keystoneclient.v2_0 package¶
Submodules¶
keystoneclient.v2_0.certificates module¶
keystoneclient.v2_0.client module¶
-
class
keystoneclient.v2_0.client.
Client
(**kwargs)¶ Bases:
keystoneclient.httpclient.HTTPClient
Client for the OpenStack Keystone v2.0 API.
- Parameters
username (string) – Username for authentication. (optional)
password (string) – Password for authentication. (optional)
token (string) – Token for authentication. (optional)
tenant_id (string) – Tenant id. (optional)
tenant_name (string) – Tenant name. (optional)
auth_url (string) – Keystone service endpoint for authorization.
region_name (string) – Name of a region to select when choosing an endpoint from the service catalog.
endpoint (string) – A user-supplied endpoint URL for the keystone service. Lazy-authentication is possible for API service calls if endpoint is set at instantiation.(optional)
timeout (integer) – Allows customization of the timeout for client http requests. (optional)
original_ip (string) – The original IP of the requesting user which will be sent to Keystone in a ‘Forwarded’ header. (optional)
cert (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the corresponding X.509 client certificate needed to established two-way SSL connection with the identity service. (optional)
key (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the unencrypted client private key needed to established two-way SSL connection with the identity service. (optional)
cacert (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the trusted authority X.509 certificates needed to established SSL connection with the identity service. (optional)
insecure (boolean) – Does not perform X.509 certificate validation when establishing SSL connection with identity service. default: False (optional)
auth_ref (dict) – To allow for consumers of the client to manage their own caching strategy, you may initialize a client with a previously captured auth_reference (token)
debug (boolean) – Enables debug logging of all request and responses to keystone. default False (option)
Warning
If debug is enabled, it may show passwords in plain text as a part of its output.
Warning
Constructing an instance of this class without a session is deprecated as of the 1.7.0 release and will be removed in the 2.0.0 release.
The client can be created and used like a user or in a strictly bootstrap mode. Normal operation expects a username, password, auth_url, and tenant_name or id to be provided. Other values will be lazily loaded as needed from the service catalog.
Example:
>>> from keystoneauth1.identity import v2 >>> from keystoneauth1 import session >>> from keystoneclient.v2_0 import client >>> auth = v2.Password(auth_url=KEYSTONE_URL, ... username=USER, ... password=PASS, ... tenant_name=TENANT_NAME) >>> sess = session.Session(auth=auth) >>> keystone = client.Client(session=sess) >>> keystone.tenants.list() ... >>> user = keystone.users.get(USER_ID) >>> user.delete()
Once authenticated, you can store and attempt to re-use the authenticated token. the auth_ref property on the client returns as a dictionary-like-object so that you can export and cache it, re-using it when initiating another client:
>>> from keystoneauth1.identity import v2 >>> from keystoneauth1 import session >>> from keystoneclient.v2_0 import client >>> auth = v2.Password(auth_url=KEYSTONE_URL, ... username=USER, ... password=PASS, ... tenant_name=TENANT_NAME) >>> sess = session.Session(auth=auth) >>> keystone = client.Client(session=sess) >>> auth_ref = keystone.auth_ref >>> # pickle or whatever you like here >>> new_client = client.Client(auth_ref=auth_ref)
Alternatively, you can provide the administrative token configured in keystone and an endpoint to communicate with directly. See (
admin_token
inkeystone.conf
) In this case, authenticate() is not needed, and no service catalog will be loaded.Example:
>>> from keystoneauth1.identity import v2 >>> from keystoneauth1 import session >>> from keystoneclient.v2_0 import client >>> auth = v2.Token(auth_url='http://localhost:35357/v2.0', ... token='12345secret7890') >>> sess = session.Session(auth=auth) >>> keystone = client.Client(session=sess) >>> keystone.tenants.list()
-
get_raw_token_from_identity_service
(auth_url, username=None, password=None, tenant_name=None, tenant_id=None, token=None, project_name=None, project_id=None, trust_id=None, **kwargs)¶ Authenticate against the v2 Identity API.
If a token is provided it will be used in preference over username and password.
- Returns
access.AccessInfo if authentication was successful.
- Raises
keystoneclient.exceptions.AuthorizationFailure – if unable to authenticate or validate the existing authorization token
-
version
= 'v2.0'¶
keystoneclient.v2_0.ec2 module¶
-
class
keystoneclient.v2_0.ec2.
CredentialsManager
(client)¶ Bases:
keystoneclient.base.ManagerWithFind
-
create
(user_id, tenant_id)¶ Create a new access/secret pair for the user/tenant pair.
- Return type
object of type
EC2
-
delete
(user_id, access)¶ Delete an access/secret pair for a user.
-
-
class
keystoneclient.v2_0.ec2.
EC2
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
-
delete
()¶
-
keystoneclient.v2_0.endpoints module¶
-
class
keystoneclient.v2_0.endpoints.
Endpoint
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents a Keystone endpoint.
-
class
keystoneclient.v2_0.endpoints.
EndpointManager
(client)¶ Bases:
keystoneclient.base.ManagerWithFind
Manager class for manipulating Keystone endpoints.
-
create
(region, service_id, publicurl, adminurl=None, internalurl=None)¶ Create a new endpoint.
-
delete
(id)¶ Delete an endpoint.
-
list
()¶ List all available endpoints.
-
keystoneclient.v2_0.extensions module¶
-
class
keystoneclient.v2_0.extensions.
Extension
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents an Identity API extension.
-
class
keystoneclient.v2_0.extensions.
ExtensionManager
(client)¶ Bases:
keystoneclient.base.ManagerWithFind
Manager class for listing Identity API extensions.
-
list
()¶ List all available extensions.
-
keystoneclient.v2_0.roles module¶
-
class
keystoneclient.v2_0.roles.
Role
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents a Keystone role.
-
delete
()¶
-
-
class
keystoneclient.v2_0.roles.
RoleManager
(client)¶ Bases:
keystoneclient.base.ManagerWithFind
Manager class for manipulating Keystone roles.
-
add_user_role
(user, role, tenant=None)¶ Add a role to a user.
If tenant is specified, the role is added just for that tenant, otherwise the role is added globally.
-
create
(name)¶ Create a role.
-
delete
(role)¶ Delete a role.
-
get
(role)¶
-
list
()¶ List all available roles.
-
remove_user_role
(user, role, tenant=None)¶ Remove a role from a user.
If tenant is specified, the role is removed just for that tenant, otherwise the role is removed from the user’s global roles.
-
roles_for_user
(user, tenant=None)¶
-
keystoneclient.v2_0.services module¶
-
class
keystoneclient.v2_0.services.
Service
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents a Keystone service.
-
class
keystoneclient.v2_0.services.
ServiceManager
(client)¶ Bases:
keystoneclient.base.ManagerWithFind
Manager class for manipulating Keystone services.
-
create
(name, service_type, description=None)¶ Create a new service.
-
delete
(id)¶ Delete a service.
-
get
(id)¶ Retrieve a service by id.
-
list
()¶ List available services.
-
keystoneclient.v2_0.tenants module¶
-
class
keystoneclient.v2_0.tenants.
Tenant
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents a Keystone tenant.
- Attributes:
id: a uuid that identifies the tenant
name: tenant name
description: tenant description
enabled: boolean to indicate if tenant is enabled
-
add_user
(user, role)¶
-
delete
()¶
-
list_users
()¶
-
remove_user
(user, role)¶
-
update
(name=None, description=None, enabled=None)¶
-
class
keystoneclient.v2_0.tenants.
TenantManager
(client, role_manager, user_manager)¶ Bases:
keystoneclient.base.ManagerWithFind
Manager class for manipulating Keystone tenants.
-
add_user
(tenant, user, role)¶ Add a user to a tenant with the given role.
-
create
(tenant_name, description=None, enabled=True, **kwargs)¶ Create a new tenant.
-
delete
(tenant)¶ Delete a tenant.
-
get
(tenant_id)¶
-
list
(limit=None, marker=None)¶ Get a list of tenants.
- Parameters
limit (integer) – maximum number to return. (optional)
marker (string) – use when specifying a limit and making multiple calls for querying. (optional)
- Return type
list of
Tenant
-
list_users
(tenant)¶ List users for a tenant.
-
remove_user
(tenant, user, role)¶ Remove the specified role from the user on the tenant.
-
update
(tenant_id, tenant_name=None, description=None, enabled=None, **kwargs)¶ Update a tenant with a new name and description.
-
keystoneclient.v2_0.tokens module¶
-
class
keystoneclient.v2_0.tokens.
Token
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
-
property
expires
¶
-
property
id
¶
-
property
tenant
¶
-
property
-
class
keystoneclient.v2_0.tokens.
TokenManager
(client)¶ Bases:
keystoneclient.base.Manager
-
authenticate
(username=None, tenant_id=None, tenant_name=None, password=None, token=None, return_raw=False)¶
-
delete
(token)¶
-
endpoints
(token)¶
-
get_revoked
()¶ Return the revoked tokens response.
The response will be a dict containing ‘signed’ which is a CMS-encoded document.
-
get_token_data
(token)¶ Fetch the data about a token from the identity server.
-
validate_access_info
(token)¶ Validate a token.
- Parameters
token – Token to be validated. This can be an instance of
keystoneclient.access.AccessInfo
or a string token_id.- Return type
-
keystoneclient.v2_0.users module¶
-
class
keystoneclient.v2_0.users.
User
(manager, info, loaded=False)¶ Bases:
keystoneclient.base.Resource
Represents a Keystone user.
-
delete
()¶
-
list_roles
(tenant=None)¶
-
-
class
keystoneclient.v2_0.users.
UserManager
(client, role_manager)¶ Bases:
keystoneclient.base.ManagerWithFind
Manager class for manipulating Keystone users.
-
create
(name, password=None, email=None, tenant_id=None, enabled=True)¶ Create a user.
-
delete
(user)¶ Delete a user.
-
get
(user)¶
-
list
(tenant_id=None, limit=None, marker=None)¶ Get a list of users (optionally limited to a tenant).
- Return type
list of
User
-
list_roles
(user, tenant=None)¶
-
update
(user, **kwargs)¶ Update user data.
Supported arguments include
name
,email
, andenabled
.
-
update_enabled
(user, enabled)¶ Update enabled-ness.
-
update_own_password
(origpasswd, passwd)¶ Update password.
-
update_password
(user, password)¶ Update password.
-
update_tenant
(user, tenant)¶ Update default tenant.
-