keystone.identity.backends.base.
IdentityDriverBase
[source]¶Bases: object
Interface description for an Identity driver.
The schema for users and groups is different depending on whether the driver is domain aware or not (as returned by self.is_domain_aware()).
If the driver is not domain aware:
The password_expires_at in the user schema is a read-only attribute, meaning that it is expected in the response, but not in the request.
User schema (if driver is domain aware):
type: object
properties:
id:
type: string
name:
type: string
domain_id:
type: string
password:
type: string
password_expires_at:
type: datetime
enabled:
type: boolean
default_project_id:
type: string
required: [id, name, domain_id, enabled]
additionalProperties: True
User schema (if driver is not domain aware):
type: object
properties:
id:
type: string
name:
type: string
password:
type: string
password_expires_at:
type: datetime
enabled:
type: boolean
default_project_id:
type: string
required: [id, name, enabled]
additionalProperties: True
# Note that domain_id is not allowed as a property
Group schema (if driver is domain aware):
type: object
properties:
id:
type: string
name:
type: string
domain_id:
type: string
description:
type: string
required: [id, name, domain_id]
additionalProperties: True
Group schema (if driver is not domain aware):
type: object
properties:
id:
type: string
name:
type: string
description:
type: string
required: [id, name]
additionalProperties: True
# Note that domain_id is not allowed as a property
add_user_to_group
(user_id, group_id)[source]¶Add a user to a group.
Parameters: |
|
---|---|
Raises: |
|
authenticate
(user_id, password)[source]¶Authenticate a given user and password.
Parameters: |
|
---|---|
Returns: | user. See user schema in |
Return type: | dict |
Raises: | AssertionError – If user or password is invalid. |
change_password
(user_id, new_password)[source]¶Self-service password change.
Parameters: |
|
---|---|
Raises: |
|
check_user_in_group
(user_id, group_id)[source]¶Check if a user is a member of a group.
Parameters: |
|
---|---|
Raises: |
|
create_group
(group_id, group)[source]¶Create a new group.
Parameters: |
|
---|---|
Returns: | group, matching the group schema. |
Return type: | dict |
Raises: | keystone.exception.Conflict – If a duplicate group exists. |
create_user
(user_id, user)[source]¶Create a new user.
Parameters: |
|
---|---|
Returns: | user, matching the user schema. The driver should not return the password. |
Return type: | dict |
Raises: | keystone.exception.Conflict – If a duplicate user exists. |
delete_group
(group_id)[source]¶Delete an existing group.
Parameters: | group_id (str) – Group ID. |
---|---|
Raises: | keystone.exception.GroupNotFound – If the group doesn’t exist. |
delete_user
(user_id)[source]¶Delete an existing user.
Raises: | keystone.exception.UserNotFound – If the user doesn’t exist. |
---|
get_group
(group_id)[source]¶Get a group by ID.
Parameters: | group_id (str) – group ID. |
---|---|
Returns: | group info. See group schema in IdentityDriverBase |
Return type: | dict |
Raises: | keystone.exception.GroupNotFound – If the group doesn’t exist. |
get_group_by_name
(group_name, domain_id)[source]¶Get a group by name.
Parameters: |
|
---|---|
Returns: | group info. See group schema in
|
Return type: | dict |
Raises: | keystone.exception.GroupNotFound – If the group doesn’t exist. |
get_user
(user_id)[source]¶Get a user by ID.
Parameters: | user_id (str) – User ID. |
---|---|
Returns: | user. See user schema in IdentityDriverBase . |
Return type: | dict |
Raises: | keystone.exception.UserNotFound – If the user doesn’t exist. |
get_user_by_name
(user_name, domain_id)[source]¶Get a user by name.
Returns: | user_ref |
---|---|
Raises: | keystone.exception.UserNotFound – If the user doesn’t exist. |
is_sql
¶Indicate if this Driver uses SQL.
list_groups
(hints)[source]¶List groups in the system.
Parameters: | hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible. |
---|---|
Returns: | a list of group_refs or an empty list. See group schema in
IdentityDriverBase . |
list_groups_for_user
(user_id, hints)[source]¶List groups a user is in.
Parameters: |
|
---|---|
Returns: | a list of group_refs or an empty list. See group schema in
|
Raises: | keystone.exception.UserNotFound – If the user doesn’t exist. |
list_users
(hints)[source]¶List users in the system.
Parameters: | hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible. |
---|---|
Returns: | a list of users or an empty list. See user schema in
IdentityDriverBase . |
Return type: | list of dict |
list_users_in_group
(group_id, hints)[source]¶List users in a group.
Parameters: |
|
---|---|
Returns: | a list of users or an empty list. See user schema in
|
Return type: | list of dict |
Raises: | keystone.exception.GroupNotFound – If the group doesn’t exist. |
multiple_domains_supported
¶remove_user_from_group
(user_id, group_id)[source]¶Remove a user from a group.
Parameters: |
|
---|---|
Raises: | keystone.exception.NotFound – If the user is not in the group. |
unset_default_project_id
(project_id)[source]¶Unset a user’s default project given a specific project ID.
Parameters: | project_id (str) – project ID |
---|
update_group
(group_id, group)[source]¶Update an existing group.
Parameters: |
|
---|---|
Returns: | group, matching the group schema. |
Return type: | dict |
Raises: |
|
update_user
(user_id, user)[source]¶Update an existing user.
Parameters: |
|
---|---|
Returns: | user. See user schema in |
Raises: |
|
keystone.identity.backends.sql.
Identity
(conf=None)[source]¶Bases: keystone.identity.backends.base.IdentityDriverBase
is_sql
¶keystone.identity.backends.sql_model.
FederatedUser
(*args, **kwargs)[source]¶Bases: sqlalchemy.ext.declarative.api.Base
, keystone.common.sql.core.ModelDictMixin
attributes
= ['id', 'user_id', 'idp_id', 'protocol_id', 'unique_id', 'display_name']¶display_name
¶id
¶idp_id
¶protocol_id
¶unique_id
¶user_id
¶keystone.identity.backends.sql_model.
Group
(*args, **kwargs)[source]¶Bases: sqlalchemy.ext.declarative.api.Base
, keystone.common.sql.core.ModelDictMixinWithExtras
attributes
= ['id', 'name', 'domain_id', 'description']¶description
¶domain_id
¶extra
¶id
¶name
¶keystone.identity.backends.sql_model.
LocalUser
(*args, **kwargs)[source]¶Bases: sqlalchemy.ext.declarative.api.Base
, keystone.common.sql.core.ModelDictMixin
attributes
= ['id', 'user_id', 'domain_id', 'name']¶domain_id
¶failed_auth_at
¶failed_auth_count
¶id
¶name
¶passwords
¶user_id
¶keystone.identity.backends.sql_model.
NonLocalUser
(*args, **kwargs)[source]¶Bases: sqlalchemy.ext.declarative.api.Base
, keystone.common.sql.core.ModelDictMixin
SQL data model for nonlocal users (LDAP and custom).
attributes
= ['domain_id', 'name', 'user_id']¶domain_id
¶name
¶user_id
¶keystone.identity.backends.sql_model.
Password
(*args, **kwargs)[source]¶Bases: sqlalchemy.ext.declarative.api.Base
, keystone.common.sql.core.ModelDictMixin
attributes
= ['id', 'local_user_id', 'password', 'password_hash', 'created_at', 'expires_at']¶created_at
¶created_at_int
¶expires_at
¶expires_at_int
¶id
¶local_user_id
¶password
¶password_hash
¶self_service
¶keystone.identity.backends.sql_model.
User
(*args, **kwargs)[source]¶Bases: sqlalchemy.ext.declarative.api.Base
, keystone.common.sql.core.ModelDictMixinWithExtras
attributes
= ['id', 'name', 'domain_id', 'password', 'enabled', 'default_project_id', 'password_expires_at']¶created_at
¶default_project_id
¶domain_id
¶enabled
¶Return whether user is enabled or not.
extra
¶federated_users
¶from_dict
(user_dict)[source]¶Override from_dict to remove password_expires_at attribute.
Overriding this method to remove password_expires_at attribute to support update_user and unit tests where password_expires_at inadvertently gets added by calling to_dict followed by from_dict.
Parameters: | user_dict – User entity dictionary |
---|---|
Returns User: | User object |
id
¶last_active_at
¶local_user
¶name
¶Return the current user name.
nonlocal_user
¶password
¶Return the current password.
password_created_at
¶Return when password was created at.
password_expires_at
¶Return when password expires at.
password_is_expired
¶Return whether password is expired or not.
password_ref
¶Return the current password ref.
readonly_attributes
= ['id', 'password_expires_at', 'password']¶resource_options_registry
= <keystone.common.resource_options.ResourceOptionRegistry object>¶keystone.identity.backends.sql_model.
UserGroupMembership
(*args, **kwargs)[source]¶Bases: sqlalchemy.ext.declarative.api.Base
, keystone.common.sql.core.ModelDictMixin
Group membership join table.
group_id
¶user_id
¶Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.