The keystone.identity.controllers Module

Workflow Logic the Identity service.

class keystone.identity.controllers.CredentialV3(*args, **kwargs)

Bases: keystone.common.controller.V3Controller

collection_name = 'credentials'
create_credential(context, **kwargs)
delete_credential(context, **kwargs)
get_credential(context, **kwargs)
list_credentials(context, **kwargs)
member_name = 'credential'
update_credential(context, **kwargs)
class keystone.identity.controllers.DomainV3(*args, **kwargs)

Bases: keystone.common.controller.V3Controller

collection_name = 'domains'
create_domain(context, **kwargs)
delete_domain(context, **kwargs)
get_domain(context, **kwargs)
list_domains(context, **kwargs)
member_name = 'domain'
update_domain(context, **kwargs)
class keystone.identity.controllers.GroupV3(*args, **kwargs)

Bases: keystone.common.controller.V3Controller

collection_name = 'groups'
create_group(context, **kwargs)
delete_group(context, **kwargs)
get_group(context, **kwargs)
list_groups(context, **kwargs)
list_groups_for_user(context, **kwargs)
member_name = 'group'
update_group(context, **kwargs)
class keystone.identity.controllers.ProjectV3(*args, **kwargs)

Bases: keystone.common.controller.V3Controller

collection_name = 'projects'
create_project(context, **kwargs)
delete_project(context, **kwargs)
get_project(context, **kwargs)
list_projects(context, **kwargs)
list_user_projects(context, **kwargs)
member_name = 'project'
update_project(context, **kwargs)
class keystone.identity.controllers.Role(*args, **kwargs)

Bases: keystone.common.controller.V2Controller

add_role_to_user(context, user_id, role_id, tenant_id=None)

Add a role to a user and tenant pair.

Since we’re trying to ignore the idea of user-only roles we’re not implementing them in hopes that the idea will die off.

create_role(context, role)
create_role_ref(context, user_id, role)

This is actually used for adding a user to a tenant.

In the legacy data model adding a user to a tenant required setting a role.

delete_role(context, role_id)
delete_role_ref(context, user_id, role_ref_id)

This is actually used for deleting a user from a tenant.

In the legacy data model removing a user from a tenant required deleting a role.

To emulate this, we encode the tenant and role in the role_ref_id, and if this happens to be the last role for the user-tenant pair, we remove the user from the tenant.

get_role(context, role_id)
get_role_refs(context, user_id)

Ultimate hack to get around having to make role_refs first-class.

This will basically iterate over the various roles the user has in all tenants the user is a member of and create fake role_refs where the id encodes the user-tenant-role information so we can look up the appropriate data when we need to delete them.

get_roles(context)
get_user_roles(context, user_id, tenant_id=None)

Get the roles for a user and tenant pair.

Since we’re trying to ignore the idea of user-only roles we’re not implementing them in hopes that the idea will die off.

remove_role_from_user(context, user_id, role_id, tenant_id=None)

Remove a role from a user and tenant pair.

Since we’re trying to ignore the idea of user-only roles we’re not implementing them in hopes that the idea will die off.

class keystone.identity.controllers.RoleV3(*args, **kwargs)

Bases: keystone.common.controller.V3Controller

check_grant(context, **kwargs)

Checks if a role has been granted on either a domain or project.

collection_name = 'roles'
create_grant(context, **kwargs)

Grants a role to a user or group on either a domain or project.

create_role(context, **kwargs)
delete_role(context, **kwargs)
get_role(context, **kwargs)
list_grants(context, **kwargs)

Lists roles granted to user/group on either a domain or project.

list_roles(context, **kwargs)
member_name = 'role'
revoke_grant(context, **kwargs)

Revokes a role from user/group on either a domain or project.

update_role(context, **kwargs)
class keystone.identity.controllers.Tenant(*args, **kwargs)

Bases: keystone.common.controller.V2Controller

create_project(context, tenant)
delete_project(context, tenant_id)
get_all_projects(context, **kw)

Gets a list of all tenants for an admin user.

get_project(context, tenant_id)
get_project_by_name(context, tenant_name)
get_project_users(context, tenant_id, **kw)
get_projects_for_token(context, **kw)

Get valid tenants for token based on token used to authenticate.

Pulls the token from the context, validates it and gets the valid tenants for the user in the token.

Doesn’t care about token scopedness.

update_project(context, tenant_id, tenant)
class keystone.identity.controllers.User(*args, **kwargs)

Bases: keystone.common.controller.V2Controller

create_user(context, user)
delete_user(context, user_id)
get_user(context, user_id)
get_user_by_name(context, user_name)
get_users(context)
set_user_enabled(context, user_id, user)
set_user_password(context, user_id, user)
update_user(context, user_id, user)
update_user_project(context, user_id, user)

Update the default tenant.

class keystone.identity.controllers.UserV3(*args, **kwargs)

Bases: keystone.common.controller.V3Controller

add_user_to_group(context, **kwargs)
check_user_in_group(context, **kwargs)
collection_name = 'users'
create_user(context, **kwargs)
delete_user(context, **kwargs)
get_user(context, **kwargs)
list_users(context, **kwargs)
list_users_in_group(context, **kwargs)
member_name = 'user'
remove_user_from_group(context, **kwargs)
update_user(context, **kwargs)

Previous topic

The keystone.identity.backends.sql Module

Next topic

The keystone.identity.core Module

This Page