keystoneclient Package

keystoneclient Package

access Module

class keystoneclient.access.AccessInfo(*args, **kwargs)

Bases: dict

Encapsulates a raw authentication token from keystone.

Provides helper methods for extracting useful values from that token.

auth_token

Returns the token_id associated with the auth request, to be used in headers for authenticating OpenStack API requests.

Returns:str
auth_url

Returns a tuple of URLs from publicURL and adminURL for the service ‘identity’ from the service catalog associated with the authorization request. If the authentication request wasn’t scoped to a tenant (project), this property will return None.

DEPRECATED: this doesn’t correctly handle region name. You should fetch it from the service catalog yourself.

Returns:tuple of urls
domain_id

Returns the domain id associated with the authentication token.

Returns:str or None (if no domain associated with the token)
domain_name

Returns the domain name associated with the authentication token.

Returns:str or None (if no domain associated with the token)
domain_scoped

Returns true if the authorization token was scoped to a domain.

Returns:bool
expires

Returns the token expiration (as datetime object)

Returns:datetime
classmethod factory(resp=None, body=None, region_name=None, **kwargs)

Create AccessInfo object given a successful auth response & body or a user-provided dict.

has_service_catalog()

Returns true if the authorization token has a service catalog.

Returns:boolean
classmethod is_valid(body, **kwargs)

Determines if processing v2 or v3 token given a successful auth body or a user-provided dict.

Returns:boolean : true if auth body matches implementing class
management_url

Returns the first adminURL for ‘identity’ from the service catalog associated with the authorization request, or None if the authentication request wasn’t scoped to a tenant (project).

DEPRECATED: this doesn’t correctly handle region name. You should fetch it from the service catalog yourself.

Returns:tuple of urls
project_domain_id

Returns the domain id of the project associated with the authentication request.

For v2, it returns ‘default’ if a project is scoped or None which may be different from the keystone configuration.

Returns:str
project_domain_name

Returns the domain name of the project associated with the authentication request.

For v2, it returns ‘Default’ if a project is scoped or None which may be different from the keystone configuration.

Returns:str
project_id

Returns the project ID associated with the authentication request, or None if the authentication request wasn’t scoped to a project.

Returns:str or None (if no project associated with the token)
project_name

Returns the project name associated with the authentication request.

Returns:str or None (if no project associated with the token)
project_scoped
Returns true if the authorization token was scoped to a tenant
(project).
Returns:bool
role_names

Returns a list of role names of the user associated with the authentication request.

Returns:a list of strings of role names
scoped
Returns true if the authorization token was scoped to a tenant

(project), and contains a populated service catalog.

This is deprecated, use project_scoped instead.

Returns:bool
tenant_id

Synonym for project_id.

tenant_name

Synonym for project_name.

trust_id

Returns the trust id associated with the authentication token.

Returns:str or None (if no trust associated with the token)
trust_scoped

Returns true if the authorization token was scoped as delegated in a trust, via the OS-TRUST v3 extension.

Returns:bool
user_domain_id

Returns the domain id of the user associated with the authentication request.

For v2, it always returns ‘default’ which may be different from the Keystone configuration.

Returns:str
user_domain_name

Returns the domain name of the user associated with the authentication request.

For v2, it always returns ‘Default’ which may be different from the Keystone configuration.

Returns:str
user_id

Returns the user id associated with the authentication request.

Returns:str
username

Returns the username associated with the authentication request. Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.

Returns:str
version

Returns the version of the auth token from identity service.

Returns:str
will_expire_soon(stale_duration=None)

Determines if expiration is about to occur.

Returns:boolean : true if expiration is within the given duration
class keystoneclient.access.AccessInfoV2(*args, **kwargs)

Bases: keystoneclient.access.AccessInfo

An object for encapsulating a raw v2 auth token from identity service.

auth_token
auth_url
domain_id
domain_name
domain_scoped
expires
has_service_catalog()
classmethod is_valid(body, **kwargs)
management_url
project_domain_id
project_domain_name
project_id
project_name
project_scoped
role_names
scoped
trust_id
trust_scoped
user_domain_id
user_domain_name
user_id
username
class keystoneclient.access.AccessInfoV3(token, *args, **kwargs)

Bases: keystoneclient.access.AccessInfo

An object for encapsulating a raw v3 auth token from identity service.

auth_token
auth_url
domain_id
domain_name
domain_scoped
expires
has_service_catalog()
classmethod is_valid(body, **kwargs)
management_url
project_domain_id
project_domain_name
project_id
project_name
project_scoped
role_names
scoped
trust_id
trust_scoped
user_domain_id
user_domain_name
user_id
username

base Module

Base utilities to build API operation managers and objects on top of.

class keystoneclient.base.CrudManager(client)

Bases: keystoneclient.base.Manager

Base manager class for manipulating Keystone entities.

Children of this class are expected to define a collection_key and key.

  • collection_key: Usually a plural noun by convention (e.g. entities); used to refer collections in both URL’s (e.g. /v3/entities) and JSON objects containing a list of member resources (e.g. {‘entities’: [{}, {}, {}]}).
  • key: Usually a singular noun by convention (e.g. entity); used to refer to an individual member of the collection.
base_url = None
build_url(dict_args_in_out=None)

Builds a resource URL for the given kwargs.

Given an example collection where collection_key = ‘entities’ and key = ‘entity’, the following URL’s could be generated.

By default, the URL will represent a collection of entities, e.g.:

/entities

If kwargs contains an entity_id, then the URL will represent a specific member, e.g.:

/entities/{entity_id}

If a base_url is provided, the generated URL will be appended to it.

collection_key = None
create(*args, **kwargs)
delete(*args, **kwargs)
find(*args, **kwargs)

Find a single item with attributes matching **kwargs.

get(*args, **kwargs)
head(*args, **kwargs)
key = None
list(*args, **kwargs)
put(*args, **kwargs)
update(*args, **kwargs)
class keystoneclient.base.Manager(client)

Bases: object

Basic manager type providing common operations.

Managers interact with a particular type of API (servers, flavors, images, etc.) and provide CRUD operations for them.

api

Deprecated. Use client instead.

resource_class = None
class keystoneclient.base.ManagerWithFind(client)

Bases: keystoneclient.base.Manager

Manager with additional find()/findall() methods.

find(**kwargs)

Find a single item with attributes matching **kwargs.

This isn’t very efficient: it loads the entire list then filters on the Python side.

findall(**kwargs)

Find all items with attributes matching **kwargs.

This isn’t very efficient: it loads the entire list then filters on the Python side.

list()
class keystoneclient.base.Resource(manager, info, loaded=False)

Bases: keystoneclient.openstack.common.apiclient.base.Resource

Base class for OpenStack resources (tenant, user, etc.).

This is pretty much just a bag for attributes.

delete()
keystoneclient.base.filter_kwargs(f)
keystoneclient.base.getid(obj)

Return id if argument is a Resource.

Abstracts the common pattern of allowing both an object or an object’s ID (UUID) as a parameter when dealing with relationships.

baseclient Module

class keystoneclient.baseclient.Client(session)

Bases: object

delete(url, **kwargs)
get(url, **kwargs)
head(url, **kwargs)
patch(url, **kwargs)
post(url, **kwargs)
put(url, **kwargs)
request(url, method, **kwargs)

client Module

keystoneclient.client.Client(version=None, unstable=False, session=None, **kwargs)

Factory function to create a new identity service client.

Parameters:
  • version (tuple) – The required version of the identity API. If specified the client will be selected such that the major version is equivalent and an endpoint provides at least the specified minor version. For example to specify the 3.1 API use (3, 1).
  • unstable (bool) – Accept endpoints not marked as ‘stable’. (optional)
  • session (Session) – A session object to be used for communication. If one is not provided it will be constructed from the provided kwargs. (optional)
  • kwargs – Additional arguments are passed through to the client that is being created.
Returns:

New keystone client object (keystoneclient.v2_0.Client or keystoneclient.v3.Client).

Raises :

DiscoveryFailure if the server’s response is invalid

Raises :

VersionNotAvailable if a suitable client cannot be found.

discover Module

class keystoneclient.discover.Discover(session=None, **kwargs)

Bases: object

A means to discover and create clients depending on the supported API versions on the server.

Querying the server is done on object creation and every subsequent method operates upon the data that was retrieved.

available_versions(unstable=False)

Return a list of identity APIs available on the server and the data associated with them.

Parameters:unstable (bool) – Accept endpoints not marked ‘stable’. (optional)
Returns:A List of dictionaries as presented by the server. Each dict will contain the version and the URL to use for the version. It is a direct representation of the layout presented by the identity API.

Example:

>>> from keystoneclient import discover
>>> disc = discover.Discovery(auth_url='http://localhost:5000')
>>> disc.available_versions()
    [{'id': 'v3.0',
        'links': [{'href': u'http://127.0.0.1:5000/v3/',
                   'rel': u'self'}],
      'media-types': [
          {'base': 'application/json',
           'type': 'application/vnd.openstack.identity-v3+json'},
          {'base': 'application/xml',
           'type': 'application/vnd.openstack.identity-v3+xml'}],
      'status': 'stable',
      'updated': '2013-03-06T00:00:00Z'},
     {'id': 'v2.0',
      'links': [{'href': u'http://127.0.0.1:5000/v2.0/',
                 'rel': u'self'},
                {'href': u'...',
                 'rel': u'describedby',
                 'type': u'application/pdf'}],
      'media-types': [
          {'base': 'application/json',
           'type': 'application/vnd.openstack.identity-v2.0+json'},
          {'base': 'application/xml',
           'type': 'application/vnd.openstack.identity-v2.0+xml'}],
      'status': 'stable',
      'updated': '2013-03-06T00:00:00Z'}]
create_client(version=None, **kwargs)

Factory function to create a new identity service client.

Parameters:
  • version (tuple) – The required version of the identity API. If specified the client will be selected such that the major version is equivalent and an endpoint provides at least the specified minor version. For example to specify the 3.1 API use (3, 1). (optional)
  • unstable (bool) – Accept endpoints not marked ‘stable’. (optional)
  • kwargs – Additional arguments will override those provided to this object’s constructor.
Returns:

An instantiated identity client object.

Raises :

DiscoveryFailure if the server response is invalid

Raises :

VersionNotAvailable if a suitable client cannot be found.

keystoneclient.discover.available_versions(url, session=None, **kwargs)

exceptions Module

Exception definitions.

exception keystoneclient.exceptions.CertificateConfigError(output)

Bases: exceptions.Exception

Error reading the certificate

exception keystoneclient.exceptions.DiscoveryFailure

Bases: keystoneclient.openstack.common.apiclient.exceptions.ClientException

Discovery of client versions failed.

exception keystoneclient.exceptions.EmptyCatalog

Bases: keystoneclient.openstack.common.apiclient.exceptions.EndpointNotFound

The service catalog is empty.

exception keystoneclient.exceptions.MissingAuthPlugin

Bases: keystoneclient.openstack.common.apiclient.exceptions.ClientException

An authenticated request is required but no plugin available.

exception keystoneclient.exceptions.NoMatchingPlugin

Bases: keystoneclient.openstack.common.apiclient.exceptions.ClientException

There were no auth plugins that could be created from the parameters provided.

exception keystoneclient.exceptions.SSLError

Bases: keystoneclient.openstack.common.apiclient.exceptions.ConnectionRefused

An SSL error occurred.

exception keystoneclient.exceptions.VersionNotAvailable

Bases: keystoneclient.exceptions.DiscoveryFailure

Discovery failed as the version you requested is not available.

httpclient Module

OpenStack Client interface. Handles the REST calls and responses.

class keystoneclient.httpclient.HTTPClient(*args, **kwargs)

Bases: keystoneclient.baseclient.Client, keystoneclient.auth.base.BaseAuthPlugin

auth_token
authenticate(*args, **kwargs)

Authenticate user.

Uses the data provided at instantiation to authenticate against the Identity server. This may use either a username and password or token for authentication. If a tenant name or id was provided then the resulting authenticated client will be scoped to that tenant and contain a service catalog of available endpoints.

With the v2.0 API, if a tenant name or ID is not provided, the authentication token returned will be ‘unscoped’ and limited in capabilities until a fully-scoped token is acquired.

With the v3 API, if a domain name or id was provided then the resulting authenticated client will be scoped to that domain. If a project name or ID is not provided, and the authenticating user has a default project configured, the authentication token returned will be ‘scoped’ to the default project. Otherwise, the authentication token returned will be ‘unscoped’ and limited in capabilities until a fully-scoped token is acquired.

With the v3 API, with the OS-TRUST extension enabled, the trust_id can be provided to allow project-specific role delegation between users

If successful, sets the self.auth_ref and self.auth_token with the returned token. If not already set, will also set self.management_url from the details provided in the token.

Returns:True if authentication was successful.
Raises :AuthorizationFailure if unable to authenticate or validate the existing authorization token
Raises :ValueError if insufficient parameters are used.

If keyring is used, token is retrieved from keyring instead. Authentication will only be necessary if any of the following conditions are met:

  • keyring is not used
  • if token is not found in keyring
  • if token retrieved from keyring is expired or about to expired (as determined by stale_duration)
  • if force_new_token is true
delete(url, **kwargs)
deprecated_session_variables = {'original_ip': None, 'cert': None, 'verify_cert': 'verify', 'timeout': None}
get(url, **kwargs)
get_auth_ref_from_keyring(**kwargs)

Retrieve auth_ref from keyring.

If auth_ref is found in keyring, (keyring_key, auth_ref) is returned. Otherwise, (keyring_key, None) is returned.

Returns:(keyring_key, auth_ref) or (keyring_key, None)
Returns:or (None, None) if use_keyring is not set in the object
get_endpoint(session, interface=None, **kwargs)
get_raw_token_from_identity_service(*args, **kwargs)

Authenticate against the Identity API and get a token.

Not implemented here because auth protocols should be API version-specific.

Expected to authenticate or validate an existing authentication reference already associated with the client. Invoking this call always makes a call to the Identity service.

Returns:(resp, body)
get_token(session, **kwargs)
has_service_catalog()

Returns True if this client provides a service catalog.

head(url, **kwargs)
management_url
patch(url, **kwargs)
post(url, **kwargs)
process_token(region_name=None)

Extract and process information from the new auth_ref.

And set the relevant authentication information.

put(url, **kwargs)
request(url, method, **kwargs)

Send an http request with the specified characteristics.

Wrapper around requests.request to handle tasks such as setting headers, JSON encoding/decoding, and error handling.

serialize(entity)
service_catalog

Returns this client’s service catalog.

store_auth_ref_into_keyring(keyring_key)

Store auth_ref into keyring.

tenant_id

Provide read-only backwards compatibility for tenant_id. This is deprecated, use project_id instead.

tenant_name

Provide read-only backwards compatibility for tenant_name. This is deprecated, use project_name instead.

service_catalog Module

class keystoneclient.service_catalog.ServiceCatalog(region_name=None)

Bases: object

Helper methods for dealing with a Keystone Service Catalog.

classmethod factory(resource_dict, token=None, region_name=None)

Create ServiceCatalog object given a auth token.

get_data()

Get the raw catalog structure.

Get the version dependent catalog structure as it is presented within the resource.

Returns:list containing raw catalog data entries or None
get_endpoints(service_type=None, endpoint_type=None, region_name=None, service_name=None)

Fetch and filter endpoints for the specified service(s).

Returns endpoints for the specified service (or all) containing the specified type (or all) and region (or all) and service name.

If there is no name in the service catalog the service_name check will be skipped. This allows compatibility with services that existed before the name was available in the catalog.

get_token()

Fetch token details from service catalog.

Returns a dictionary containing the following:

- `id`: Token's ID
- `expires`: Token's expiration
- `user_id`: Authenticated user's ID
- `tenant_id`: Authorized project's ID
- `domain_id`: Authorized domain's ID
get_urls(*args, **kwargs)

Fetch endpoint urls from the service catalog.

Fetch the endpoints from the service catalog for a particular endpoint attribute. If no attribute is given, return the first endpoint of the specified type.

Parameters:
  • attr (string) – Endpoint attribute name.
  • filter_value (string) – Endpoint attribute value.
  • service_type (string) – Service type of the endpoint.
  • endpoint_type (string) – Type of endpoint. Possible values: public or publicURL, internal or internalURL, admin or adminURL
  • region_name (string) – Region of the endpoint.
  • service_name (string) – The assigned name of the service.
Returns:

tuple of urls or None (if no match found)

region_name
url_for(*args, **kwargs)

Fetch an endpoint from the service catalog.

Fetch the specified endpoint from the service catalog for a particular endpoint attribute. If no attribute is given, return the first endpoint of the specified type.

Valid endpoint types: public or publicURL,
internal or internalURL, admin or ‘adminURL`
Parameters:
  • attr (string) – Endpoint attribute name.
  • filter_value (string) – Endpoint attribute value.
  • service_type (string) – Service type of the endpoint.
  • endpoint_type (string) – Type of endpoint.
  • region_name (string) – Region of the endpoint.
  • service_name (string) – The assigned name of the service.

:

class keystoneclient.service_catalog.ServiceCatalogV2(resource_dict, region_name=None)

Bases: keystoneclient.service_catalog.ServiceCatalog

An object for encapsulating the service catalog using raw v2 auth token from Keystone.

get_data()
get_token()
get_urls(*args, **kwargs)
classmethod is_valid(resource_dict)
class keystoneclient.service_catalog.ServiceCatalogV3(token, resource_dict, region_name=None)

Bases: keystoneclient.service_catalog.ServiceCatalog

An object for encapsulating the service catalog using raw v3 auth token from Keystone.

get_data()
get_token()
get_urls(*args, **kwargs)
classmethod is_valid(resource_dict)

session Module

class keystoneclient.session.Session(*args, **kwargs)

Bases: object

DEFAULT_REDIRECT_LIMIT = 30
REDIRECT_STATUSES = (301, 302, 303, 305, 307)
classmethod construct(kwargs)

Handles constructing a session from the older HTTPClient args as well as the new request style arguments.

DEPRECATED: This function is purely for bridging the gap between older client arguments and the session arguments that they relate to. It is not intended to be used as a generic Session Factory.

This function purposefully modifies the input kwargs dictionary so that the remaining kwargs dict can be reused and passed on to other functionswithout session arguments.

delete(url, **kwargs)
get(url, **kwargs)
get_endpoint(auth=None, **kwargs)

Get an endpoint as provided by the auth plugin.

Parameters:auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional)
Raises MissingAuthPlugin:
 if a plugin is not available.
Returns string:An endpoint if available or None.
get_token(auth=None)

Return a token as provided by the auth plugin.

Parameters:auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional)
Raises AuthorizationFailure:
 if a new token fetch fails.
Returns string:A valid token.
head(url, **kwargs)
patch(url, **kwargs)
post(url, **kwargs)
put(url, **kwargs)
request(*args, **kwargs)

Send an HTTP request with the specified characteristics.

Wrapper around requests.Session.request to handle tasks such as setting headers, JSON encoding/decoding, and error handling.

Arguments that are not handled are passed through to the requests library.

Parameters:
  • url (string) – Path or fully qualified URL of HTTP request. If only a path is provided then endpoint_filter must also be provided such that the base URL can be determined. If a fully qualified URL is provided then endpoint_filter will be ignored.
  • method (string) – The http method to use. (eg. ‘GET’, ‘POST’)
  • original_ip (string) – Mark this request as forwarded for this ip. (optional)
  • headers (dict) – Headers to be included in the request. (optional)
  • json – Some data to be represented as JSON. (optional)
  • user_agent (string) – A user_agent to use for the request. If present will override one present in headers. (optional)
  • redirect (int/bool) – the maximum number of redirections that can be followed by a request. Either an integer for a specific count or True/False for forever/never. (optional)
  • authenticated (bool) – True if a token should be attached to this request, False if not or None for attach if an auth_plugin is available. (optional, defaults to None)
  • endpoint_filter (dict) – Data to be provided to an auth plugin with which it should be able to determine an endpoint to use for this request. If not provided then URL is expected to be a fully qualified URL. (optional)
  • auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use when authenticating this request. This will override the plugin that is attached to the session (if any). (optional)
  • requests_auth (requests.auth.AuthBase) – A requests library auth plugin that cannot be passed via kwarg because the auth kwarg collides with our own auth plugins. (optional)
  • raise_exc (bool) – If True then raise an appropriate exception for failed HTTP requests. If False then return the request object. (optional, default True)
  • kwargs – any other parameter that can be passed to requests.Session.request (such as headers). Except: ‘data’ will be overwritten by the data in ‘json’ param. ‘allow_redirects’ is ignored as redirects are handled by the session.
Raises exceptions.ClientException:
 

For connection failure, or to indicate an error response code.

Returns:

The response to the request.

user_agent = None
keystoneclient.session.request(url, method='GET', **kwargs)

shell Module

Pending deprecation: Command-line interface to the OpenStack Identity API.

This CLI is pending deprecation in favor of python-openstackclient. For a Python library, continue using python-keystoneclient.

class keystoneclient.shell.OpenStackHelpFormatter(prog, indent_increment=2, max_help_position=24, width=None)

Bases: argparse.HelpFormatter

start_section(heading)
class keystoneclient.shell.OpenStackIdentityShell(parser_class=<class 'argparse.ArgumentParser'>)

Bases: object

auth_check(args)
do_bash_completion(args)

Prints all of the commands and options to stdout.

The keystone.bash_completion script doesn’t have to hard code them.

do_help(args)

Display help about this program or one of its subcommands.

get_api_class(version)
get_base_parser()
get_subcommand_parser(version)
main(argv)
keystoneclient.shell.env(*vars, **kwargs)

Search for the first defined of possibly many env vars

Returns the first environment variable defined in vars, or returns the default defined in kwargs.

keystoneclient.shell.main()
keystoneclient.shell.positive_non_zero_float(argument_value)

utils Module

keystoneclient.utils.arg(*args, **kwargs)
keystoneclient.utils.find_resource(manager, name_or_id)

Helper for the _find_* methods.

keystoneclient.utils.hash_signed_token(signed_text, mode='md5')
keystoneclient.utils.isunauthenticated(f)

Checks to see if the function is marked as not requiring authentication with the @unauthenticated decorator.

Returns True if decorator is set to True, False otherwise.

class keystoneclient.utils.positional(max_positional_args=None, enforcement='except')

Bases: object

A decorator which enforces only some args may be passed positionally.

This idea and some of the code was taken from the oauth2 client of the google-api client.

This decorator makes it easy to support Python 3 style key-word only parameters. For example, in Python 3 it is possible to write:

def fn(pos1, *, kwonly1, kwonly2=None):
    ...

All named parameters after * must be a keyword:

fn(10, 'kw1', 'kw2')  # Raises exception.
fn(10, kwonly1='kw1', kwonly2='kw2')  # Ok.

To replicate this behaviour with the positional decorator you simply specify how many arguments may be passed positionally. To replicate the example above:

@positional(1)
def fn(pos1, kwonly1=None, kwonly2=None):
    ...

If no default value is provided to a keyword argument, it becomes a required keyword argument:

@positional(0)
def fn(required_kw):
    ...

This must be called with the keyword parameter:

fn()  # Raises exception.
fn(10)  # Raises exception.
fn(required_kw=10)  # Ok.

When defining instance or class methods always remember that in python the first positional argument passed is always the instance so you will need to account for self and cls:

class MyClass(object):

    @positional(2)
    def my_method(self, pos1, kwonly1=None):
        ...

    @classmethod
    @positional(2)
    def my_method(cls, pos1, kwonly1=None):
        ...

If you would prefer not to account for self and cls you can use the method and classmethod helpers which do not consider the initial positional argument. So the following class is exactly the same as the one above:

class MyClass(object):

    @positional.method(1)
    def my_method(self, pos1, kwonly1=None):
        ...

    @positional.classmethod(1)
    def my_method(cls, pos1, kwonly1=None):
        ...

If a value isn’t provided to the decorator then it will enforce that every variable without a default value will be required to be a kwarg:

@positional()
def fn(pos1, kwonly1=None):
    ...

fn(10)  # Ok.
fn(10, 20)  # Raises exception.
fn(10, kwonly1=20)  # Ok.

This behaviour will work with the positional.method and positional.classmethod helper functions as well:

class MyClass(object):

    @positional.classmethod()
    def my_method(cls, pos1, kwonly1=None):
        ...

MyClass.my_method(10)  # Ok.
MyClass.my_method(10, 20)  # Raises exception.
MyClass.my_method(10, kwonly1=20)  # Ok.

For compatibility reasons you may wish to not always raise an exception so a WARN mode is available. Rather than raise an exception a warning message will be logged:

@positional(1, enforcement=positional.WARN):
def fn(pos1, kwonly=1):
   ...

Available modes are:

  • positional.EXCEPT - the default, raise an exception.
  • positional.WARN - log a warning on mistake.
EXCEPT = 'except'
WARN = 'warn'
classmethod classmethod(*args, **kwargs)
classmethod method(max_positional_args=None, enforcement='except')
keystoneclient.utils.pretty_choice_list(l)
keystoneclient.utils.print_dict(d, wrap=0)

pretty table prints dictionaries.

Wrap values to max_length wrap if wrap>0

keystoneclient.utils.print_list(objs, fields, formatters={}, order_by=None)
keystoneclient.utils.prompt_for_password()

Prompt user for password if not provided so the password doesn’t show up in the bash history.

keystoneclient.utils.unauthenticated(f)

Adds ‘unauthenticated’ attribute to decorated function.

Usage:

@unauthenticated
def mymethod(f):
    ...

Subpackages