Workflow Logic the Resource service.
keystone.resource.controllers.
DomainConfigV3
(*args, **kwargs)[source]¶Bases: keystone.common.controller.V3Controller
member_name
= 'config'¶keystone.resource.controllers.
DomainV3
[source]¶Bases: keystone.common.controller.V3Controller
collection_name
= 'domains'¶member_name
= 'domain'¶keystone.resource.controllers.
ProjectV3
[source]¶Bases: keystone.common.controller.V3Controller
collection_name
= 'projects'¶member_name
= 'project'¶Main entry point into the Resource service.
keystone.resource.core.
DomainConfigManager
(*args, **kwargs)[source]¶Bases: keystone.common.manager.Manager
Default pivot point for the Domain Config backend.
create_config
(*args, **kwargs)[source]¶Create config for a domain.
Parameters: |
|
---|
Creates a new config, overwriting any previous config (no Conflict error will be generated).
Returns: | a dict of group dicts containing the options, with any that are sensitive removed |
---|---|
Raises: | keystone.exception.InvalidDomainConfig – when the config contains options we do not support |
delete_config
(*args, **kwargs)[source]¶Delete config, or partial config, for the domain.
Parameters: |
|
---|
If group and option are None, then the entire config for the domain is deleted. If group is not None, then just that group of options will be deleted. If group and option are both specified, then just that option is deleted.
Raises: | keystone.exception.InvalidDomainConfig – when group/option parameters specify an option we do not support or one that does not exist in the original config. |
---|
driver_namespace
= 'keystone.resource.domain_config'¶get_config
(*args, **kwargs)[source]¶Get config, or partial config, for a domain.
Parameters: |
|
---|---|
Returns: | a dict of group dicts containing the whitelisted options, filtered by group and option specified |
Raises: |
|
An example response:
{
'ldap': {
'url': 'myurl'
'user_tree_dn': 'OU=myou'},
'identity': {
'driver': 'ldap'}
}
get_config_default
(*args, **kwargs)[source]¶Get default config, or partial default config.
Parameters: |
|
---|---|
Returns: | a dict of group dicts containing the default options, filtered by group and option if specified |
Raises: | keystone.exception.InvalidDomainConfig – when the config and group/option parameters specify an option we do not support (or one that is not whitelisted). |
An example response:
{
'ldap': {
'url': 'myurl',
'user_tree_dn': 'OU=myou',
....},
'identity': {
'driver': 'ldap'}
}
get_config_with_sensitive_info
(*args, **kwargs)[source]¶Get config for a domain with sensitive info included.
This method is not exposed via the public API, but is used by the identity manager to initialize a domain with the fully formed config options.
get_security_compliance_config
(*args, **kwargs)[source]¶Get full or partial security compliance config from configuration.
Parameters: |
|
---|---|
Returns: | a dict of group dicts containing the whitelisted options, filtered by group and option specified |
Raises: | keystone.exception.InvalidDomainConfig – when the config and group/option parameters specify an option we do not support |
An example response:
{
'security_compliance': {
'password_regex': '^(?=.*\d)(?=.*[a-zA-Z]).{7,}$'
'password_regex_description':
'A password must consist of at least 1 letter, '
'1 digit, and have a minimum length of 7 characters'
}
}
sensitive_options
= {'identity': [], 'ldap': ['password']}¶update_config
(*args, **kwargs)[source]¶Update config, or partial config, for a domain.
Parameters: |
|
---|
The contents of the supplied config will be merged with the existing config for this domain, updating or creating new options if these did not previously exist. If group or option is specified, then the update will be limited to those specified items and the inclusion of other options in the supplied config will raise an exception, as will the situation when those options do not already exist in the current config.
Returns: | a dict of groups containing all whitelisted options |
---|---|
Raises: | keystone.exception.InvalidDomainConfig – when the config and group/option parameters specify an option we do not support or one that does not exist in the original config |
whitelisted_options
= {'identity': ['driver', 'list_limit'], 'ldap': ['url', 'user', 'suffix', 'query_scope', 'page_size', 'alias_dereferencing', 'debug_level', 'chase_referrals', 'user_tree_dn', 'user_filter', 'user_objectclass', 'user_id_attribute', 'user_name_attribute', 'user_mail_attribute', 'user_description_attribute', 'user_pass_attribute', 'user_enabled_attribute', 'user_enabled_invert', 'user_enabled_mask', 'user_enabled_default', 'user_attribute_ignore', 'user_default_project_id_attribute', 'user_enabled_emulation', 'user_enabled_emulation_dn', 'user_enabled_emulation_use_group_config', 'user_additional_attribute_mapping', 'group_tree_dn', 'group_filter', 'group_objectclass', 'group_id_attribute', 'group_name_attribute', 'group_members_are_ids', 'group_member_attribute', 'group_desc_attribute', 'group_attribute_ignore', 'group_additional_attribute_mapping', 'tls_cacertfile', 'tls_cacertdir', 'use_tls', 'tls_req_cert', 'use_pool', 'pool_size', 'pool_retry_max', 'pool_retry_delay', 'pool_connection_timeout', 'pool_connection_lifetime', 'use_auth_pool', 'auth_pool_size', 'auth_pool_connection_lifetime']}¶keystone.resource.core.
Manager
(*args, **kwargs)[source]¶Bases: keystone.common.manager.Manager
Default pivot point for the Resource backend.
See keystone.common.manager.Manager
for more details on how this
dynamically calls the backend.
assert_domain_enabled
(*args, **kwargs)[source]¶Assert the Domain is enabled.
Raises: | AssertionError – if domain is disabled. |
---|
assert_domain_not_federated
(*args, **kwargs)[source]¶Assert the Domain’s name and id do not match the reserved keyword.
Note that the reserved keyword is defined in the configuration file, by default, it is ‘Federated’, it is also case insensitive. If config’s option is empty the default hardcoded value ‘Federated’ will be used.
Raises: | AssertionError – if domain named match the value in the config. |
---|
assert_project_enabled
(*args, **kwargs)[source]¶Assert the project is enabled and its associated domain is enabled.
Raises: | AssertionError – if the project or domain is disabled. |
---|
delete_project
(*args, **kwargs)[source]¶Delete one project or a subtree.
Parameters: | cascade (boolean) – If true, the specified project and all its sub-projects are deleted. Otherwise, only the specified project is deleted. |
---|---|
Raises: |
|
driver_namespace
= 'keystone.resource'¶ensure_default_domain_exists
(*args, **kwargs)[source]¶Create the default domain if it doesn’t exist.
This is only used for the v2 API and can go away when V2 does.
get_project_parents_as_ids
(*args, **kwargs)[source]¶Get the IDs from the parents from a given project.
The project IDs are returned as a structured dictionary traversing up the hierarchy to the top level project. For example, considering the following project hierarchy:
A
|
+-B-+
| |
C D
If we query for project C parents, the expected return is the following dictionary:
'parents': {
B['id']: {
A['id']: None
}
}
get_projects_in_subtree_as_ids
(*args, **kwargs)[source]¶Get the IDs from the projects in the subtree from a given project.
The project IDs are returned as a structured dictionary representing their hierarchy. For example, considering the following project hierarchy:
A
|
+-B-+
| |
C D
If we query for project A subtree, the expected return is the following dictionary:
'subtree': {
B['id']: {
C['id']: None,
D['id']: None
}
}
WSGI Routers for the Resource service.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.