keystone.assignment.backends package

Submodules

keystone.assignment.backends.kvs module

class keystone.assignment.backends.kvs.Assignment(*args, **kwargs)[source]

Bases: keystone.common.kvs.legacy.Base, keystone.assignment.core.Driver

KVS Assignment backend.

This backend uses the following mappings to store data:

  • Domains:
    • domain_list -> [domain_id, ...]
    • domain-{id} -> domain_ref
    • domain_name-{name} -> domain_ref
  • Projects:
    • tenant-{id} -> project_ref
    • tenant_name-{name} -> project_ref
  • Roles:
    • role_list -> [role_id, ...]
    • role-{id} -> role_ref
  • Role assignments:
    • metadata_user-{target}-{user_id} -> {‘roles’: [{‘id’: role-id, ...}, ...]}
    • metadata_group-{target}-{group_id} -> {‘roles’: [{‘id’: role-id, ...}, ...]}
add_role_to_user_and_project(user_id, tenant_id, role_id)[source]
create_domain(domain_id, domain)[source]
create_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
create_project(tenant_id, tenant)[source]
create_role(role_id, role)[source]
delete_domain(domain_id)[source]
delete_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
delete_group(group_id)[source]

Deletes all assignments for a group.

Raises:keystone.exception.RoleNotFound
delete_project(tenant_id)[source]
delete_role(role_id)[source]
delete_user(user_id)[source]

Deletes all assignments for a user.

Raises:keystone.exception.RoleNotFound
get_domain(domain_id)[source]
get_domain_by_name(domain_name)[source]
get_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
get_group_project_roles(groups, project_id, project_domain_id)[source]
get_project(tenant_id)[source]
get_project_by_name(tenant_name, domain_id)[source]
get_role(role_id)[source]
get_roles_for_groups(group_ids, project_id=None, domain_id=None)[source]
list_domains(hints)[source]
list_domains_for_groups(group_ids)[source]
list_domains_for_user(user_id, group_ids, hints)[source]
list_grants(user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
list_projects(hints)[source]
list_projects_for_groups(group_ids)[source]
list_projects_for_user(user_id, group_ids, hints)[source]
list_projects_in_domain(domain_id)[source]
list_role_assignments()[source]

List the role assignments.

We enumerate the metadata entries and extract the targets, actors, and roles.

list_roles(hints)[source]
list_user_ids_for_project(tenant_id)[source]
remove_role_from_user_and_project(user_id, tenant_id, role_id)[source]
update_domain(domain_id, domain)[source]
update_project(tenant_id, tenant)[source]
update_role(role_id, role)[source]

keystone.assignment.backends.ldap module

keystone.assignment.backends.sql module

class keystone.assignment.backends.sql.Assignment[source]

Bases: keystone.assignment.core.Driver

add_role_to_user_and_project(user_id, tenant_id, role_id)[source]
create_domain(*args, **kwargs)[source]
create_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
create_project(*args, **kwargs)[source]
create_role(*args, **kwargs)[source]
delete_domain(domain_id)[source]
delete_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
delete_group(group_id)[source]
delete_project(*args, **kwargs)[source]
delete_role(role_id)[source]
delete_user(user_id)[source]
get_domain(domain_id)[source]
get_domain_by_name(domain_name)[source]
get_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
get_group_project_roles(groups, project_id, project_domain_id)[source]
get_project(tenant_id)[source]
get_project_by_name(tenant_name, domain_id)[source]
get_role(role_id)[source]
get_roles_for_groups(group_ids, project_id=None, domain_id=None)[source]
list_domains(hints, *args, **kwargs)[source]
list_domains_for_groups(group_ids)[source]
list_domains_for_user(user_id, group_ids, hints)[source]
list_grants(user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
list_projects(hints, *args, **kwargs)[source]
list_projects_for_groups(group_ids)[source]
list_projects_for_user(user_id, group_ids, hints)[source]
list_projects_in_domain(domain_id)[source]
list_role_assignments()[source]
list_roles(hints, *args, **kwargs)[source]
list_user_ids_for_project(tenant_id)[source]
remove_role_from_user_and_project(user_id, tenant_id, role_id)[source]
update_domain(*args, **kwargs)[source]
update_project(*args, **kwargs)[source]
update_role(*args, **kwargs)[source]
class keystone.assignment.backends.sql.AssignmentType[source]
GROUP_DOMAIN = 'GroupDomain'
GROUP_PROJECT = 'GroupProject'
USER_DOMAIN = 'UserDomain'
USER_PROJECT = 'UserProject'
class keystone.assignment.backends.sql.Domain(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

attributes = ['id', 'name', 'enabled']
enabled
extra
id
name
class keystone.assignment.backends.sql.Project(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

attributes = ['id', 'name', 'domain_id', 'description', 'enabled']
description
domain_id
enabled
extra
id
name
class keystone.assignment.backends.sql.Role(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

attributes = ['id', 'name']
extra
id
name
class keystone.assignment.backends.sql.RoleAssignment(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

actor_id
attributes = ['type', 'actor_id', 'target_id', 'role_id', 'inherited']
inherited
role_id
target_id
to_dict()[source]

Override parent to_dict() method with a simpler implementation.

RoleAssignment doesn’t have non-indexed ‘extra’ attributes, so the parent implementation is not applicable.

type
keystone.assignment.backends.sql.false()

Return a constant False_ construct.

E.g.:

>>> from sqlalchemy import false
>>> print select([t.c.x]).where(false())
SELECT x FROM t WHERE false

A backend which does not support true/false constants will render as an expression against 1 or 0:

>>> print select([t.c.x]).where(false())
SELECT x FROM t WHERE 0 = 1

The true() and false() constants also feature “short circuit” operation within an and_() or or_() conjunction:

>>> print select([t.c.x]).where(or_(t.c.x > 5, true()))
SELECT x FROM t WHERE true

>>> print select([t.c.x]).where(and_(t.c.x > 5, false()))
SELECT x FROM t WHERE false

Changed in version 0.9: true() and false() feature better integrated behavior within conjunctions and on dialects that don’t support true/false constants.

See also

true()

Module contents

Table Of Contents

Previous topic

keystone.assignment package

Next topic

keystone.auth package

This Page

Navigation

© Copyright 2012, OpenStack, LLC. Last updated on 2014.2.4.juno. Created using Sphinx 1.2.3.