keystoneclient.v2_0 package

Submodules

keystoneclient.v2_0.certificates module

class keystoneclient.v2_0.certificates.CertificatesManager(client)

Bases: object

Manager for certificates.

get_ca_certificate()

Get CA certificate.

Returns:

PEM-formatted string.

Return type:

str

get_signing_certificate()

Get signing certificate.

Returns:

PEM-formatted string.

Return type:

str

keystoneclient.v2_0.client module

class keystoneclient.v2_0.client.Client(**kwargs)

Bases: HTTPClient

Client for the OpenStack Keystone v2.0 API.

Parameters:
  • username (string) – Username for authentication. (optional)

  • password (string) – Password for authentication. (optional)

  • token (string) – Token for authentication. (optional)

  • tenant_id (string) – Tenant id. (optional)

  • tenant_name (string) – Tenant name. (optional)

  • auth_url (string) – Keystone service endpoint for authorization.

  • region_name (string) – Name of a region to select when choosing an endpoint from the service catalog.

  • endpoint (string) – A user-supplied endpoint URL for the keystone service. Lazy-authentication is possible for API service calls if endpoint is set at instantiation.(optional)

  • timeout (integer) – Allows customization of the timeout for client http requests. (optional)

  • original_ip (string) – The original IP of the requesting user which will be sent to Keystone in a ‘Forwarded’ header. (optional)

  • cert (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the corresponding X.509 client certificate needed to established two-way SSL connection with the identity service. (optional)

  • key (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the unencrypted client private key needed to established two-way SSL connection with the identity service. (optional)

  • cacert (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the trusted authority X.509 certificates needed to established SSL connection with the identity service. (optional)

  • insecure (boolean) – Does not perform X.509 certificate validation when establishing SSL connection with identity service. default: False (optional)

  • auth_ref (dict) – To allow for consumers of the client to manage their own caching strategy, you may initialize a client with a previously captured auth_reference (token)

  • debug (boolean) – Enables debug logging of all request and responses to keystone. default False (option)

Warning

If debug is enabled, it may show passwords in plain text as a part of its output.

Warning

Constructing an instance of this class without a session is deprecated as of the 1.7.0 release and will be removed in the 2.0.0 release.

The client can be created and used like a user or in a strictly bootstrap mode. Normal operation expects a username, password, auth_url, and tenant_name or id to be provided. Other values will be lazily loaded as needed from the service catalog.

Example:

>>> from keystoneauth1.identity import v2
>>> from keystoneauth1 import session
>>> from keystoneclient.v2_0 import client
>>> auth = v2.Password(auth_url=KEYSTONE_URL,
...                    username=USER,
...                    password=PASS,
...                    tenant_name=TENANT_NAME)
>>> sess = session.Session(auth=auth)
>>> keystone = client.Client(session=sess)
>>> keystone.tenants.list()
...
>>> user = keystone.users.get(USER_ID)
>>> user.delete()

Once authenticated, you can store and attempt to re-use the authenticated token. the auth_ref property on the client returns as a dictionary-like-object so that you can export and cache it, re-using it when initiating another client:

>>> from keystoneauth1.identity import v2
>>> from keystoneauth1 import session
>>> from keystoneclient.v2_0 import client
>>> auth = v2.Password(auth_url=KEYSTONE_URL,
...                    username=USER,
...                    password=PASS,
...                    tenant_name=TENANT_NAME)
>>> sess = session.Session(auth=auth)
>>> keystone = client.Client(session=sess)
>>> auth_ref = keystone.auth_ref
>>> # pickle or whatever you like here
>>> new_client = client.Client(auth_ref=auth_ref)

Alternatively, you can provide the administrative token configured in keystone and an endpoint to communicate with directly. See (admin_token in keystone.conf) In this case, authenticate() is not needed, and no service catalog will be loaded.

Example:

>>> from keystoneauth1.identity import v2
>>> from keystoneauth1 import session
>>> from keystoneclient.v2_0 import client
>>> auth = v2.Token(auth_url='http://localhost:35357/v2.0',
...                 token='12345secret7890')
>>> sess = session.Session(auth=auth)
>>> keystone = client.Client(session=sess)
>>> keystone.tenants.list()
get_raw_token_from_identity_service(auth_url, username=None, password=None, tenant_name=None, tenant_id=None, token=None, project_name=None, project_id=None, trust_id=None, **kwargs)

Authenticate against the v2 Identity API.

If a token is provided it will be used in preference over username and password.

Returns:

access.AccessInfo if authentication was successful.

Raises:

keystoneclient.exceptions.AuthorizationFailure – if unable to authenticate or validate the existing authorization token

version = 'v2.0'

keystoneclient.v2_0.ec2 module

class keystoneclient.v2_0.ec2.CredentialsManager(client)

Bases: ManagerWithFind

create(user_id, tenant_id)

Create a new access/secret pair for the user/tenant pair.

Return type:

object of type EC2

delete(user_id, access)

Delete an access/secret pair for a user.

get(user_id, access)

Get the access/secret pair for a given access key.

Return type:

object of type EC2

list(user_id)

Get a list of access/secret pairs for a user_id.

Return type:

list of EC2

resource_class

alias of EC2

class keystoneclient.v2_0.ec2.EC2(manager, info, loaded=False)

Bases: Resource

delete()

keystoneclient.v2_0.endpoints module

class keystoneclient.v2_0.endpoints.Endpoint(manager, info, loaded=False)

Bases: Resource

Represents a Keystone endpoint.

class keystoneclient.v2_0.endpoints.EndpointManager(client)

Bases: ManagerWithFind

Manager class for manipulating Keystone endpoints.

create(region, service_id, publicurl, adminurl=None, internalurl=None)

Create a new endpoint.

delete(id)

Delete an endpoint.

list()

List all available endpoints.

resource_class

alias of Endpoint

keystoneclient.v2_0.extensions module

class keystoneclient.v2_0.extensions.Extension(manager, info, loaded=False)

Bases: Resource

Represents an Identity API extension.

class keystoneclient.v2_0.extensions.ExtensionManager(client)

Bases: ManagerWithFind

Manager class for listing Identity API extensions.

list()

List all available extensions.

resource_class

alias of Extension

keystoneclient.v2_0.roles module

class keystoneclient.v2_0.roles.Role(manager, info, loaded=False)

Bases: Resource

Represents a Keystone role.

delete()
class keystoneclient.v2_0.roles.RoleManager(client)

Bases: ManagerWithFind

Manager class for manipulating Keystone roles.

add_user_role(user, role, tenant=None)

Add a role to a user.

If tenant is specified, the role is added just for that tenant, otherwise the role is added globally.

create(name)

Create a role.

delete(role)

Delete a role.

get(role)
list()

List all available roles.

remove_user_role(user, role, tenant=None)

Remove a role from a user.

If tenant is specified, the role is removed just for that tenant, otherwise the role is removed from the user’s global roles.

resource_class

alias of Role

roles_for_user(user, tenant=None)

keystoneclient.v2_0.services module

class keystoneclient.v2_0.services.Service(manager, info, loaded=False)

Bases: Resource

Represents a Keystone service.

class keystoneclient.v2_0.services.ServiceManager(client)

Bases: ManagerWithFind

Manager class for manipulating Keystone services.

create(name, service_type, description=None)

Create a new service.

delete(id)

Delete a service.

get(id)

Retrieve a service by id.

list()

List available services.

resource_class

alias of Service

keystoneclient.v2_0.tenants module

class keystoneclient.v2_0.tenants.Tenant(manager, info, loaded=False)

Bases: Resource

Represents a Keystone tenant.

Attributes:
  • id: a uuid that identifies the tenant

  • name: tenant name

  • description: tenant description

  • enabled: boolean to indicate if tenant is enabled

add_user(user, role)
delete()
list_users()
remove_user(user, role)
update(name=None, description=None, enabled=None)
class keystoneclient.v2_0.tenants.TenantManager(client, role_manager, user_manager)

Bases: ManagerWithFind

Manager class for manipulating Keystone tenants.

add_user(tenant, user, role)

Add a user to a tenant with the given role.

create(tenant_name, description=None, enabled=True, **kwargs)

Create a new tenant.

delete(tenant)

Delete a tenant.

get(tenant_id)
list(limit=None, marker=None)

Get a list of tenants.

Parameters:
  • limit (integer) – maximum number to return. (optional)

  • marker (string) – use when specifying a limit and making multiple calls for querying. (optional)

Return type:

list of Tenant

list_users(tenant)

List users for a tenant.

remove_user(tenant, user, role)

Remove the specified role from the user on the tenant.

resource_class

alias of Tenant

update(tenant_id, tenant_name=None, description=None, enabled=None, **kwargs)

Update a tenant with a new name and description.

keystoneclient.v2_0.tokens module

class keystoneclient.v2_0.tokens.Token(manager, info, loaded=False)

Bases: Resource

property expires
property id
property tenant
class keystoneclient.v2_0.tokens.TokenManager(client)

Bases: Manager

authenticate(username=None, tenant_id=None, tenant_name=None, password=None, token=None, return_raw=False)
delete(token)
endpoints(token)
get_revoked()

Return the revoked tokens response.

The response will be a dict containing ‘signed’ which is a CMS-encoded document.

get_token_data(token)

Fetch the data about a token from the identity server.

Parameters:

token (str) – The token id.

Return type:

dict

resource_class

alias of Token

validate(token)

Validate a token.

Parameters:

token – Token to be validated.

Return type:

Token

validate_access_info(token)

Validate a token.

Parameters:

token – Token to be validated. This can be an instance of keystoneclient.access.AccessInfo or a string token_id.

Return type:

keystoneclient.access.AccessInfoV2

keystoneclient.v2_0.users module

class keystoneclient.v2_0.users.User(manager, info, loaded=False)

Bases: Resource

Represents a Keystone user.

delete()
list_roles(tenant=None)
class keystoneclient.v2_0.users.UserManager(client, role_manager)

Bases: ManagerWithFind

Manager class for manipulating Keystone users.

create(name, password=None, email=None, tenant_id=None, enabled=True)

Create a user.

delete(user)

Delete a user.

get(user)
list(tenant_id=None, limit=None, marker=None)

Get a list of users (optionally limited to a tenant).

Return type:

list of User

list_roles(user, tenant=None)
resource_class

alias of User

update(user, **kwargs)

Update user data.

Supported arguments include name, email, and enabled.

update_enabled(user, enabled)

Update enabled-ness.

update_own_password(origpasswd, passwd)

Update password.

update_password(user, password)

Update password.

update_tenant(user, tenant)

Update default tenant.

Module contents