Workflow Logic the Identity service.
-
class keystone.identity.controllers.CredentialV3(*args, **kwargs)
Bases: keystone.common.controller.V3Controller
-
collection_name = 'credentials'
-
create_credential(context, **kwargs)
-
delete_credential(context, **kwargs)
-
get_credential(context, **kwargs)
-
list_credentials(context, **kwargs)
-
member_name = 'credential'
-
update_credential(context, **kwargs)
-
class keystone.identity.controllers.DomainV3(*args, **kwargs)
Bases: keystone.common.controller.V3Controller
-
collection_name = 'domains'
-
create_domain(context, **kwargs)
-
delete_domain(context, **kwargs)
-
get_domain(context, **kwargs)
-
list_domains(context, **kwargs)
-
member_name = 'domain'
-
update_domain(context, **kwargs)
-
class keystone.identity.controllers.GroupV3(*args, **kwargs)
Bases: keystone.common.controller.V3Controller
-
collection_name = 'groups'
-
create_group(context, **kwargs)
-
delete_group(context, **kwargs)
-
get_group(context, **kwargs)
-
list_groups(context, **kwargs)
-
list_groups_for_user(context, **kwargs)
-
member_name = 'group'
-
update_group(context, **kwargs)
-
class keystone.identity.controllers.ProjectV3(*args, **kwargs)
Bases: keystone.common.controller.V3Controller
-
collection_name = 'projects'
-
create_project(context, **kwargs)
-
delete_project(context, **kwargs)
-
get_project(context, **kwargs)
-
list_projects(context, **kwargs)
-
list_user_projects(context, **kwargs)
-
member_name = 'project'
-
update_project(context, **kwargs)
-
class keystone.identity.controllers.Role(*args, **kwargs)
Bases: keystone.common.controller.V2Controller
-
add_role_to_user(context, user_id, role_id, tenant_id=None)
Add a role to a user and tenant pair.
Since we’re trying to ignore the idea of user-only roles we’re
not implementing them in hopes that the idea will die off.
-
create_role(context, role)
-
create_role_ref(context, user_id, role)
This is actually used for adding a user to a tenant.
In the legacy data model adding a user to a tenant required setting
a role.
-
delete_role(context, role_id)
-
delete_role_ref(context, user_id, role_ref_id)
This is actually used for deleting a user from a tenant.
In the legacy data model removing a user from a tenant required
deleting a role.
To emulate this, we encode the tenant and role in the role_ref_id,
and if this happens to be the last role for the user-tenant pair,
we remove the user from the tenant.
-
get_role(context, role_id)
-
get_role_refs(context, user_id)
Ultimate hack to get around having to make role_refs first-class.
This will basically iterate over the various roles the user has in
all tenants the user is a member of and create fake role_refs where
the id encodes the user-tenant-role information so we can look
up the appropriate data when we need to delete them.
-
get_roles(context)
-
get_user_roles(context, user_id, tenant_id=None)
Get the roles for a user and tenant pair.
Since we’re trying to ignore the idea of user-only roles we’re
not implementing them in hopes that the idea will die off.
-
remove_role_from_user(context, user_id, role_id, tenant_id=None)
Remove a role from a user and tenant pair.
Since we’re trying to ignore the idea of user-only roles we’re
not implementing them in hopes that the idea will die off.
-
class keystone.identity.controllers.RoleV3(*args, **kwargs)
Bases: keystone.common.controller.V3Controller
-
check_grant(context, **kwargs)
Checks if a role has been granted on either a domain or project.
-
collection_name = 'roles'
-
create_grant(context, **kwargs)
Grants a role to a user or group on either a domain or project.
-
create_role(context, **kwargs)
-
delete_role(context, **kwargs)
-
get_role(context, **kwargs)
-
list_grants(context, **kwargs)
Lists roles granted to user/group on either a domain or project.
-
list_roles(context, **kwargs)
-
member_name = 'role'
-
revoke_grant(context, **kwargs)
Revokes a role from user/group on either a domain or project.
-
update_role(context, **kwargs)
-
class keystone.identity.controllers.Tenant(*args, **kwargs)
Bases: keystone.common.controller.V2Controller
-
create_project(context, tenant)
-
delete_project(context, tenant_id)
-
get_all_projects(context, **kw)
Gets a list of all tenants for an admin user.
-
get_project(context, tenant_id)
-
get_project_by_name(context, tenant_name)
-
get_project_users(context, tenant_id, **kw)
-
get_projects_for_token(context, **kw)
Get valid tenants for token based on token used to authenticate.
Pulls the token from the context, validates it and gets the valid
tenants for the user in the token.
Doesn’t care about token scopedness.
-
update_project(context, tenant_id, tenant)
-
class keystone.identity.controllers.User(*args, **kwargs)
Bases: keystone.common.controller.V2Controller
-
create_user(context, user)
-
delete_user(context, user_id)
-
get_user(context, user_id)
-
get_user_by_name(context, user_name)
-
get_users(context)
-
set_user_enabled(context, user_id, user)
-
set_user_password(context, user_id, user)
-
update_user(context, user_id, user)
-
update_user_project(context, user_id, user)
Update the default tenant.
-
class keystone.identity.controllers.UserV3(*args, **kwargs)
Bases: keystone.common.controller.V3Controller
-
add_user_to_group(context, **kwargs)
-
check_user_in_group(context, **kwargs)
-
collection_name = 'users'
-
create_user(context, **kwargs)
-
delete_user(context, **kwargs)
-
get_user(context, **kwargs)
-
list_users(context, **kwargs)
-
list_users_in_group(context, **kwargs)
-
member_name = 'user'
-
remove_user_from_group(context, **kwargs)
-
update_user(context, **kwargs)