keystoneclient.v3.contrib.federation package

Submodules

keystoneclient.v3.contrib.federation.base module

class keystoneclient.v3.contrib.federation.base.EntityManager(client)

Bases: Manager

Manager class for listing federated accessible objects.

list()
abstract property object_type
resource_class = None

keystoneclient.v3.contrib.federation.core module

class keystoneclient.v3.contrib.federation.core.FederationManager(api)

Bases: object

keystoneclient.v3.contrib.federation.domains module

class keystoneclient.v3.contrib.federation.domains.DomainManager(client)

Bases: EntityManager

object_type = 'domains'
resource_class

alias of Domain

keystoneclient.v3.contrib.federation.identity_providers module

class keystoneclient.v3.contrib.federation.identity_providers.IdentityProvider(manager, info, loaded=False)

Bases: Resource

Object representing Identity Provider container.

Attributes:
  • id: user-defined unique string identifying Identity Provider.

class keystoneclient.v3.contrib.federation.identity_providers.IdentityProviderManager(client)

Bases: CrudManager

Manager class for manipulating Identity Providers.

base_url = 'OS-FEDERATION'
collection_key = 'identity_providers'
create(id, **kwargs)

Create Identity Provider object.

Utilize Keystone URI: PUT /OS-FEDERATION/identity_providers/$identity_provider

Parameters:
  • id – unique id of the identity provider.

  • kwargs – optional attributes: description (str), domain_id (str), enabled (boolean) and remote_ids (list).

Returns:

an IdentityProvider resource object.

Return type:

keystoneclient.v3.federation.IdentityProvider

delete(identity_provider)

Delete Identity Provider object.

Utilize Keystone URI: DELETE /OS-FEDERATION/identity_providers/$identity_provider

Parameters:

identity_provider – the Identity Provider ID itself or an object with it stored inside.

get(identity_provider)

Fetch Identity Provider object.

Utilize Keystone URI: GET /OS-FEDERATION/identity_providers/$identity_provider

Parameters:

identity_provider – an object with identity_provider_id stored inside.

Returns:

an IdentityProvider resource object.

Return type:

keystoneclient.v3.federation.IdentityProvider

key = 'identity_provider'
list(**kwargs)

List all Identity Providers.

Utilize Keystone URI: GET /OS-FEDERATION/identity_providers

Returns:

a list of IdentityProvider resource objects.

Return type:

List

resource_class

alias of IdentityProvider

update(identity_provider, **kwargs)

Update Identity Provider object.

Utilize Keystone URI: PATCH /OS-FEDERATION/identity_providers/$identity_provider

Parameters:

identity_provider – an object with identity_provider_id stored inside.

Returns:

an IdentityProvider resource object.

Return type:

keystoneclient.v3.federation.IdentityProvider

keystoneclient.v3.contrib.federation.mappings module

class keystoneclient.v3.contrib.federation.mappings.Mapping(manager, info, loaded=False)

Bases: Resource

An object representing mapping container.

Attributes:
  • id: user defined unique string identifying mapping.

class keystoneclient.v3.contrib.federation.mappings.MappingManager(client)

Bases: CrudManager

Manager class for manipulating federation mappings.

base_url = 'OS-FEDERATION'
collection_key = 'mappings'
create(mapping_id, **kwargs)

Create federation mapping.

Utilize Identity API operation: PUT /OS-FEDERATION/mappings/$mapping_id

Parameters:
  • mapping_id – user defined string identifier of the federation mapping.

  • rules – a list of mapping rules.

Example of the rules parameter:

[
    {
        "local": [
            {
                "group": {
                    "id": "0cd5e9"
                }
            }
        ],
        "remote": [
            {
                "type": "orgPersonType",
                "not_any_of": [
                    "Contractor",
                    "Guest"
                ]
            }
        ]
    }
]
delete(mapping)

Delete federation mapping identified by mapping id.

Utilize Identity API operation: DELETE /OS-FEDERATION/mappings/$mapping_id

Parameters:

mapping – a Mapping type object with mapping id stored inside.

get(mapping)

Fetch federation mapping identified by mapping id.

Utilize Identity API operation: GET /OS-FEDERATION/mappings/$mapping_id

Parameters:

mapping – a Mapping type object with mapping id stored inside.

key = 'mapping'
list(**kwargs)

List all federation mappings.

Utilize Identity API operation: GET /OS-FEDERATION/mappings

resource_class

alias of Mapping

update(mapping, **kwargs)

Update federation mapping identified by mapping id.

Utilize Identity API operation: PATCH /OS-FEDERATION/mappings/$mapping_id

Parameters:
  • mapping – a Mapping type object with mapping id stored inside.

  • rules – a list of mapping rules.

Example of the rules parameter:

[
    {
        "local": [
            {
                "group": {
                    "id": "0cd5e9"
                }
            }
        ],
        "remote": [
            {
                "type": "orgPersonType",
                "not_any_of": [
                    "Contractor",
                    "Guest"
                ]
            }
        ]
    }
]

keystoneclient.v3.contrib.federation.projects module

class keystoneclient.v3.contrib.federation.projects.ProjectManager(client)

Bases: EntityManager

object_type = 'projects'
resource_class

alias of Project

keystoneclient.v3.contrib.federation.protocols module

class keystoneclient.v3.contrib.federation.protocols.Protocol(manager, info, loaded=False)

Bases: Resource

An object representing federation protocol container.

Attributes:
  • id: user-defined unique per Identity Provider string identifying

    federation protocol.

class keystoneclient.v3.contrib.federation.protocols.ProtocolManager(client)

Bases: CrudManager

Manager class for manipulating federation protocols.

base_url = 'OS-FEDERATION/identity_providers'
build_url(dict_args_in_out=None)

Build URL for federation protocols.

collection_key = 'protocols'
create(protocol_id, identity_provider, mapping, **kwargs)

Create federation protocol object and tie to the Identity Provider.

Utilize Identity API operation: PUT /OS-FEDERATION/identity_providers/ $identity_provider/protocols/$protocol

Parameters:
  • protocol_id – a string type parameter identifying a federation protocol

  • identity_provider – a string type parameter identifying an Identity Provider

  • mapping – a base.Resource object with federation mapping id

delete(identity_provider, protocol)

Delete Protocol object tied to the Identity Provider.

Utilize Identity API operation: DELETE /OS-FEDERATION/identity_providers/ $identity_provider/protocols/$protocol

Parameters:
  • identity_provider – a base.Resource type object with Identity Provider id stored inside

  • protocol – a base.Resource type object with federation protocol id stored inside

get(identity_provider, protocol, **kwargs)

Fetch federation protocol object tied to the Identity Provider.

Utilize Identity API operation: GET /OS-FEDERATION/identity_providers/ $identity_provider/protocols/$protocol

Parameters:
  • identity_provider – a base.Resource type object with Identity Provider id stored inside

  • protocol – a base.Resource type object with federation protocol id stored inside

key = 'protocol'
list(identity_provider, **kwargs)

List all federation protocol objects tied to the Identity Provider.

Utilize Identity API operation: GET /OS-FEDERATION/identity_providers/ $identity_provider/protocols

Parameters:

identity_provider – a base.Resource type object with Identity Provider id stored inside

resource_class

alias of Protocol

update(identity_provider, protocol, mapping, **kwargs)

Update Protocol object tied to the Identity Provider.

Utilize Identity API operation: PATCH /OS-FEDERATION/identity_providers/ $identity_provider/protocols/$protocol

Parameters:
  • identity_provider – a base.Resource type object with Identity Provider id stored inside

  • protocol – a base.Resource type object with federation protocol id stored inside

  • mapping – a base.Resource object with federation mapping id

keystoneclient.v3.contrib.federation.saml module

class keystoneclient.v3.contrib.federation.saml.SamlManager(client)

Bases: Manager

Manager class for creating SAML assertions.

create_ecp_assertion(service_provider, token_id)

Create an ECP wrapped SAML assertion from a token.

Equivalent Identity API call: POST /auth/OS-FEDERATION/saml2/ecp

Parameters:
  • service_provider (string) – Service Provider resource.

  • token_id (string) – Token to transform to SAML assertion.

Returns:

SAML representation of token_id, wrapped in ECP envelope

Return type:

string

create_saml_assertion(service_provider, token_id)

Create a SAML assertion from a token.

Equivalent Identity API call: POST /auth/OS-FEDERATION/saml2

Parameters:
  • service_provider (string) – Service Provider resource.

  • token_id (string) – Token to transform to SAML assertion.

Returns:

SAML representation of token_id

Return type:

string

keystoneclient.v3.contrib.federation.service_providers module

class keystoneclient.v3.contrib.federation.service_providers.ServiceProvider(manager, info, loaded=False)

Bases: Resource

Object representing Service Provider container.

Attributes:
  • id: user-defined unique string identifying Service Provider.

  • sp_url: the shibboleth endpoint of a Service Provider.

  • auth_url: the authentication url of Service Provider.

class keystoneclient.v3.contrib.federation.service_providers.ServiceProviderManager(client)

Bases: CrudManager

Manager class for manipulating Service Providers.

base_url = 'OS-FEDERATION'
collection_key = 'service_providers'
create(id, **kwargs)

Create Service Provider object.

Utilize Keystone URI: PUT /OS-FEDERATION/service_providers/{id}

Parameters:

id – unique id of the service provider.

delete(service_provider)

Delete Service Provider object.

Utilize Keystone URI: DELETE /OS-FEDERATION/service_providers/{id}

Parameters:

service_provider – an object with service_provider_id stored inside.

get(service_provider)

Fetch Service Provider object.

Utilize Keystone URI: GET /OS-FEDERATION/service_providers/{id}

Parameters:

service_provider – an object with service_provider_id stored inside.

key = 'service_provider'
list(**kwargs)

List all Service Providers.

Utilize Keystone URI: GET /OS-FEDERATION/service_providers

resource_class

alias of ServiceProvider

update(service_provider, **kwargs)

Update the existing Service Provider object on the server.

Only properties provided to the function are being updated.

Utilize Keystone URI: PATCH /OS-FEDERATION/service_providers/{id}

Parameters:

service_provider – an object with service_provider_id stored inside.

Module contents