Identity API v3

For details on how to use identity, see Using OpenStack Identity

The Identity v3 Class

The identity high-level interface is available through the identity member of a Connection object. The identity member will only be added if the service is detected.

Credential Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_credential(**attrs)

Create a new credential from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Credential, comprised of the properties on the Credential class.

Returns:

The results of credential creation

Return type:

Credential

delete_credential(credential, ignore_missing=True)

Delete a credential

Parameters:
  • credential – The value can be either the ID of a credential or a Credential instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the credential does not exist. When set to True, no exception will be set when attempting to delete a nonexistent credential.

Returns:

None

find_credential(name_or_id, ignore_missing=True)

Find a single credential

Parameters:
  • name_or_id – The name or ID of a credential.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Credential or None

get_credential(credential)

Get a single credential

Parameters:

credential – The value can be the ID of a credential or a Credential instance.

Returns:

One Credential

Raises:

NotFoundException when no resource can be found.

credentials(**query)

Retrieve a generator of credentials

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of credentials instances.

Return type:

Credential

update_credential(credential, **attrs)

Update a credential

Parameters:
  • credential – Either the ID of a credential or a Credential instance.

  • attrs – The attributes to update on the credential represented by credential.

Returns:

The updated credential

Return type:

Credential

Domain Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_domain(**attrs)

Create a new domain from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Domain, comprised of the properties on the Domain class.

Returns:

The results of domain creation

Return type:

Domain

delete_domain(domain, ignore_missing=True)

Delete a domain

Parameters:
  • domain – The value can be either the ID of a domain or a Domain instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the domain does not exist. When set to True, no exception will be set when attempting to delete a nonexistent domain.

Returns:

None

find_domain(name_or_id, ignore_missing=True)

Find a single domain

Parameters:
  • name_or_id – The name or ID of a domain.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Domain or None

get_domain(domain)

Get a single domain

Parameters:

domain – The value can be the ID of a domain or a Domain instance.

Returns:

One Domain

Raises:

NotFoundException when no resource can be found.

domains(**query)

Retrieve a generator of domains

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of domain instances.

Return type:

Domain

update_domain(domain, **attrs)

Update a domain

Parameters:
  • domain – Either the ID of a domain or a Domain instance.

  • attrs – The attributes to update on the domain represented by domain.

Returns:

The updated domain

Return type:

Domain

Domain Config Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_domain_config(domain, **attrs)

Create a new config for a domain from attributes.

Parameters:
  • domain – The value can be the ID of a domain or a Domain instance.

  • attrs (dict) – Keyword arguments which will be used to create a DomainConfig comprised of the properties on the DomainConfig class.

Returns:

The results of domain config creation

Return type:

DomainConfig

delete_domain_config(domain, ignore_missing=True)

Delete a config for a domain

Parameters:
  • domain – The value can be the ID of a domain or a a Domain instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the identity provider does not exist. When set to True, no exception will be set when attempting to delete a nonexistent config for a domain.

Returns:

None

get_domain_config(domain)

Get a single config for a domain

Parameters:

domain_id – The value can be the ID of a domain or a Domain instance.

Returns:

One DomainConfig

Raises:

NotFoundException when no resource can be found.

update_domain_config(domain, **attrs)

Update a config for a domain

Parameters:
  • domain_id – The value can be the ID of a domain or a Domain instance.

  • attrs – The attributes to update on the config for a domain represented by domain_id.

Returns:

The updated config for a domain

Return type:

DomainConfig

Endpoint Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_endpoint(**attrs)

Create a new endpoint from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Endpoint, comprised of the properties on the Endpoint class.

Returns:

The results of endpoint creation

Return type:

Endpoint

delete_endpoint(endpoint, ignore_missing=True)

Delete an endpoint

Parameters:
  • endpoint – The value can be either the ID of an endpoint or a Endpoint instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the endpoint does not exist. When set to True, no exception will be set when attempting to delete a nonexistent endpoint.

Returns:

None

find_endpoint(name_or_id, ignore_missing=True)

Find a single endpoint

Parameters:
  • name_or_id – The name or ID of a endpoint.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Endpoint or None

get_endpoint(endpoint)

Get a single endpoint

Parameters:

endpoint – The value can be the ID of an endpoint or a Endpoint instance.

Returns:

One Endpoint

Raises:

NotFoundException when no resource can be found.

endpoints(**query)

Retrieve a generator of endpoints

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of endpoint instances.

Return type:

Endpoint

update_endpoint(endpoint, **attrs)

Update a endpoint

Parameters:
  • endpoint – Either the ID of an endpoint or a Endpoint instance.

  • attrs – The attributes to update on the endpoint represented by endpoint.

Returns:

The updated endpoint

Return type:

Endpoint

Group Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_group(**attrs)

Create a new group from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Group, comprised of the properties on the Group class.

Returns:

The results of group creation

Return type:

Group

delete_group(group, ignore_missing=True)

Delete a group

Parameters:
  • group – The value can be either the ID of a group or a Group instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the group does not exist. When set to True, no exception will be set when attempting to delete a nonexistent group.

Returns:

None

find_group(name_or_id, ignore_missing=True, **query)

Find a single group

Parameters:
  • name_or_id – The name or ID of a group.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Group or None

get_group(group)

Get a single group

Parameters:

group – The value can be the ID of a group or a Group instance.

Returns:

One Group

Raises:

NotFoundException when no resource can be found.

groups(**query)

Retrieve a generator of groups

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of group instances.

Return type:

Group

update_group(group, **attrs)

Update a group

Parameters:
  • group – Either the ID of a group or a Group instance.

  • attrs – The attributes to update on the group represented by group.

Returns:

The updated group

Return type:

Group

add_user_to_group(user, group)

Add user to group

Parameters:
  • user – Either the ID of a user or a User instance.

  • group – Either the ID of a group or a Group instance.

Returns:

None

remove_user_from_group(user, group)

Remove user to group

Parameters:
  • user – Either the ID of a user or a User instance.

  • group – Either the ID of a group or a Group instance.

Returns:

None

check_user_in_group(user, group)

Check whether user belongsto group

Parameters:
  • user – Either the ID of a user or a User instance.

  • group – Either the ID of a group or a Group instance.

Returns:

A boolean representing current relation

group_users(group, **attrs)

List users in a group

Parameters:
  • group – Either the ID of a group or a Group instance.

  • attrs – Only password_expires_at can be filter for result.

Returns:

List of User

Policy Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_policy(**attrs)

Create a new policy from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Policy, comprised of the properties on the Policy class.

Returns:

The results of policy creation

Return type:

Policy

delete_policy(policy, ignore_missing=True)

Delete a policy

Parameters:
  • policy – The value can be either the ID of a policy or a Policy instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the policy does not exist. When set to True, no exception will be set when attempting to delete a nonexistent policy.

Returns:

None

find_policy(name_or_id, ignore_missing=True)

Find a single policy

Parameters:
  • name_or_id – The name or ID of a policy.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Policy or None

get_policy(policy)

Get a single policy

Parameters:

policy – The value can be the ID of a policy or a Policy instance.

Returns:

One Policy

Raises:

NotFoundException when no resource can be found.

policies(**query)

Retrieve a generator of policies

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of policy instances.

Return type:

Policy

update_policy(policy, **attrs)

Update a policy

Parameters:
  • policy – Either the ID of a policy or a Policy instance.

  • attrs – The attributes to update on the policy represented by policy.

Returns:

The updated policy

Return type:

Policy

Project Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_project(**attrs)

Create a new project from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Project, comprised of the properties on the Project class.

Returns:

The results of project creation

Return type:

Project

delete_project(project, ignore_missing=True)

Delete a project

Parameters:
  • project – The value can be either the ID of a project or a Project instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the project does not exist. When set to True, no exception will be set when attempting to delete a nonexistent project.

Returns:

None

find_project(name_or_id, ignore_missing=True, **query)

Find a single project

Parameters:
  • name_or_id – The name or ID of a project.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Project or None

get_project(project)

Get a single project

Parameters:

project – The value can be the ID of a project or a Project instance.

Returns:

One Project

Raises:

NotFoundException when no resource can be found.

projects(**query)

Retrieve a generator of projects

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of project instances.

Return type:

Project

user_projects(user, **query)
Retrieve a generator of projects to which the user has authorization

to access.

Parameters:
  • user – Either the user id or an instance of User

  • query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of project instances.

Return type:

UserProject

update_project(project, **attrs)

Update a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • attrs – The attributes to update on the project represented by project.

Returns:

The updated project

Return type:

Project

Service Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_service(**attrs)

Create a new service from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Service, comprised of the properties on the Service class.

Returns:

The results of service creation

Return type:

Service

delete_service(service, ignore_missing=True)

Delete a service

Parameters:
  • service – The value can be either the ID of a service or a Service instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the service does not exist. When set to True, no exception will be set when attempting to delete a nonexistent service.

Returns:

None

find_service(name_or_id, ignore_missing=True)

Find a single service

Parameters:
  • name_or_id – The name or ID of a service.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Service or None

get_service(service)

Get a single service

Parameters:

service – The value can be the ID of a service or a Service instance.

Returns:

One Service

Raises:

NotFoundException when no resource can be found.

services(**query)

Retrieve a generator of services

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of service instances.

Return type:

Service

update_service(service, **attrs)

Update a service

Parameters:
  • service – Either the ID of a service or a Service instance.

  • attrs – The attributes to update on the service represented by service.

Returns:

The updated service

Return type:

Service

User Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_user(**attrs)

Create a new user from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a User, comprised of the properties on the User class.

Returns:

The results of user creation

Return type:

User

delete_user(user, ignore_missing=True)

Delete a user

Parameters:
  • user – The value can be either the ID of a user or a User instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the user does not exist. When set to True, no exception will be set when attempting to delete a nonexistent user.

Returns:

None

find_user(name_or_id, ignore_missing=True, **query)

Find a single user

Parameters:
  • name_or_id – The name or ID of a user.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One User or None

get_user(user)

Get a single user

Parameters:

user – The value can be the ID of a user or a User instance.

Returns:

One User

Raises:

NotFoundException when no resource can be found.

users(**query)

Retrieve a generator of users

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of user instances.

Return type:

User

update_user(user, **attrs)

Update a user

Parameters:
  • user – Either the ID of a user or a User instance.

  • attrs – The attributes to update on the user represented by attrs.

Returns:

The updated user

Return type:

User

Trust Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_trust(**attrs)

Create a new trust from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Trust, comprised of the properties on the Trust class.

Returns:

The results of trust creation

Return type:

Trust

delete_trust(trust, ignore_missing=True)

Delete a trust

Parameters:
  • trust – The value can be either the ID of a trust or a Trust instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the credential does not exist. When set to True, no exception will be set when attempting to delete a nonexistent credential.

Returns:

None

find_trust(name_or_id, ignore_missing=True)

Find a single trust

Parameters:
  • name_or_id – The name or ID of a trust.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Trust or None

get_trust(trust)

Get a single trust

Parameters:

trust – The value can be the ID of a trust or a Trust instance.

Returns:

One Trust

Raises:

NotFoundException when no resource can be found.

trusts(**query)

Retrieve a generator of trusts

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of trust instances.

Return type:

Trust

Region Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_region(**attrs)

Create a new region from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Region, comprised of the properties on the Region class.

Returns:

The results of region creation.

Return type:

Region

delete_region(region, ignore_missing=True)

Delete a region

Parameters:
  • region – The value can be either the ID of a region or a Region instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the region does not exist. When set to True, no exception will be thrown when attempting to delete a nonexistent region.

Returns:

None

find_region(name_or_id, ignore_missing=True)

Find a single region

Parameters:
  • name_or_id – The name or ID of a region.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the region does not exist. When set to True, None will be returned when attempting to find a nonexistent region.

Returns:

One Region or None

get_region(region)

Get a single region

Parameters:

region – The value can be the ID of a region or a Region instance.

Returns:

One Region

Raises:

NotFoundException when no matching region can be found.

regions(**query)

Retrieve a generator of regions

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the regions being returned.

Returns:

A generator of region instances.

Return type:

Region

update_region(region, **attrs)

Update a region

Parameters:
  • region – Either the ID of a region or a Region instance.

  • attrs – The attributes to update on the region represented by region.

Returns:

The updated region.

Return type:

Region

Role Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_role(**attrs)

Create a new role from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Role, comprised of the properties on the Role class.

Returns:

The results of role creation.

Return type:

Role

delete_role(role, ignore_missing=True)

Delete a role

Parameters:
  • role – The value can be either the ID of a role or a Role instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the role does not exist. When set to True, no exception will be thrown when attempting to delete a nonexistent role.

Returns:

None

find_role(name_or_id, ignore_missing=True, **query)

Find a single role

Parameters:
  • name_or_id – The name or ID of a role.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the role does not exist. When set to True, None will be returned when attempting to find a nonexistent role.

Returns:

One Role or None

get_role(role)

Get a single role

Parameters:

role – The value can be the ID of a role or a Role instance.

Returns:

One Role

Raises:

NotFoundException when no matching role can be found.

roles(**query)

Retrieve a generator of roles

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned. The options are: domain_id, name.

Returns:

A generator of role instances.

Return type:

Role

update_role(role, **attrs)

Update a role

Parameters:
  • role – Either the ID of a role or a Role instance.

  • kwargs (dict) – The attributes to update on the role represented by value. Only name can be updated

Returns:

The updated role.

Return type:

Role

Role Assignment Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
role_assignments_filter(domain=None, project=None, system=None, group=None, user=None)

Retrieve a generator of roles assigned to user/group

Parameters:
  • domain – Either the ID of a domain or a Domain instance.

  • project – Either the ID of a project or a Project instance.

  • system – Either the system name or a System instance.

  • group – Either the ID of a group or a Group instance.

  • user – Either the ID of a user or a User instance.

Returns:

A generator of role instances.

Return type:

Role

role_assignments(**query)

Retrieve a generator of role assignments

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned. The options are: group_id, role_id, scope_domain_id, scope_project_id, inherited_to, user_id, include_names, include_subtree.

Returns:

RoleAssignment

assign_domain_role_to_user(domain, user, role, *, inherited=False)

Assign role to user on a domain

Parameters:
  • domain – Either the ID of a domain or a Domain instance.

  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

unassign_domain_role_from_user(domain, user, role, *, inherited=False)

Unassign role from user on a domain

Parameters:
  • domain – Either the ID of a domain or a Domain instance.

  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

validate_user_has_domain_role(domain, user, role, *, inherited=False)

Validates that a user has a role on a domain

Parameters:
  • domain – Either the ID of a domain or a Domain instance.

  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

Returns:

True if user has role in domain

assign_domain_role_to_group(domain, group, role, *, inherited=False)

Assign role to group on a domain

Parameters:
  • domain – Either the ID of a domain or a Domain instance.

  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

unassign_domain_role_from_group(domain, group, role, *, inherited=False)

Unassign role from group on a domain

Parameters:
  • domain – Either the ID of a domain or a Domain instance.

  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

validate_group_has_domain_role(domain, group, role, *, inherited=False)

Validates that a group has a role on a domain

Parameters:
  • domain – Either the ID of a domain or a Domain instance.

  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

Returns:

True if group has role on domain

assign_project_role_to_user(project, user, role, *, inherited=False)

Assign role to user on a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

unassign_project_role_from_user(project, user, role, *, inherited=False)

Unassign role from user on a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

validate_user_has_project_role(project, user, role, *, inherited=False)

Validates that a user has a role on a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

Returns:

True if user has role in project

assign_project_role_to_group(project, group, role, *, inherited=False)

Assign role to group on a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

unassign_project_role_from_group(project, group, role, *, inherited=False)

Unassign role from group on a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

  • inherited (bool) – Whether the role assignment is inherited.

Returns:

None

validate_group_has_project_role(project, group, role, *, inherited=False)

Validates that a group has a role on a project

Parameters:
  • project – Either the ID of a project or a Project instance.

  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

Returns:

True if group has role in project

assign_system_role_to_user(user, role, system)

Assign a role to user on a system

Parameters:
  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

  • system – The system name

Returns:

None

unassign_system_role_from_user(user, role, system)

Unassign a role from user on a system

Parameters:
  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

  • system – The system name

Returns:

None

validate_user_has_system_role(user, role, system)

Validates that a user has a role on a system

Parameters:
  • user – Either the ID of a user or a User instance.

  • role – Either the ID of a role or a Role instance.

  • system – The system name

Returns:

True if user has role in system

assign_system_role_to_group(group, role, system)

Assign a role to group on a system

Parameters:
  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

  • system – The system name

Returns:

None

unassign_system_role_from_group(group, role, system)

Unassign a role from group on a system

Parameters:
  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

  • system – The system name

Returns:

None

validate_group_has_system_role(group, role, system)

Validates that a group has a role on a system

Parameters:
  • group – Either the ID of a group or a Group instance.

  • role – Either the ID of a role or a Role instance.

  • system – The system name

Returns:

True if group has role on system

Registered Limit Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
registered_limits(**query)

Retrieve a generator of registered_limits

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the registered_limits being returned.

Returns:

A generator of registered_limits instances.

Return type:

RegisteredLimit

get_registered_limit(registered_limit)

Get a single registered_limit

Parameters:

registered_limit – The value can be the ID of a registered_limit or a RegisteredLimit instance.

Returns:

One RegisteredLimit

Raises:

NotFoundException when no resource can be found.

create_registered_limit(**attrs)

Create a new registered_limit from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a RegisteredLimit, comprised of the properties on the RegisteredLimit class.

Returns:

The results of registered_limit creation.

Return type:

RegisteredLimit

update_registered_limit(registered_limit, **attrs)

Update a registered_limit

Parameters:
  • registered_limit – Either the ID of a registered_limit. or a RegisteredLimit instance.

  • kwargs (dict) – The attributes to update on the registered_limit represented by value.

Returns:

The updated registered_limit.

Return type:

RegisteredLimit

delete_registered_limit(registered_limit, ignore_missing=True)

Delete a registered_limit

Parameters:
  • registered_limit – The value can be either the ID of a registered_limit or a RegisteredLimit instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the registered_limit does not exist. When set to True, no exception will be thrown when attempting to delete a nonexistent registered_limit.

Returns:

None

Limit Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
limits(**query)

Retrieve a generator of limits

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the limits being returned.

Returns:

A generator of limits instances.

Return type:

Limit

get_limit(limit)

Get a single limit

Parameters:

limit – The value can be the ID of a limit or a Limit instance.

Returns:

One Limit

Raises:

NotFoundException when no resource can be found.

create_limit(**attrs)

Create a new limit from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Limit, comprised of the properties on the Limit class.

Returns:

The results of limit creation.

Return type:

Limit

update_limit(limit, **attrs)

Update a limit

Parameters:
  • limit – Either the ID of a limit. or a Limit instance.

  • kwargs (dict) – The attributes to update on the limit represented by value.

Returns:

The updated limit.

Return type:

Limit

delete_limit(limit, ignore_missing=True)

Delete a limit

Parameters:
  • limit – The value can be either the ID of a limit or a Limit instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the limit does not exist. When set to True, no exception will be thrown when attempting to delete a nonexistent limit.

Returns:

None

Application Credential Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
application_credentials(user, **query)

Retrieve a generator of application credentials

Parameters:
  • user – Either the ID of a user or a User instance.

  • query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of application credentials instances.

Return type:

ApplicationCredential

get_application_credential(user, application_credential)

Get a single application credential

Parameters:
  • user – Either the ID of a user or a User instance.

  • application_credential – The value can be the ID of a application credential or a ApplicationCredential instance.

Returns:

One ApplicationCredential

Raises:

NotFoundException when no resource can be found.

create_application_credential(user, name, **attrs)

Create a new application credential from attributes

Parameters:
  • user – Either the ID of a user or a User instance.

  • name – The name of the application credential which is unique to the user.

  • attrs (dict) – Keyword arguments which will be used to create a ApplicationCredential, comprised of the properties on the ApplicationCredential class.

Returns:

The results of application credential creation.

Return type:

ApplicationCredential

find_application_credential(user, name_or_id, ignore_missing=True, **query)

Find a single application credential

Parameters:
  • user – Either the ID of a user or a User instance.

  • name_or_id – The name or ID of an application credential.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One ApplicationCredential or None

delete_application_credential(user, application_credential, ignore_missing=True)

Delete an application credential

Parameters:
  • user – Either the ID of a user or a User instance.

  • credential (application) – The value can be either the ID of an application credential or a ApplicationCredential instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the application credential does not exist. When set to True, no exception will be thrown when attempting to delete a nonexistent application credential.

Returns:

None

Federation Protocol Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_federation_protocol(idp_id, **attrs)

Create a new federation protocol from attributes

Parameters:
  • idp_id – The ID of the identity provider or a IdentityProvider representing the identity provider the protocol is to be attached to.

  • attrs (dict) – Keyword arguments which will be used to create a FederationProtocol, comprised of the properties on the FederationProtocol class.

Returns:

The results of federation protocol creation

Return type:

FederationProtocol

delete_federation_protocol(idp_id, protocol, ignore_missing=True)

Delete a federation protocol

Parameters:
  • idp_id – The ID of the identity provider or a IdentityProvider representing the identity provider the protocol is attached to. Can be None if protocol is a FederationProtocol instance.

  • protocol – The ID of a federation protocol or a FederationProtocol instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the federation protocol does not exist. When set to True, no exception will be set when attempting to delete a nonexistent federation protocol.

Returns:

None

find_federation_protocol(idp_id, protocol, ignore_missing=True)

Find a single federation protocol

Parameters:
  • idp_id – The ID of the identity provider or a IdentityProvider representing the identity provider the protocol is attached to.

  • protocol – The name or ID of a federation protocol.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One federation protocol or None

Return type:

FederationProtocol

get_federation_protocol(idp_id, protocol)

Get a single federation protocol

Parameters:
  • idp_id – The ID of the identity provider or a IdentityProvider representing the identity provider the protocol is attached to. Can be None if protocol is a FederationProtocol

  • protocol – The value can be the ID of a federation protocol or a FederationProtocol instance.

Returns:

One federation protocol

Return type:

FederationProtocol

Raises:

NotFoundException when no resource can be found.

federation_protocols(idp_id, **query)

Retrieve a generator of federation protocols

Parameters:
  • idp_id – The ID of the identity provider or a IdentityProvider representing the identity provider the protocol is attached to.

  • query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of federation protocol instances.

Return type:

FederationProtocol

update_federation_protocol(idp_id, protocol, **attrs)

Update a federation protocol

Parameters:
  • idp_id – The ID of the identity provider or a IdentityProvider representing the identity provider the protocol is attached to. Can be None if protocol is a FederationProtocol

  • protocol – Either the ID of a federation protocol or a FederationProtocol instance.

  • attrs – The attributes to update on the federation protocol represented by protocol.

Returns:

The updated federation protocol

Return type:

FederationProtocol

Mapping Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_mapping(**attrs)

Create a new mapping from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a Mapping, comprised of the properties on the Mapping class.

Returns:

The results of mapping creation

Return type:

Mapping

delete_mapping(mapping, ignore_missing=True)

Delete a mapping

Parameters:
  • mapping – The ID of a mapping or a Mapping instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the mapping does not exist. When set to True, no exception will be set when attempting to delete a nonexistent mapping.

Returns:

None

find_mapping(name_or_id, ignore_missing=True)

Find a single mapping

Parameters:
  • name_or_id – The name or ID of a mapping.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

One Mapping or None

get_mapping(mapping)

Get a single mapping

Parameters:

mapping – The value can be the ID of a mapping or a Mapping instance.

Returns:

One Mapping

Raises:

NotFoundException when no resource can be found.

mappings(**query)

Retrieve a generator of mappings

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of mapping instances.

Return type:

Mapping

update_mapping(mapping, **attrs)

Update a mapping

Parameters:
  • mapping – Either the ID of a mapping or a Mapping instance.

  • attrs – The attributes to update on the mapping represented by mapping.

Returns:

The updated mapping

Return type:

Mapping

Identity Provider Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_identity_provider(**attrs)

Create a new identity provider from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a IdentityProvider comprised of the properties on the IdentityProvider class.

Returns:

The results of identity provider creation

Return type:

IdentityProvider

delete_identity_provider(identity_provider, ignore_missing=True)

Delete an identity provider

Parameters:
  • mapping – The ID of an identity provoder or a IdentityProvider instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the identity provider does not exist. When set to True, no exception will be set when attempting to delete a nonexistent identity provider.

Returns:

None

find_identity_provider(name_or_id, ignore_missing=True)

Find a single identity provider

Parameters:
  • name_or_id – The name or ID of an identity provider

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

The details of an identity provider or None.

Return type:

IdentityProvider

get_identity_provider(identity_provider)

Get a single mapping

Parameters:

mapping – The value can be the ID of an identity provider or a IdentityProvider instance.

Returns:

The details of an identity provider.

Return type:

IdentityProvider

Raises:

NotFoundException when no resource can be found.

identity_providers(**query)

Retrieve a generator of identity providers

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of identity provider instances.

Return type:

IdentityProvider

update_identity_provider(identity_provider, **attrs)

Update a mapping

Parameters:
  • mapping – Either the ID of an identity provider or a IdentityProvider instance.

  • attrs – The attributes to update on the identity_provider represented by identity_provider.

Returns:

The updated identity provider.

Return type:

IdentityProvider

Access Rule Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
access_rules(user, **query)

Retrieve a generator of access rules

Parameters:
  • user – Either the ID of a user or a User instance.

  • query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of access rules instances.

Return type:

AccessRule

access_rules(user, **query)

Retrieve a generator of access rules

Parameters:
  • user – Either the ID of a user or a User instance.

  • query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of access rules instances.

Return type:

AccessRule

delete_access_rule(user, access_rule, ignore_missing=True)

Delete an access rule

Parameters:
  • user – Either the ID of a user or a User instance.

  • rule (access) – The value can be either the ID of an access rule or a AccessRule instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the access rule does not exist. When set to True, no exception will be thrown when attempting to delete a nonexistent access rule.

Returns:

None

Service Provider Operations

class openstack.identity.v3._proxy.Proxy(session, statsd_client=None, statsd_prefix=None, prometheus_counter=None, prometheus_histogram=None, influxdb_config=None, influxdb_client=None, *args, **kwargs)
create_service_provider(**attrs)

Create a new service provider from attributes

Parameters:

attrs (dict) – Keyword arguments which will be used to create a ServiceProvider, comprised of the properties on the ServiceProvider class.

Returns:

The results of service provider creation

Return type:

ServiceProvider

delete_service_provider(service_provider, ignore_missing=True)

Delete a service provider

Parameters:
  • service_provider – The ID of a service provider or a ServiceProvider instance.

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the service provider does not exist. When set to True, no exception will be set when attempting to delete a nonexistent service provider.

Returns:

None

find_service_provider(name_or_id, ignore_missing=True)

Find a single service provider

Parameters:
  • name_or_id – The name or ID of a service provider

  • ignore_missing (bool) – When set to False NotFoundException will be raised when the resource does not exist. When set to True, None will be returned when attempting to find a nonexistent resource.

Returns:

The details of an service provider or None.

Return type:

ServiceProvider

get_service_provider(service_provider)

Get a single service provider

Parameters:

service_provider – The value can be the ID of a service provider or a ServiceProvider instance.

Returns:

The details of an service provider.

Return type:

ServiceProvider

Raises:

NotFoundException when no resource can be found.

service_providers(**query)

Retrieve a generator of service providers

Parameters:

query (kwargs) – Optional query parameters to be sent to limit the resources being returned.

Returns:

A generator of service provider instances.

Return type:

ServiceProvider

update_service_provider(service_provider, **attrs)

Update a service provider

Parameters:
  • service_provider – Either the ID of an service provider or a ServiceProvider instance.

  • attrs – The attributes to update on the service provider represented by service_provider.

Returns:

The updated service provider.

Return type:

ServiceProvider