keystone.application_credential.backends.sql module

class keystone.application_credential.backends.sql.AccessRuleModel(*args, **kwargs)

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

application_credential

attributes = ['external_id', 'user_id', 'service', 'path', 'method']

external_id

id

method

path

service

user_id

class keystone.application_credential.backends.sql.ApplicationCredential

Bases: keystone.application_credential.backends.base.ApplicationCredentialDriverBase

authenticate(application_credential_id, secret)

Validate an application credential.

Parameters

• application_credential_id (str) – Application Credential ID

• secret (str) – Secret

Raises

AssertionError – If id or secret is invalid.

create_application_credential(application_credential, roles, access_rules=None)

Create a new application credential.

Parameters

• application_credential (dict) – Application Credential data

• roles (list) – A list of roles that apply to the application_credential.

Returns

a new application credential

delete_access_rule(access_rule_id)

Delete one access rule.

Parameters

access_rule_id (str) – Access Rule ID

delete_access_rules_for_user(user_id)

Delete all access rules for user.

This is called when the user itself is deleted.

Parameters

user_id (str) – User ID

delete_application_credential(application_credential_id)

Delete a single application credential.

Parameters

application_credential_id (str) – ID of the application credential to delete.

delete_application_credentials_for_user(user_id)

Delete all application credentials for a user.

Parameters

user_id – ID of a user to whose application credentials should be deleted.

delete_application_credentials_for_user_on_project(user_id, project_id)

Delete all application credentials for a user on a given project.

Parameters

• user_id (str) – ID of a user to whose application credentials should be deleted.

• project_id (str) – ID of a project on which to filter application credentials.

get_access_rule(access_rule_id)

Get an access rule by its ID.

Parameters

access_rule_id (str) – Access Rule ID

get_application_credential(application_credential_id)

Get an application credential by the credential id.

Parameters

application_credential_id (str) – Application Credential ID

list_access_rules_for_user(user_id, hints)

List the access rules that a user has created.

Access rules are only created as attributes of application credentials, they cannot be created independently.

Parameters

user_id (str) – User ID

list_application_credentials_for_user(user_id, hints)

List application credentials for a user.

Parameters

• user_id (str) – User ID

• hints – contains the list of filters yet to be satisfied. Any filters satisfied here will be removed so that the caller will know if any filters remain.

class keystone.application_credential.backends.sql.ApplicationCredentialAccessRuleModel(*args, **kwargs)

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

access_rule_id

application_credential_id

attributes = ['application_credential_id', 'access_rule_id']

class keystone.application_credential.backends.sql.ApplicationCredentialModel(*args, **kwargs)

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

access_rules

attributes = ['internal_id', 'id', 'name', 'secret_hash', 'description', 'user_id', 'project_id', 'system', 'expires_at', 'unrestricted']

description

expires_at

id

internal_id

name

project_id

roles

secret_hash

system

unrestricted

user_id

class keystone.application_credential.backends.sql.ApplicationCredentialRoleModel(*args, **kwargs)

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

application_credential_id

attributes = ['application_credential_id', 'role_id']

role_id