keystoneclient.v3 package¶
Subpackages¶
- keystoneclient.v3.contrib package
- Subpackages
- keystoneclient.v3.contrib.federation package
- Submodules
- keystoneclient.v3.contrib.federation.base module
- keystoneclient.v3.contrib.federation.core module
- keystoneclient.v3.contrib.federation.domains module
- keystoneclient.v3.contrib.federation.identity_providers module
- keystoneclient.v3.contrib.federation.mappings module
- keystoneclient.v3.contrib.federation.projects module
- keystoneclient.v3.contrib.federation.protocols module
- keystoneclient.v3.contrib.federation.saml module
- keystoneclient.v3.contrib.federation.service_providers module
- Module contents
- keystoneclient.v3.contrib.oauth1 package
- Submodules
- keystoneclient.v3.contrib.oauth1.access_tokens module
- keystoneclient.v3.contrib.oauth1.auth module
- keystoneclient.v3.contrib.oauth1.consumers module
- keystoneclient.v3.contrib.oauth1.core module
- keystoneclient.v3.contrib.oauth1.request_tokens module
- keystoneclient.v3.contrib.oauth1.utils module
- Module contents
- keystoneclient.v3.contrib.federation package
- Submodules
- keystoneclient.v3.contrib.endpoint_filter module
- keystoneclient.v3.contrib.endpoint_policy module
- keystoneclient.v3.contrib.simple_cert module
- keystoneclient.v3.contrib.trusts module
- Module contents
- Subpackages
Submodules¶
keystoneclient.v3.application_credentials module¶
-
class
keystoneclient.v3.application_credentials.
ApplicationCredential
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity application credential.
- Attributes:
id: a uuid that identifies the application credential
user: the user who owns the application credential
name: application credential name
secret: application credential secret
description: application credential description
expires_at: expiry time
roles: role assignments on the project
- unrestricted: whether the application credential has restrictions
applied
-
class
keystoneclient.v3.application_credentials.
ApplicationCredentialManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity application credentials.
-
collection_key
= 'application_credentials'¶
-
create
(name, user=None, secret=None, description=None, expires_at=None, roles=None, unrestricted=False, **kwargs)¶ Create a credential.
- Parameters
name (string) – application credential name
user (string) – User ID
secret – application credential secret
description – application credential description
expires_at (datetime.datetime) – expiry time
roles (List) – list of roles on the project. Maybe a list of IDs or a list of dicts specifying role name and domain
unrestricted (bool) – whether the application credential has restrictions applied
- Returns
the created application credential
- Return type
keystoneclient.v3.application_credentials.ApplicationCredential
-
delete
(application_credential, user=None)¶ Delete an application credential.
- Parameters
application_credential – the application credential to be deleted
- Returns
response object with 204 status
- Return type
requests.models.Response
-
find
(user=None, **kwargs)¶ Find an application credential with attributes matching
**kwargs
.- Parameters
user (string) – User ID
- Returns
a list of matching application credentials
- Return type
list of
keystoneclient.v3.application_credentials.ApplicationCredential
-
get
(application_credential, user=None)¶ Retrieve an application credential.
- Parameters
application_credential – the credential to be retrieved from the server
- Returns
the specified application credential
- Return type
keystoneclient.v3.application_credentials.ApplicationCredential
-
key
= 'application_credential'¶
-
list
(user=None, **kwargs)¶ List application credentials.
- Parameters
user (string) – User ID
- Returns
a list of application credentials
- Return type
list of
keystoneclient.v3.application_credentials.ApplicationCredential
-
resource_class
¶ alias of
ApplicationCredential
-
update
()¶
-
keystoneclient.v3.auth module¶
-
class
keystoneclient.v3.auth.
AuthManager
(client)¶ Bases:
keystoneclient.base.Manager
Retrieve auth context specific information.
The information returned by the auth routes is entirely dependent on the authentication information provided by the user.
-
domains
()¶ List Domains that the specified token can be rescoped to.
- Returns
a list of domains.
- Return type
list of
keystoneclient.v3.domains.Domain
.
-
projects
()¶ List projects that the specified token can be rescoped to.
- Returns
a list of projects.
- Return type
-
keystoneclient.v3.client module¶
-
class
keystoneclient.v3.client.
Client
(**kwargs)¶ Bases:
keystoneclient.httpclient.HTTPClient
Client for the OpenStack Identity API v3.
- Parameters
session (keystoneauth1.session.Session) – Session for requests. (optional)
user_id (string) – User ID for authentication. (optional)
username (string) – Username for authentication. (optional)
user_domain_id (string) – User’s domain ID for authentication. (optional)
user_domain_name (string) – User’s domain name for authentication. (optional)
password (string) – Password for authentication. (optional)
token (string) – Token for authentication. (optional)
domain_id (string) – Domain ID for domain scoping. (optional)
domain_name (string) – Domain name for domain scoping. (optional)
project_id (string) – Project ID for project scoping. (optional)
project_name (string) – Project name for project scoping. (optional)
project_domain_id (string) – Project’s domain ID for project scoping. (optional)
project_domain_name (string) – Project’s domain name for project scoping. (optional)
tenant_name (string) – Tenant name. (optional) The tenant_name keyword argument is deprecated as of the 1.7.0 release in favor of project_name and may be removed in the 2.0.0 release.
tenant_id (string) – Tenant id. (optional) The tenant_id keyword argument is deprecated as of the 1.7.0 release in favor of project_id and may be removed in the 2.0.0 release.
auth_url (string) – Identity service endpoint for authorization.
region_name (string) – Name of a region to select when choosing an endpoint from the service catalog.
endpoint (string) – A user-supplied endpoint URL for the identity service. Lazy-authentication is possible for API service calls if endpoint is set at instantiation. (optional)
timeout (integer) – Allows customization of the timeout for client http requests. (optional)
Warning
Constructing an instance of this class without a session is deprecated as of the 1.7.0 release and will be removed in the 2.0.0 release.
Example:
>>> from keystoneauth1.identity import v3 >>> from keystoneauth1 import session >>> from keystoneclient.v3 import client >>> auth = v3.Password(user_domain_name=DOMAIN_NAME, ... username=USER, ... password=PASS, ... project_domain_name=PROJECT_DOMAIN_NAME, ... project_name=PROJECT_NAME, ... auth_url=KEYSTONE_URL) >>> sess = session.Session(auth=auth) >>> keystone = client.Client(session=sess) >>> keystone.projects.list() ... >>> user = keystone.users.get(USER_ID) >>> user.delete()
Instances of this class have the following managers:
-
credentials
¶
-
domain_configs
¶
-
endpoint_filter
¶ keystoneclient.v3.contrib.endpoint_filter.EndpointFilterManager
-
endpoint_groups
¶
-
endpoint_policy
¶ keystoneclient.v3.contrib.endpoint_policy.EndpointPolicyManager
-
registered_limits
¶
-
role_assignments
¶
-
get_raw_token_from_identity_service
(auth_url, user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None, domain_id=None, domain_name=None, project_id=None, project_name=None, project_domain_id=None, project_domain_name=None, token=None, trust_id=None, **kwargs)¶ Authenticate against the v3 Identity API.
If password and token methods are both provided then both methods will be used in the request.
- Returns
access.AccessInfo if authentication was successful.
- Return type
- Raises
keystoneclient.exceptions.AuthorizationFailure – if unable to authenticate or validate the existing authorization token.
keystoneclient.exceptions.Unauthorized – if authentication fails due to invalid token.
-
process_token
(**kwargs)¶ Extract and process information from the new auth_ref.
And set the relevant authentication information.
-
serialize
(entity)¶
-
version
= 'v3'¶
keystoneclient.v3.credentials module¶
-
class
keystoneclient.v3.credentials.
Credential
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity credential.
- Attributes:
id: a uuid that identifies the credential
user_id: user ID to which credential belongs
type: the type of credential
blob: the text that represents the credential
project_id: project ID which limits the scope of the credential
-
class
keystoneclient.v3.credentials.
CredentialManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity credentials.
-
collection_key
= 'credentials'¶
-
create
(user, type, blob, project=None, **kwargs)¶ Create a credential.
- Parameters
user (str or
keystoneclient.v3.users.User
) – the user to which the credential belongstype (str) – the type of the credential, valid values are:
ec2
,cert
ortotp
blob (str) – the arbitrary blob of the credential data, to be parsed according to the type
project (str or
keystoneclient.v3.projects.Project
) – the project which limits the scope of the credential, this attribbute is mandatory if the credential type is ec2kwargs – any other attribute provided will be passed to the server
- Returns
the created credential
- Return type
-
delete
(credential)¶ Delete a credential.
- Parameters
credential (str or
keystoneclient.v3.credentials.Credential
) – the credential to be deleted- Returns
response object with 204 status
- Return type
requests.models.Response
-
get
(credential)¶ Retrieve a credential.
- Parameters
credential (str or
keystoneclient.v3.credentials.Credential
) – the credential to be retrieved from the server- Returns
the specified credential
- Return type
-
key
= 'credential'¶
-
list
(**kwargs)¶ List credentials.
- Parameters
kwargs – If user_id or type is specified then credentials will be filtered accordingly.
- Returns
a list of credentials
- Return type
-
resource_class
¶ alias of
Credential
-
update
(credential, user, type=None, blob=None, project=None, **kwargs)¶ Update a credential.
- Parameters
credential (str or
keystoneclient.v3.credentials.Credential
) – the credential to be updated on the serveruser (str or
keystoneclient.v3.users.User
) – the new user to which the credential belongstype (str) – the new type of the credential, valid values are:
ec2
,cert
ortotp
blob (str) – the new blob of the credential data and may be removed in the future release.
project (str or
keystoneclient.v3.projects.Project
) – the new project which limits the scope of the credential, this attribute is mandatory if the credential type is ec2kwargs – any other attribute provided will be passed to the server
- Returns
the updated credential
- Return type
-
keystoneclient.v3.domain_configs module¶
-
class
keystoneclient.v3.domain_configs.
DomainConfig
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
An object representing a domain config association.
This resource object does not necessarily contain fixed attributes, as new attributes are added in the server, they are supported here directly. The currently supported configs are identity and ldap.
-
class
keystoneclient.v3.domain_configs.
DomainConfigManager
(client)¶ Bases:
keystoneclient.base.Manager
Manager class for manipulating domain config associations.
-
build_url
(domain)¶
-
create
(domain, config)¶ Create a config for a domain.
- Parameters
domain (str or
keystoneclient.v3.domains.Domain
) – the domain where the config is going to be applied.config (dict) – a dictionary of domain configurations.
Example of the
config
parameter:{ "identity": { "driver": "ldap" }, "ldap": { "url": "ldap://myldap.com:389/", "user_tree_dn": "ou=Users,dc=my_new_root,dc=org" } }
- Returns
the created domain config returned from server.
- Return type
-
delete
(domain)¶ Delete a config for a domain.
- Parameters
domain (str or
keystoneclient.v3.domains.Domain
) – the domain which the config will be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
find
(**kwargs)¶
-
get
(domain)¶ Get a config for a domain.
- Parameters
domain (str or
keystoneclient.v3.domains.Domain
) – the domain for which the config is defined.- Returns
the domain config returned from server.
- Return type
-
key
= 'config'¶
-
list
(**kwargs)¶
-
resource_class
¶ alias of
DomainConfig
-
update
(domain, config)¶ Update a config for a domain.
- Parameters
domain (str or
keystoneclient.v3.domains.Domain
) – the domain where the config is going to be updated.config (dict) – a dictionary of domain configurations.
Example of the
config
parameter:{ "identity": { "driver": "ldap" }, "ldap": { "url": "ldap://myldap.com:389/", "user_tree_dn": "ou=Users,dc=my_new_root,dc=org" } }
- Returns
the updated domain config returned from server.
- Return type
-
keystoneclient.v3.domains module¶
-
class
keystoneclient.v3.domains.
Domain
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity domain.
- Attributes:
id: a uuid that identifies the domain
name: the name of the domain
description: a description of the domain
enabled: determines whether the domain is enabled
-
class
keystoneclient.v3.domains.
DomainManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity domains.
-
collection_key
= 'domains'¶
-
create
(name, description=None, enabled=True, **kwargs)¶ Create a domain.
- Parameters
- Returns
the created domain returned from server.
- Return type
-
delete
(domain)¶ “Delete a domain.
- Parameters
domain (str or
keystoneclient.v3.domains.Domain
) – the domain to be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
get
(domain)¶ Retrieve a domain.
- Parameters
domain (str or
keystoneclient.v3.domains.Domain
) – the domain to be retrieved from the server.- Returns
the specified domain returned from server.
- Return type
-
key
= 'domain'¶
-
list
(**kwargs)¶ List domains.
- Parameters
kwargs – allows filter criteria to be passed where supported by the server.
- Returns
a list of domains.
- Return type
list of
keystoneclient.v3.domains.Domain
.
-
update
(domain, name=None, description=None, enabled=None, **kwargs)¶ Update a domain.
- Parameters
domain (str or
keystoneclient.v3.domains.Domain
) – the domain to be updated on the server.name (str) – the new name of the domain.
description (str) – the new description of the domain.
enabled (bool) – whether the domain is enabled.
kwargs – any other attribute provided will be passed to the server.
- Returns
the updated domain returned from server.
- Return type
-
keystoneclient.v3.ec2 module¶
-
class
keystoneclient.v3.ec2.
EC2
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an EC2 resource.
- Attributes:
id: a string that identifies the EC2 resource.
user_id: the ID field of a pre-existing user in the backend.
project_id: the ID field of a pre-existing project in the backend.
access: a string representing access key of the access/secret pair.
secret: a string representing the secret of the access/secret pair.
-
class
keystoneclient.v3.ec2.
EC2Manager
(client)¶ Bases:
keystoneclient.base.ManagerWithFind
-
create
(user_id, project_id)¶ Create a new access/secret pair.
- Parameters
user_id (str or
keystoneclient.v3.users.User
) – the ID of the user having access/secret pair.project_id (str or
keystoneclient.v3.projects.Project
) – the ID of the project having access/secret pair.
- Returns
the created access/secret pair returned from server.
- Return type
-
delete
(user_id, access)¶ Delete an access/secret pair.
- Parameters
user_id (str or
keystoneclient.v3.users.User
) – the ID of the user whose access/secret pair will be deleted on the server.access (str) – the access key whose access/secret pair will be deleted on the server.
- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
get
(user_id, access)¶ Retrieve an access/secret pair for a given access key.
- Parameters
user_id (str or
keystoneclient.v3.users.User
) – the ID of the user whose access/secret pair will be retrieved from the server.access (str) – the access key whose access/secret pair will be retrieved from the server.
- Returns
the specified access/secret pair returned from server.
- Return type
-
list
(user_id)¶ List access/secret pairs for a given user.
- Parameters
user_id (str) – the ID of the user having access/secret pairs will be listed.
- Returns
a list of access/secret pairs.
- Return type
list of
keystoneclient.v3.ec2.EC2
-
keystoneclient.v3.endpoint_groups module¶
-
class
keystoneclient.v3.endpoint_groups.
EndpointGroup
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an identity endpoint group.
- Attributes:
id: a UUID that identifies the endpoint group
name: the endpoint group name
description: the endpoint group description
- filters: representation of filters in the format of JSON that define
what endpoint entities are part of the group
-
class
keystoneclient.v3.endpoint_groups.
EndpointGroupManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for Endpoint Groups.
-
base_url
= 'OS-EP-FILTER'¶
-
check
(endpoint_group)¶ Check if an endpoint group exists.
- Parameters
endpoint_group (str or
keystoneclient.v3.endpoint_groups.EndpointGroup
) – the endpoint group to be checked against the server.- Returns
none if the specified endpoint group exists.
-
collection_key
= 'endpoint_groups'¶
-
create
(name, filters, description=None, **kwargs)¶ Create an endpoint group.
- Parameters
- Returns
the created endpoint group returned from server.
- Return type
-
delete
(endpoint_group)¶ Delete an endpoint group.
- Parameters
endpoint_group (str or
keystoneclient.v3.endpoint_groups.EndpointGroup
) – the endpoint group to be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
get
(endpoint_group)¶ Retrieve an endpoint group.
- Parameters
endpoint_group (str or
keystoneclient.v3.endpoint_groups.EndpointGroup
) – the endpoint group to be retrieved from the server.- Returns
the specified endpoint group returned from server.
- Return type
-
key
= 'endpoint_group'¶
-
list
(**kwargs)¶ List endpoint groups.
Any parameter provided will be passed to the server.
- Returns
a list of endpoint groups.
- Return type
-
resource_class
¶ alias of
EndpointGroup
-
update
(endpoint_group, name=None, filters=None, description=None, **kwargs)¶ Update an endpoint group.
- Parameters
name (str) – the new name of the endpoint group.
filters (str) – the new representation of filters in the format of JSON that define what endpoint entities are part of the group.
description (str) – the new description of the endpoint group.
kwargs – any other attribute provided will be passed to the server.
- Returns
the updated endpoint group returned from server.
- Return type
-
keystoneclient.v3.endpoints module¶
-
class
keystoneclient.v3.endpoints.
Endpoint
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity endpoint.
- Attributes:
id: a uuid that identifies the endpoint
interface: ‘public’, ‘admin’ or ‘internal’ network interface
region: geographic location of the endpoint
service_id: service to which the endpoint belongs
url: fully qualified service endpoint
- enabled: determines whether the endpoint appears in the service
catalog
-
class
keystoneclient.v3.endpoints.
EndpointManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity endpoints.
-
collection_key
= 'endpoints'¶
-
create
(service, url, interface=None, region=None, enabled=True, **kwargs)¶ Create an endpoint.
- Parameters
service (str or
keystoneclient.v3.services.Service
) – the service to which the endpoint belongs.url (str) – the URL of the fully qualified service endpoint.
interface (str) – the network interface of the endpoint. Valid values are:
public
,admin
orinternal
.region (str or
keystoneclient.v3.regions.Region
) – the region to which the endpoint belongs.enabled (bool) – whether the endpoint is enabled or not, determining if it appears in the service catalog.
kwargs – any other attribute provided will be passed to the server.
- Returns
the created endpoint returned from server.
- Return type
-
delete
(endpoint)¶ Delete an endpoint.
- Parameters
endpoint (str or
keystoneclient.v3.endpoints.Endpoint
) – the endpoint to be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
get
(endpoint)¶ Retrieve an endpoint.
- Parameters
endpoint (str or
keystoneclient.v3.endpoints.Endpoint
) – the endpoint to be retrieved from the server.- Returns
the specified endpoint returned from server.
- Return type
-
key
= 'endpoint'¶
-
list
(service=None, interface=None, region=None, enabled=None, region_id=None, **kwargs)¶ List endpoints.
- Parameters
service (str or
keystoneclient.v3.services.Service
) – the service of the endpoints to be filtered on.interface (str) – the network interface of the endpoints to be filtered on. Valid values are:
public
,admin
orinternal
.enabled (bool) – whether to return enabled or disabled endpoints.
region_id (str) – filter endpoints by the region_id attribute. If both region and region_id are specified, region takes precedence.
kwargs – any other attribute provided will filter endpoints on.
- Returns
a list of endpoints.
- Return type
-
update
(endpoint, service=None, url=None, interface=None, region=None, enabled=None, **kwargs)¶ Update an endpoint.
- Parameters
endpoint (str or
keystoneclient.v3.endpoints.Endpoint
) – the endpoint to be updated on the server.service (str or
keystoneclient.v3.services.Service
) – the new service to which the endpoint belongs.url (str) – the new URL of the fully qualified service endpoint.
interface (str) – the new network interface of the endpoint. Valid values are:
public
,admin
orinternal
.region (str or
keystoneclient.v3.regions.Region
) – the new region to which the endpoint belongs.enabled (bool) – determining if the endpoint appears in the service catalog by enabling or disabling it.
kwargs – any other attribute provided will be passed to the server.
- Returns
the updated endpoint returned from server.
- Return type
-
keystoneclient.v3.groups module¶
-
class
keystoneclient.v3.groups.
Group
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity user group.
- Attributes:
id: a uuid that identifies the group
name: group name
description: group description
-
update
(name=None, description=None)¶
-
class
keystoneclient.v3.groups.
GroupManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity groups.
-
collection_key
= 'groups'¶
-
create
(name, domain=None, description=None, **kwargs)¶ Create a group.
- Parameters
name (str) – the name of the group.
domain (str or
keystoneclient.v3.domains.Domain
) – the domain of the group.description (str) – a description of the group.
kwargs – any other attribute provided will be passed to the server.
- Returns
the created group returned from server.
- Return type
-
delete
(group)¶ Delete a group.
- Parameters
group (str or
keystoneclient.v3.groups.Group
) – the group to be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
get
(group)¶ Retrieve a group.
- Parameters
group (str or
keystoneclient.v3.groups.Group
) – the group to be retrieved from the server.- Returns
the specified group returned from server.
- Return type
-
key
= 'group'¶
-
list
(user=None, domain=None, **kwargs)¶ List groups.
- Parameters
user (str or
keystoneclient.v3.users.User
) – the user of the groups to be filtered on.domain (str or
keystoneclient.v3.domains.Domain
) – the domain of the groups to be filtered on.kwargs – any other attribute provided will filter groups on.
- Returns
a list of groups.
- Return type
list of
keystoneclient.v3.groups.Group
.
-
update
(group, name=None, description=None, **kwargs)¶ Update a group.
- Parameters
group (str or
keystoneclient.v3.groups.Group
) – the group to be updated on the server.name (str) – the new name of the group.
description (str) – the new description of the group.
kwargs – any other attribute provided will be passed to server.
- Returns
the updated group returned from server.
- Return type
-
keystoneclient.v3.limits module¶
-
class
keystoneclient.v3.limits.
Limit
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents a project limit.
- Attributes:
id: a UUID that identifies the project limit
service_id: a UUID that identifies the service for the limit
region_id: a UUID that identifies the region for the limit
project_id: a UUID that identifies the project for the limit
resource_name: the name of the resource to limit
resource_limit: the limit to apply to the project
description: a description for the project limit
-
class
keystoneclient.v3.limits.
LimitManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for project limits.
-
collection_key
= 'limits'¶
-
create
(project, service, resource_name, resource_limit, description=None, region=None, **kwargs)¶ Create a project-specific limit.
- Parameters
project (str or
keystoneclient.v3.projects.Project
) – the project to create a limit for.service (str or
keystoneclient.v3.services.Service
) – the service that owns the resource to limit.resource_name (str) – the name of the resource to limit
resource_limit (int) – the quantity of the limit
description (str) – a description of the limit
region (str or
keystoneclient.v3.regions.Region
) – region the limit applies to
- Returns
a reference of the created limit
- Return type
-
delete
(limit)¶ Delete a project-specific limit.
- Parameters
limit (str or
keystoneclient.v3.limit.Limit
) – the project-specific limit to be deleted.- Returns
Response object with 204 status
- Return type
requests.models.Response
-
get
(limit)¶ Retrieve a project limit.
- Parameters
limit (str or
keystoneclient.v3.limit.Limit
) – the project-specific limit to be retrieved.- Returns
a project-specific limit
- Return type
keystoneclient.v3.limit.Limit
-
key
= 'limit'¶
-
list
(service=None, region=None, resource_name=None, **kwargs)¶ List project-specific limits.
Any parameter provided will be passed to the server as a filter
- Parameters
service (UUID or
keystoneclient.v3.services.Service
) – service to filter limits byregion (UUID or
keystoneclient.v3.regions.Region
) – region to filter limits byresource_name (str) – the name of the resource to filter limits by
- Returns
a list of project-specific limits.
- Return type
list of
keystoneclient.v3.limits.Limit
-
update
(limit, project=None, service=None, resource_name=None, resource_limit=None, description=None, **kwargs)¶ Update a project-specific limit.
- Parameters
limit – a limit to update
project (str or
keystoneclient.v3.projects.Project
) – the project ID of the limit to updateresource_limit – the limit of the limit’s resource to update
description (str) – a description of the limit
- Type
resource_limit: int
- Returns
a reference of the updated limit.
- Return type
-
keystoneclient.v3.policies module¶
-
class
keystoneclient.v3.policies.
Policy
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity policy.
- Attributes:
id: a uuid that identifies the policy
blob: a policy document (blob)
type: the MIME type of the policy blob
-
update
(blob=None, type=None)¶
-
class
keystoneclient.v3.policies.
PolicyManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity policies.
-
collection_key
= 'policies'¶
-
create
(blob, type='application/json', **kwargs)¶ Create a policy.
- Parameters
- Returns
the created policy returned from server.
- Return type
-
delete
(policy)¶ “Delete a policy.
- Parameters
policy (str or
keystoneclient.v3.policies.Policy
) – the policy to be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
get
(policy)¶ Retrieve a policy.
- Parameters
policy (str or
keystoneclient.v3.policies.Policy
) – the policy to be retrieved from the server.- Returns
the specified policy returned from server.
- Return type
-
key
= 'policy'¶
-
list
(**kwargs)¶ List policies.
- Parameters
kwargs – allows filter criteria to be passed where supported by the server.
- Returns
a list of policies.
- Return type
list of
keystoneclient.v3.policies.Policy
.
-
update
(policy, blob=None, type=None, **kwargs)¶ Update a policy.
- Parameters
policy (str or
keystoneclient.v3.policies.Policy
) – the policy to be updated on the server.blob (str) – the new policy document.
type (str) – the new MIME type of the policy blob.
kwargs – any other attribute provided will be passed to the server.
- Returns
the updated policy returned from server.
- Return type
-
keystoneclient.v3.projects module¶
-
class
keystoneclient.v3.projects.
Project
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity project.
- Attributes:
id: a uuid that identifies the project
name: project name
description: project description
enabled: boolean to indicate if project is enabled
parent_id: a uuid representing this project’s parent in hierarchy
- parents: a list or a structured dict containing the parents of this
project in the hierarchy
- subtree: a list or a structured dict containing the subtree of this
project in the hierarchy
-
add_tag
(tag)¶
-
check_tag
(tag)¶
-
delete_tag
(tag)¶
-
update
(name=None, description=None, enabled=None)¶
-
class
keystoneclient.v3.projects.
ProjectManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity projects.
-
add_tag
(project, tag)¶ Add a tag to a project.
- Parameters
project – project to add a tag to.
tag – str name of tag.
-
check_tag
(project, tag)¶ Check if tag is associated with project.
- Parameters
project – project to check tags for.
tag – str name of tag
- Returns
true if tag is associated, false otherwise
-
collection_key
= 'projects'¶
-
create
(name, domain, description=None, enabled=True, parent=None, **kwargs)¶ Create a project.
- Parameters
name (str) – the name of the project.
domain (str or
keystoneclient.v3.domains.Domain
) – the domain of the project.description (str) – the description of the project.
enabled (bool) – whether the project is enabled.
parent (str or
keystoneclient.v3.projects.Project
) – the parent of the project in the hierarchy.kwargs – any other attribute provided will be passed to the server.
- Returns
the created project returned from server.
- Return type
-
delete
(project)¶ Delete a project.
- Parameters
project (str or
keystoneclient.v3.projects.Project
) – the project to be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
delete_tag
(project, tag)¶ Remove tag from project.
- Parameters
projectd – project to remove tag from.
tag – str name of tag to remove from project
-
find
(**kwargs)¶ Find a single item with attributes matching
**kwargs
.
-
get
(project, subtree_as_list=False, parents_as_list=False, subtree_as_ids=False, parents_as_ids=False)¶ Retrieve a project.
- Parameters
project (str or
keystoneclient.v3.projects.Project
) – the project to be retrieved from the server.subtree_as_list (bool) – retrieve projects below this project in the hierarchy as a flat list. It only includes the projects in which the current user has role assignments on.
parents_as_list (bool) – retrieve projects above this project in the hierarchy as a flat list. It only includes the projects in which the current user has role assignments on.
subtree_as_ids (bool) – retrieve the IDs from the projects below this project in the hierarchy as a structured dictionary.
parents_as_ids (bool) – retrieve the IDs from the projects above this project in the hierarchy as a structured dictionary.
- Returns
the specified project returned from server.
- Return type
- Raises
keystoneclient.exceptions.ValidationError – if subtree_as_list and subtree_as_ids or parents_as_list and parents_as_ids are included at the same time in the call.
-
key
= 'project'¶
-
list
(domain=None, user=None, **kwargs)¶ List projects.
- Parameters
domain (str or
keystoneclient.v3.domains.Domain
) – the domain of the projects to be filtered on.user (str or
keystoneclient.v3.users.User
) – filter in projects the specified user has role assignments on.kwargs – any other attribute provided will filter projects on. Project tags filter keyword:
tags
,tags_any
,not_tags
, andnot_tags_any
. tag attribute type string. Pass in a comma separated string to filter with multiple tags.
- Returns
a list of projects.
- Return type
List tags associated with project.
- Parameters
project – project to list tags for.
- Returns
list of str tag names
-
update
(project, name=None, domain=None, description=None, enabled=None, **kwargs)¶ Update a project.
- Parameters
project (str or
keystoneclient.v3.projects.Project
) – the project to be updated on the server.name (str) – the new name of the project.
domain (str or
keystoneclient.v3.domains.Domain
) – the new domain of the project.description (str) – the new description of the project.
enabled (bool) – whether the project is enabled.
kwargs – any other attribute provided will be passed to server.
- Returns
the updated project returned from server.
- Return type
Update tag list of a project.
Replaces current tag list with list specified in tags parameter.
- Parameters
project – project to update.
tags – list of str tag names to add to the project
- Returns
list of tags
-
keystoneclient.v3.regions module¶
-
class
keystoneclient.v3.regions.
Region
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents a Catalog region.
- Attributes:
id: a string that identifies the region.
description: a string that describes the region.
- parent_region_id: a pre-existing region in the backend or its ID
field. Allows for hierarchical region organization.
enabled: determines whether the endpoint appears in the catalog.
-
class
keystoneclient.v3.regions.
RegionManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity regions.
-
collection_key
= 'regions'¶
-
create
(id=None, description=None, enabled=True, parent_region=None, **kwargs)¶ Create a region.
- Parameters
id (str) – the unique identifier of the region. If not specified an ID will be created by the server.
description (str) – the description of the region.
enabled (bool) – whether the region is enabled or not, determining if it appears in the catalog.
parent_region (str or
keystoneclient.v3.regions.Region
) – the parent of the region in the hierarchy.kwargs – any other attribute provided will be passed to the server.
- Returns
the created region returned from server.
- Return type
-
delete
(region)¶ Delete a region.
- Parameters
region (str or
keystoneclient.v3.regions.Region
) – the region to be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
get
(region)¶ Retrieve a region.
- Parameters
region (str or
keystoneclient.v3.regions.Region
) – the region to be retrieved from the server.- Returns
the specified region returned from server.
- Return type
-
key
= 'region'¶
-
list
(**kwargs)¶ List regions.
- Parameters
kwargs – any attributes provided will filter regions on.
- Returns
a list of regions.
- Return type
list of
keystoneclient.v3.regions.Region
.
-
update
(region, description=None, enabled=None, parent_region=None, **kwargs)¶ Update a region.
- Parameters
region (str or
keystoneclient.v3.regions.Region
) – the region to be updated on the server.description (str) – the new description of the region.
enabled (bool) – determining if the region appears in the catalog by enabling or disabling it.
parent_region (str or
keystoneclient.v3.regions.Region
) – the new parent of the region in the hierarchy.kwargs – any other attribute provided will be passed to server.
- Returns
the updated region returned from server.
- Return type
-
keystoneclient.v3.registered_limits module¶
-
class
keystoneclient.v3.registered_limits.
RegisteredLimit
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents a registered limit.
- Attributes:
id: a UUID that identifies the registered limit
service_id: a UUID that identifies the service for the limit
region_id: a UUID that identifies the region for the limit
resource_name: the name of the resource to limit
default_limit: the default limit for projects to assume
description: a description of the registered limit
-
class
keystoneclient.v3.registered_limits.
RegisteredLimitManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for registered limits.
-
collection_key
= 'registered_limits'¶
-
create
(service, resource_name, default_limit, description=None, region=None, **kwargs)¶ Create a registered limit.
- Parameters
service (str) – a UUID that identifies the service for the limit.
resource_name (str) – the name of the resource to limit.
default_limit (int) – the default limit for projects to assume.
description (str) – a string that describes the limit
region (str) – a UUID that identifies the region for the limit.
- Returns
a reference of the created registered limit.
- Return type
-
delete
(registered_limit)¶ Delete a registered limit.
- Parameters
registered_limit (str or
keystoneclient.v3.registered_limits.RegisteredLimit
) – the registered limit to delete.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
get
(registered_limit)¶ Retrieve a registered limit.
- Parameters
registered_limit (str or
keystoneclient.v3.registered_limits.RegisteredLimit
) – the registered limit to get.- Returns
a specific registered limit.
- Return type
-
key
= 'registered_limit'¶
-
list
(service=None, resource_name=None, region=None, **kwargs)¶ List registered limits.
Any parameter provided will be passed to the server as a filter.
- Parameters
service (a UUID or
keystoneclient.v3.services.Service
) – filter registered limits by serviceresource_name (str) – filter registered limits by resource name
region (a UUID or
keystoneclient.v3.regions.Region
) – filter registered limits by region
- Returns
a list of registered limits.
- Return type
-
resource_class
¶ alias of
RegisteredLimit
-
update
(registered_limit, service=None, resource_name=None, default_limit=None, description=None, region=None, **kwargs)¶ Update a registered limit.
- Parameters
registered_limit – the UUID or reference of the registered limit to update.
registered_limit – str or
keystoneclient.v3.registered_limits.RegisteredLimit
service (str) – a UUID that identifies the service for the limit.
resource_name (str) – the name of the resource to limit.
default_limit (int) – the default limit for projects to assume.
description (str) – a string that describes the limit
region (str) – a UUID that identifies the region for the limit.
- Returns
a reference of the updated registered limit.
- Return type
-
keystoneclient.v3.role_assignments module¶
-
class
keystoneclient.v3.role_assignments.
RoleAssignment
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity role assignment.
- Attributes:
role: an object which contains a role uuid
- user or group: an object which contains either a user or
group uuid
- scope: an object which has either a project or domain object
containing an uuid
-
class
keystoneclient.v3.role_assignments.
RoleAssignmentManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity roles assignments.
-
collection_key
= 'role_assignments'¶
-
create
(**kwargs)¶
-
delete
(**kwargs)¶
-
find
(**kwargs)¶ Find a single item with attributes matching
**kwargs
.
-
get
(**kwargs)¶
-
key
= 'role_assignment'¶
-
list
(user=None, group=None, project=None, domain=None, system=False, role=None, effective=False, os_inherit_extension_inherited_to=None, include_subtree=False, include_names=False)¶ List role assignments.
If no arguments are provided, all role assignments in the system will be listed.
If both user and group are provided, a ValidationError will be raised. If both domain and project are provided, it will also raise a ValidationError.
- Parameters
user – User to be used as query filter. (optional)
group – Group to be used as query filter. (optional)
project – Project to be used as query filter. (optional)
domain – Domain to be used as query filter. (optional)
system – Boolean to be used to filter system assignments. (optional)
role – Role to be used as query filter. (optional)
effective (boolean) – return effective role assignments. (optional)
os_inherit_extension_inherited_to (string) – return inherited role assignments for either ‘projects’ or ‘domains’. (optional)
include_subtree (boolean) – Include subtree (optional)
include_names (boolean) – Display names instead of IDs. (optional)
-
put
(**kwargs)¶
-
resource_class
¶ alias of
RoleAssignment
-
update
(**kwargs)¶
-
keystoneclient.v3.roles module¶
-
class
keystoneclient.v3.roles.
InferenceRule
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents a rule that states one role implies another.
- Attributes:
prior_role: this role implies the other
implied_role: this role is implied by the other
-
class
keystoneclient.v3.roles.
InferenceRuleManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity inference rules.
-
check
(prior_role, implied_role)¶ Check if an inference rule exists.
Valid HTTP return codes:
204: The rule inference exists
404: A role cannot be found
- Parameters
prior_role – the role which implies
implied_role
.implied_role – the role which is implied by
prior_role
.
- Returns
response object with 204 status returned from server.
- Return type
requests.models.Response
-
collection_key
= 'role_inferences'¶
-
create
(prior_role, implied_role)¶ Create an inference rule.
An inference rule is comprised of two roles, a prior role and an implied role. The prior role will imply the implied role.
Valid HTTP return codes:
201: Resource is created successfully
404: A role cannot be found
409: The inference rule already exists
- Parameters
prior_role – the role which implies
implied_role
.implied_role – the role which is implied by
prior_role
.
- Returns
a newly created role inference returned from server.
- Return type
-
delete
(prior_role, implied_role)¶ Delete an inference rule.
When deleting an inference rule, both roles are required. Note that neither role is deleted, only the inference relationship is dissolved.
Valid HTTP return codes:
204: Delete request is accepted
404: A role cannot be found
- Parameters
prior_role – the role which implies
implied_role
.implied_role – the role which is implied by
prior_role
.
- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
find
(**kwargs)¶ Find a single item with attributes matching
**kwargs
.
-
get
(prior_role, implied_role)¶ Retrieve an inference rule.
Valid HTTP return codes:
200: Inference rule is returned
404: A role cannot be found
- Parameters
prior_role – the role which implies
implied_role
.implied_role – the role which is implied by
prior_role
.
- Returns
the specified role inference returned from server.
- Return type
-
key
= 'role_inference'¶
-
list
(prior_role)¶ List all roles that a role may imply.
Valid HTTP return codes:
200: List of inference rules are returned
404: A role cannot be found
- Parameters
prior_role – the role which implies
implied_role
.- Returns
the specified role inference returned from server.
- Return type
-
list_inference_roles
()¶ List all rule inferences.
Valid HTTP return codes:
200: All inference rules are returned
- Parameters
kwargs – attributes provided will be passed to the server.
- Returns
a list of inference rules.
- Return type
-
put
(**kwargs)¶
-
resource_class
¶ alias of
InferenceRule
-
update
(**kwargs)¶
-
-
class
keystoneclient.v3.roles.
Role
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity role.
- Attributes:
id: a uuid that identifies the role
name: user-facing identifier
domain: optional domain for the role
-
class
keystoneclient.v3.roles.
RoleManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity roles.
-
check
(role, user=None, group=None, system=None, domain=None, project=None, os_inherit_extension_inherited=False, **kwargs)¶ Check if a user or group has a role on a domain or project.
- Parameters
user (str or
keystoneclient.v3.users.User
) – check for role grants for the specified user on a resource. Domain or project must be specified. User and group are mutually exclusive.group (str or
keystoneclient.v3.groups.Group
) – check for role grants for the specified group on a resource. Domain or project must be specified. User and group are mutually exclusive.system (str) – check for role grants on the system. Project, domain, and system are mutually exclusive.
domain (str or
keystoneclient.v3.domains.Domain
) – check for role grants on the specified domain. Either user or group must be specified. Project, domain, and system are mutually exclusive.project (str or
keystoneclient.v3.projects.Project
) – check for role grants on the specified project. Either user or group must be specified. Project, domain, and system are mutually exclusive.os_inherit_extension_inherited (bool) – OS-INHERIT will be used. It provides the ability for projects to inherit role assignments from their domains or from parent projects in the hierarchy.
kwargs – any other attribute provided will be passed to server.
- Returns
the specified role returned from server if it exists.
- Return type
- Returns
Response object with 204 status if specified role doesn’t exist.
- Return type
requests.models.Response
-
check_implied
(prior_role, implied_role, **kwargs)¶
-
collection_key
= 'roles'¶
-
create
(name, domain=None, **kwargs)¶ Create a role.
- Parameters
name (str) – the name of the role.
domain (str or
keystoneclient.v3.domains.Domain
) – the domain of the role. If a value is passed it is a domain-scoped role, otherwise it’s a global role.kwargs – any other attribute provided will be passed to the server.
- Returns
the created role returned from server.
- Return type
-
create_implied
(prior_role, implied_role, **kwargs)¶
-
delete
(role)¶ Delete a role.
When a role is deleted all the role inferences that have deleted role as prior role will be deleted as well.
- Parameters
role (str or
keystoneclient.v3.roles.Role
) – the role to be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
delete_implied
(prior_role, implied_role, **kwargs)¶
-
deprecation_msg
= 'keystoneclient.v3.roles.InferenceRuleManager'¶
-
get
(role)¶ Retrieve a role.
- Parameters
role (str or
keystoneclient.v3.roles.Role
) – the role to be retrieved from the server.- Returns
the specified role returned from server.
- Return type
-
get_implied
(prior_role, implied_role, **kwargs)¶
-
grant
(role, user=None, group=None, system=None, domain=None, project=None, os_inherit_extension_inherited=False, **kwargs)¶ Grant a role to a user or group on a domain or project.
- Parameters
role (str or
keystoneclient.v3.roles.Role
) – the role to be granted on the server.user (str or
keystoneclient.v3.users.User
) – the specified user to have the role granted on a resource. Domain or project must be specified. User and group are mutually exclusive.group (str or
keystoneclient.v3.groups.Group
) – the specified group to have the role granted on a resource. Domain or project must be specified. User and group are mutually exclusive.system (str) – system information to grant the role on. Project, domain, and system are mutually exclusive.
domain (str or
keystoneclient.v3.domains.Domain
) – the domain in which the role will be granted. Either user or group must be specified. Project, domain, and system are mutually exclusive.project (str or
keystoneclient.v3.projects.Project
) – the project in which the role will be granted. Either user or group must be specified. Project, domain, and system are mutually exclusive.os_inherit_extension_inherited (bool) – OS-INHERIT will be used. It provides the ability for projects to inherit role assignments from their domains or from parent projects in the hierarchy.
kwargs – any other attribute provided will be passed to server.
- Returns
the granted role returned from server.
- Return type
-
key
= 'role'¶
-
list
(user=None, group=None, system=None, domain=None, project=None, os_inherit_extension_inherited=False, **kwargs)¶ List roles and role grants.
- Parameters
user (str or
keystoneclient.v3.users.User
) – filter in role grants for the specified user on a resource. Domain or project must be specified. User and group are mutually exclusive.group (str or
keystoneclient.v3.groups.Group
) – filter in role grants for the specified group on a resource. Domain or project must be specified. User and group are mutually exclusive.domain (str or
keystoneclient.v3.domains.Domain
) – filter in role grants on the specified domain. Either user or group must be specified. Project, domain, and system are mutually exclusive.project (str or
keystoneclient.v3.projects.Project
) – filter in role grants on the specified project. Either user or group must be specified. Project, domain and system are mutually exclusive.os_inherit_extension_inherited (bool) – OS-INHERIT will be used. It provides the ability for projects to inherit role assignments from their domains or from parent projects in the hierarchy.
kwargs – any other attribute provided will filter roles on.
- Returns
a list of roles.
- Return type
list of
keystoneclient.v3.roles.Role
-
list_role_inferences
(**kwargs)¶
-
revoke
(role, user=None, group=None, system=None, domain=None, project=None, os_inherit_extension_inherited=False, **kwargs)¶ Revoke a role from a user or group on a domain or project.
- Parameters
user (str or
keystoneclient.v3.users.User
) – revoke role grants for the specified user on a resource. Domain or project must be specified. User and group are mutually exclusive.group (str or
keystoneclient.v3.groups.Group
) – revoke role grants for the specified group on a resource. Domain or project must be specified. User and group are mutually exclusive.system (str) – revoke role grants on the system. Project, domain, and system are mutually exclusive.
domain (str or
keystoneclient.v3.domains.Domain
) – revoke role grants on the specified domain. Either user or group must be specified. Project, domain, and system are mutually exclusive.project (str or
keystoneclient.v3.projects.Project
) – revoke role grants on the specified project. Either user or group must be specified. Project, domain, and system are mutually exclusive.os_inherit_extension_inherited (bool) – OS-INHERIT will be used. It provides the ability for projects to inherit role assignments from their domains or from parent projects in the hierarchy.
kwargs – any other attribute provided will be passed to server.
- Returns
the revoked role returned from server.
- Return type
list of
keystoneclient.v3.roles.Role
-
update
(role, name=None, **kwargs)¶ Update a role.
- Parameters
role (str or
keystoneclient.v3.roles.Role
) – the role to be updated on the server.name (str) – the new name of the role.
kwargs – any other attribute provided will be passed to server.
- Returns
the updated role returned from server.
- Return type
-
keystoneclient.v3.services module¶
-
class
keystoneclient.v3.services.
Service
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity service.
- Attributes:
id: a uuid that identifies the service
name: the user-facing name of the service (e.g. Keystone)
description: a description of the service
type: the type of the service (e.g. ‘compute’, ‘identity’)
enabled: determines whether the service appears in the catalog
-
class
keystoneclient.v3.services.
ServiceManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity services.
-
collection_key
= 'services'¶
-
create
(name, type=None, enabled=True, description=None, **kwargs)¶ Create a service.
- Parameters
- Returns
the created service returned from server.
- Return type
-
delete
(service=None, id=None)¶ Delete a service.
- Parameters
service (str or
keystoneclient.v3.services.Service
) – the service to be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
get
(service)¶ Retrieve a service.
- Parameters
service (str or
keystoneclient.v3.services.Service
) – the service to be retrieved from the server.- Returns
the specified service returned from server.
- Return type
-
key
= 'service'¶
-
list
(name=None, type=None, **kwargs)¶ List services.
- Parameters
- Returns
a list of services.
- Return type
-
update
(service, name=None, type=None, enabled=None, description=None, **kwargs)¶ Update a service.
- Parameters
service (str or
keystoneclient.v3.services.Service
) – the service to be updated on the server.name (str) – the new name of the service.
type (str) – the new type of the service.
enabled (bool) – whether the service appears in the catalog.
description (str) – the new description of the service.
kwargs – any other attribute provided will be passed to server.
- Returns
the updated service returned from server.
- Return type
-
keystoneclient.v3.tokens module¶
-
class
keystoneclient.v3.tokens.
TokenManager
(client)¶ Bases:
object
Manager class for manipulating Identity tokens.
-
get_revoked
(audit_id_only=False)¶ Get revoked tokens list.
- Parameters
audit_id_only (bool) – If true, the server is requested to not send token IDs, but only audit IDs instead. New in version 2.2.0.
- Returns
A dict containing
signed
which is a CMS formatted string if the server signed the response. If audit_id_only is true then the response may be a dict containingrevoked
which is the list of token audit IDs and expiration times.- Return type
-
get_token_data
(token, include_catalog=True, allow_expired=False)¶ Fetch the data about a token from the identity server.
-
revoke_token
(token)¶ Revoke a token.
- Parameters
token (str or
keystoneclient.access.AccessInfo
) – The token to be revoked.
-
validate
(token, include_catalog=True, allow_expired=False)¶ Validate a token.
- Parameters
token (str or
keystoneclient.access.AccessInfo
) – The token to be validated.include_catalog – If False, the response is requested to not include the catalog.
allow_expired (bool) – If True the token will be validated and returned if it has already expired.
- Return type
-
keystoneclient.v3.users module¶
-
class
keystoneclient.v3.users.
User
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity user.
- Attributes:
id: a uuid that identifies the user
-
class
keystoneclient.v3.users.
UserManager
(client)¶ Bases:
keystoneclient.base.CrudManager
Manager class for manipulating Identity users.
-
add_to_group
(user, group)¶ Add the specified user as a member of the specified group.
- Parameters
user (str or
keystoneclient.v3.users.User
) – the user to be added to the group.group (str or
keystoneclient.v3.groups.Group
) – the group to put the user in.
- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
check_in_group
(user, group)¶ Check if the specified user is a member of the specified group.
- Parameters
user (str or
keystoneclient.v3.users.User
) – the user to be verified in the group.group (str or
keystoneclient.v3.groups.Group
) – the group to check the user in.
- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
collection_key
= 'users'¶
-
create
(name, domain=None, project=None, password=None, email=None, description=None, enabled=True, default_project=None, **kwargs)¶ Create a user.
- Parameters
name (str) – the name of the user.
domain (str or
keystoneclient.v3.domains.Domain
) – the domain of the user.project (str or
keystoneclient.v3.projects.Project
) – the default project of the user. (deprecated, see warning below)password (str) – the password for the user.
email (str) – the email address of the user.
description (str) – a description of the user.
enabled (bool) – whether the user is enabled.
default_project (str or
keystoneclient.v3.projects.Project
) – the default project of the user.kwargs – any other attribute provided will be passed to the server.
- Returns
the created user returned from server.
- Return type
Warning
The project argument is deprecated as of the 1.7.0 release in favor of default_project and may be removed in the 2.0.0 release.
If both default_project and project is provided, the default_project will be used.
-
delete
(user)¶ Delete a user.
- Parameters
user (str or
keystoneclient.v3.users.User
) – the user to be deleted on the server.- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
get
(user)¶ Retrieve a user.
- Parameters
user (str or
keystoneclient.v3.users.User
) – the user to be retrieved from the server.- Returns
the specified user returned from server.
- Return type
-
key
= 'user'¶
-
list
(project=None, domain=None, group=None, default_project=None, **kwargs)¶ List users.
- Parameters
project (str or
keystoneclient.v3.projects.Project
) – the default project of the users to be filtered on. (deprecated, see warning below)domain (str or
keystoneclient.v3.domains.Domain
) – the domain of the users to be filtered on.group (str or
keystoneclient.v3.groups.Group
) – the group in which the users are member of.default_project (str or
keystoneclient.v3.projects.Project
) – the default project of the users to be filtered on.kwargs – any other attribute provided will filter users on.
- Returns
a list of users.
- Return type
list of
keystoneclient.v3.users.User
.
Warning
The project argument is deprecated as of the 1.7.0 release in favor of default_project and may be removed in the 2.0.0 release.
If both default_project and project is provided, the default_project will be used.
-
remove_from_group
(user, group)¶ Remove the specified user from the specified group.
- Parameters
user (str or
keystoneclient.v3.users.User
) – the user to be removed from the group.group (str or
keystoneclient.v3.groups.Group
) – the group to remove the user from.
- Returns
Response object with 204 status.
- Return type
requests.models.Response
-
update
(user, name=None, domain=None, project=None, password=None, email=None, description=None, enabled=None, default_project=None, **kwargs)¶ Update a user.
- Parameters
user (str or
keystoneclient.v3.users.User
) – the user to be updated on the server.name (str) – the new name of the user.
domain (str or
keystoneclient.v3.domains.Domain
) – the new domain of the user.project (str or
keystoneclient.v3.projects.Project
) – the new default project of the user. (deprecated, see warning below)password (str) – the new password of the user.
email (str) – the new email of the user.
description (str) – the newdescription of the user.
enabled (bool) – whether the user is enabled.
default_project (str or
keystoneclient.v3.projects.Project
) – the new default project of the user.kwargs – any other attribute provided will be passed to server.
- Returns
the updated user returned from server.
- Return type
Warning
The project argument is deprecated as of the 1.7.0 release in favor of default_project and may be removed in the 2.0.0 release.
If both default_project and project is provided, the default_project will be used.
-