hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible.
- Returns
a list of group_refs or an empty list. See group schema in
IdentityDriverBase.- Raises
keystone.exception.UserNotFound – If the user doesn’t exist.
-
list_users(hints)[source]¶ List users in the system.
- Parameters
hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible.
- Returns
a list of users or an empty list. See user schema in
IdentityDriverBase.- Return type
list of dict
-
list_users_in_group(group_id, hints)[source]¶ List users in a group.
- Parameters
group_id (str) – the group in question
hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible.
- Returns
a list of users or an empty list. See user schema in
IdentityDriverBase.- Return type
list of dict
- Raises
keystone.exception.GroupNotFound – If the group doesn’t exist.
-
remove_user_from_group(user_id, group_id)[source]¶ Remove a user from a group.
- Parameters
user_id (str) – User ID.
group_id (str) – Group ID.
- Raises
keystone.exception.NotFound – If the user is not in the group.
-
unset_default_project_id(project_id)[source]¶ Unset a user’s default project given a specific project ID.
- Parameters
project_id (str) – project ID
-
update_group(group_id, group)[source]¶ Update an existing group.
- Parameters
group_id (str) – Group ID.
group (dict) – Group modification. See group schema in
IdentityDriverBase. Required properties cannot be removed.
- Returns
group, matching the group schema.
- Return type
dict
- Raises
keystone.exception.GroupNotFound – If the group doesn’t exist.
keystone.exception.Conflict – If a duplicate group exists.
-
update_user(user_id, user)[source]¶ Update an existing user.
- Parameters
user_id (str) – User ID.
user (dict) – User modification. See user schema in
IdentityDriverBase. Properties set to None will be removed. Required properties cannot be removed.
- Returns
user. See user schema in
IdentityDriverBase.- Raises
keystone.exception.UserNotFound – If the user doesn’t exist.
keystone.exception.Conflict – If a duplicate user exists in the same domain.
-
