keystoneclient.v2_0 package¶
Submodules¶
keystoneclient.v2_0.certificates module¶
keystoneclient.v2_0.client module¶
- class keystoneclient.v2_0.client.Client(**kwargs)¶
Bases:
HTTPClient
Client for the OpenStack Keystone v2.0 API.
- Parameters:
username (string) – Username for authentication. (optional)
password (string) – Password for authentication. (optional)
token (string) – Token for authentication. (optional)
tenant_id (string) – Tenant id. (optional)
tenant_name (string) – Tenant name. (optional)
auth_url (string) – Keystone service endpoint for authorization.
region_name (string) – Name of a region to select when choosing an endpoint from the service catalog.
endpoint (string) – A user-supplied endpoint URL for the keystone service. Lazy-authentication is possible for API service calls if endpoint is set at instantiation.(optional)
timeout (integer) – Allows customization of the timeout for client http requests. (optional)
original_ip (string) – The original IP of the requesting user which will be sent to Keystone in a ‘Forwarded’ header. (optional)
cert (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the corresponding X.509 client certificate needed to established two-way SSL connection with the identity service. (optional)
key (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the unencrypted client private key needed to established two-way SSL connection with the identity service. (optional)
cacert (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the trusted authority X.509 certificates needed to established SSL connection with the identity service. (optional)
insecure (boolean) – Does not perform X.509 certificate validation when establishing SSL connection with identity service. default: False (optional)
auth_ref (dict) – To allow for consumers of the client to manage their own caching strategy, you may initialize a client with a previously captured auth_reference (token)
debug (boolean) – Enables debug logging of all request and responses to keystone. default False (option)
Warning
If debug is enabled, it may show passwords in plain text as a part of its output.
Warning
Constructing an instance of this class without a session is deprecated as of the 1.7.0 release and will be removed in the 2.0.0 release.
The client can be created and used like a user or in a strictly bootstrap mode. Normal operation expects a username, password, auth_url, and tenant_name or id to be provided. Other values will be lazily loaded as needed from the service catalog.
Example:
>>> from keystoneauth1.identity import v2 >>> from keystoneauth1 import session >>> from keystoneclient.v2_0 import client >>> auth = v2.Password(auth_url=KEYSTONE_URL, ... username=USER, ... password=PASS, ... tenant_name=TENANT_NAME) >>> sess = session.Session(auth=auth) >>> keystone = client.Client(session=sess) >>> keystone.tenants.list() ... >>> user = keystone.users.get(USER_ID) >>> user.delete()
Once authenticated, you can store and attempt to re-use the authenticated token. the auth_ref property on the client returns as a dictionary-like-object so that you can export and cache it, re-using it when initiating another client:
>>> from keystoneauth1.identity import v2 >>> from keystoneauth1 import session >>> from keystoneclient.v2_0 import client >>> auth = v2.Password(auth_url=KEYSTONE_URL, ... username=USER, ... password=PASS, ... tenant_name=TENANT_NAME) >>> sess = session.Session(auth=auth) >>> keystone = client.Client(session=sess) >>> auth_ref = keystone.auth_ref >>> # pickle or whatever you like here >>> new_client = client.Client(auth_ref=auth_ref)
Alternatively, you can provide the administrative token configured in keystone and an endpoint to communicate with directly. See (
admin_token
inkeystone.conf
) In this case, authenticate() is not needed, and no service catalog will be loaded.Example:
>>> from keystoneauth1.identity import v2 >>> from keystoneauth1 import session >>> from keystoneclient.v2_0 import client >>> auth = v2.Token(auth_url='http://localhost:35357/v2.0', ... token='12345secret7890') >>> sess = session.Session(auth=auth) >>> keystone = client.Client(session=sess) >>> keystone.tenants.list()
- get_raw_token_from_identity_service(auth_url, username=None, password=None, tenant_name=None, tenant_id=None, token=None, project_name=None, project_id=None, trust_id=None, **kwargs)¶
Authenticate against the v2 Identity API.
If a token is provided it will be used in preference over username and password.
- Returns:
access.AccessInfo if authentication was successful.
- Raises:
keystoneclient.exceptions.AuthorizationFailure – if unable to authenticate or validate the existing authorization token
- version = 'v2.0'¶
keystoneclient.v2_0.ec2 module¶
- class keystoneclient.v2_0.ec2.CredentialsManager(client)¶
Bases:
ManagerWithFind
- create(user_id, tenant_id)¶
Create a new access/secret pair for the user/tenant pair.
- Return type:
object of type
EC2
- delete(user_id, access)¶
Delete an access/secret pair for a user.
keystoneclient.v2_0.endpoints module¶
- class keystoneclient.v2_0.endpoints.Endpoint(manager, info, loaded=False)¶
Bases:
Resource
Represents a Keystone endpoint.
- class keystoneclient.v2_0.endpoints.EndpointManager(client)¶
Bases:
ManagerWithFind
Manager class for manipulating Keystone endpoints.
- create(region, service_id, publicurl, adminurl=None, internalurl=None)¶
Create a new endpoint.
- delete(id)¶
Delete an endpoint.
- list()¶
List all available endpoints.
keystoneclient.v2_0.extensions module¶
- class keystoneclient.v2_0.extensions.Extension(manager, info, loaded=False)¶
Bases:
Resource
Represents an Identity API extension.
- class keystoneclient.v2_0.extensions.ExtensionManager(client)¶
Bases:
ManagerWithFind
Manager class for listing Identity API extensions.
- list()¶
List all available extensions.
keystoneclient.v2_0.roles module¶
- class keystoneclient.v2_0.roles.Role(manager, info, loaded=False)¶
Bases:
Resource
Represents a Keystone role.
- delete()¶
- class keystoneclient.v2_0.roles.RoleManager(client)¶
Bases:
ManagerWithFind
Manager class for manipulating Keystone roles.
- add_user_role(user, role, tenant=None)¶
Add a role to a user.
If tenant is specified, the role is added just for that tenant, otherwise the role is added globally.
- create(name)¶
Create a role.
- delete(role)¶
Delete a role.
- get(role)¶
- list()¶
List all available roles.
- remove_user_role(user, role, tenant=None)¶
Remove a role from a user.
If tenant is specified, the role is removed just for that tenant, otherwise the role is removed from the user’s global roles.
- roles_for_user(user, tenant=None)¶
keystoneclient.v2_0.services module¶
- class keystoneclient.v2_0.services.Service(manager, info, loaded=False)¶
Bases:
Resource
Represents a Keystone service.
keystoneclient.v2_0.tenants module¶
- class keystoneclient.v2_0.tenants.Tenant(manager, info, loaded=False)¶
Bases:
Resource
Represents a Keystone tenant.
- Attributes:
id: a uuid that identifies the tenant
name: tenant name
description: tenant description
enabled: boolean to indicate if tenant is enabled
- add_user(user, role)¶
- delete()¶
- list_users()¶
- remove_user(user, role)¶
- update(name=None, description=None, enabled=None)¶
- class keystoneclient.v2_0.tenants.TenantManager(client, role_manager, user_manager)¶
Bases:
ManagerWithFind
Manager class for manipulating Keystone tenants.
- add_user(tenant, user, role)¶
Add a user to a tenant with the given role.
- create(tenant_name, description=None, enabled=True, **kwargs)¶
Create a new tenant.
- delete(tenant)¶
Delete a tenant.
- get(tenant_id)¶
- list(limit=None, marker=None)¶
Get a list of tenants.
- Parameters:
limit (integer) – maximum number to return. (optional)
marker (string) – use when specifying a limit and making multiple calls for querying. (optional)
- Return type:
list of
Tenant
- list_users(tenant)¶
List users for a tenant.
- remove_user(tenant, user, role)¶
Remove the specified role from the user on the tenant.
- update(tenant_id, tenant_name=None, description=None, enabled=None, **kwargs)¶
Update a tenant with a new name and description.
keystoneclient.v2_0.tokens module¶
- class keystoneclient.v2_0.tokens.Token(manager, info, loaded=False)¶
Bases:
Resource
- property expires¶
- property id¶
- property tenant¶
- class keystoneclient.v2_0.tokens.TokenManager(client)¶
Bases:
Manager
- authenticate(username=None, tenant_id=None, tenant_name=None, password=None, token=None, return_raw=False)¶
- delete(token)¶
- endpoints(token)¶
- get_revoked()¶
Return the revoked tokens response.
The response will be a dict containing ‘signed’ which is a CMS-encoded document.
- get_token_data(token)¶
Fetch the data about a token from the identity server.
- validate_access_info(token)¶
Validate a token.
- Parameters:
token – Token to be validated. This can be an instance of
keystoneclient.access.AccessInfo
or a string token_id.- Return type:
keystoneclient.v2_0.users module¶
- class keystoneclient.v2_0.users.User(manager, info, loaded=False)¶
Bases:
Resource
Represents a Keystone user.
- delete()¶
- list_roles(tenant=None)¶
- class keystoneclient.v2_0.users.UserManager(client, role_manager)¶
Bases:
ManagerWithFind
Manager class for manipulating Keystone users.
- create(name, password=None, email=None, tenant_id=None, enabled=True)¶
Create a user.
- delete(user)¶
Delete a user.
- get(user)¶
- list(tenant_id=None, limit=None, marker=None)¶
Get a list of users (optionally limited to a tenant).
- Return type:
list of
User
- list_roles(user, tenant=None)¶
- update(user, **kwargs)¶
Update user data.
Supported arguments include
name
,email
, andenabled
.
- update_enabled(user, enabled)¶
Update enabled-ness.
- update_own_password(origpasswd, passwd)¶
Update password.
- update_password(user, password)¶
Update password.
- update_tenant(user, tenant)¶
Update default tenant.