v2_0 Package

v2_0 Package

client Module

class keystoneclient.v2_0.client.Client(**kwargs)

Bases: keystoneclient.httpclient.HTTPClient

Client for the OpenStack Keystone v2.0 API.

Parameters:

• username (string) – Username for authentication. (optional)
• password (string) – Password for authentication. (optional)
• token (string) – Token for authentication. (optional)
• tenant_id (string) – Tenant id. (optional)
• tenant_name (string) – Tenant name. (optional)
• auth_url (string) – Keystone service endpoint for authorization.
• region_name (string) – Name of a region to select when choosing an endpoint from the service catalog.
• endpoint (string) – A user-supplied endpoint URL for the keystone service. Lazy-authentication is possible for API service calls if endpoint is set at instantiation.(optional)
• timeout (integer) – Allows customization of the timeout for client http requests. (optional)
• original_ip (string) – The original IP of the requesting user which will be sent to Keystone in a ‘Forwarded’ header. (optional)
• cert (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the corresponding X.509 client certificate needed to established two-way SSL connection with the identity service. (optional)
• key (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the unencrypted client private key needed to established two-way SSL connection with the identity service. (optional)
• cacert (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the trusted authority X.509 certificates needed to established SSL connection with the identity service. (optional)
• insecure (boolean) – Does not perform X.509 certificate validation when establishing SSL connection with identity service. default: False (optional)
• auth_ref (dict) – To allow for consumers of the client to manage their own caching strategy, you may initialize a client with a previously captured auth_reference (token)
• debug (boolean) – Enables debug logging of all request and responses to keystone. default False (option)

Warning

If debug is enabled, it may show passwords in plain text as a part of its output.

The client can be created and used like a user or in a strictly bootstrap mode. Normal operation expects a username, password, auth_url, and tenant_name or id to be provided. Other values will be lazily loaded as needed from the service catalog.

Example:

>>> from keystoneclient.v2_0 import client
>>> keystone = client.Client(username=USER,
...                          password=PASS,
...                          tenant_name=TENANT_NAME,
...                          auth_url=KEYSTONE_URL)
>>> keystone.tenants.list()
...
>>> user = keystone.users.get(USER_ID)
>>> user.delete()

Once authenticated, you can store and attempt to re-use the authenticated token. the auth_ref property on the client returns as a dictionary-like-object so that you can export and cache it, re-using it when initiating another client:

>>> from keystoneclient.v2_0 import client
>>> keystone = client.Client(username=USER,
...                          password=PASS,
...                          tenant_name=TENANT_NAME,
...                          auth_url=KEYSTONE_URL)
>>> auth_ref = keystone.auth_ref
>>> # pickle or whatever you like here
>>> new_client = client.Client(auth_ref=auth_ref)

Alternatively, you can provide the administrative token configured in keystone and an endpoint to communicate with directly. See (admin_token in keystone.conf) In this case, authenticate() is not needed, and no service catalog will be loaded.

Example:

>>> from keystoneclient.v2_0 import client
>>> admin_client = client.Client(
...     token='12345secret7890',
...     endpoint='http://localhost:35357/v2.0')
>>> keystone.tenants.list()

get_raw_token_from_identity_service(auth_url, username=None, password=None, tenant_name=None, tenant_id=None, token=None, project_name=None, project_id=None, trust_id=None, **kwargs)

Authenticate against the v2 Identity API.

Returns:access.AccessInfo if authentication was successful. Raises :AuthorizationFailure if unable to authenticate or validate the existing authorization token

version = 'v2.0'

ec2 Module

class keystoneclient.v2_0.ec2.CredentialsManager(client)

Bases: keystoneclient.base.ManagerWithFind

create(user_id, tenant_id)

Create a new access/secret pair for the user/tenant pair.

Return type:object of type EC2

delete(user_id, access)

Delete an access/secret pair for a user.

get(user_id, access)

Get the access/secret pair for a given access key.

Return type:object of type EC2

list(user_id)

Get a list of access/secret pairs for a user_id.

Return type:list of EC2

resource_class

alias of EC2

class keystoneclient.v2_0.ec2.EC2(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

delete()

endpoints Module

class keystoneclient.v2_0.endpoints.Endpoint(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents a Keystone endpoint.

class keystoneclient.v2_0.endpoints.EndpointManager(client)

Bases: keystoneclient.base.ManagerWithFind

Manager class for manipulating Keystone endpoints.

create(region, service_id, publicurl, adminurl, internalurl)

Create a new endpoint.

delete(id)

Delete an endpoint.

list()

List all available endpoints.

resource_class

alias of Endpoint

roles Module

class keystoneclient.v2_0.roles.Role(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents a Keystone role.

delete()

class keystoneclient.v2_0.roles.RoleManager(client)

Bases: keystoneclient.base.ManagerWithFind

Manager class for manipulating Keystone roles.

add_user_role(user, role, tenant=None)

Adds a role to a user.

If tenant is specified, the role is added just for that tenant, otherwise the role is added globally.

create(name)

Create a role.

delete(role)

Delete a role.

get(role)

list()

List all available roles.

remove_user_role(user, role, tenant=None)

Removes a role from a user.

If tenant is specified, the role is removed just for that tenant, otherwise the role is removed from the user’s global roles.

resource_class

alias of Role

roles_for_user(user, tenant=None)

services Module

class keystoneclient.v2_0.services.Service(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents a Keystone service.

class keystoneclient.v2_0.services.ServiceManager(client)

Bases: keystoneclient.base.ManagerWithFind

Manager class for manipulating Keystone services.

create(name, service_type, description)

Create a new service.

delete(id)

Delete a service.

get(id)

Retrieve a service by id.

list()

List available services.

resource_class

alias of Service

shell Module

keystoneclient.v2_0.shell.do_catalog(kc, args)

List service catalog, possibly filtered by service.

keystoneclient.v2_0.shell.do_ec2_credentials_create(kc, args)

Create EC2-compatible credentials for user per tenant.

keystoneclient.v2_0.shell.do_ec2_credentials_delete(kc, args)

Delete EC2-compatible credentials.

keystoneclient.v2_0.shell.do_ec2_credentials_get(kc, args)

Display EC2-compatible credentials.

keystoneclient.v2_0.shell.do_ec2_credentials_list(kc, args)

List EC2-compatible credentials for a user.

keystoneclient.v2_0.shell.do_endpoint_create(kc, args)

Create a new endpoint associated with a service.

keystoneclient.v2_0.shell.do_endpoint_delete(kc, args)

Delete a service endpoint.

keystoneclient.v2_0.shell.do_endpoint_get(kc, args)

Find endpoint filtered by a specific attribute or service type.

keystoneclient.v2_0.shell.do_endpoint_list(kc, args)

List configured service endpoints.

keystoneclient.v2_0.shell.do_password_update(kc, args)

Update own password.

keystoneclient.v2_0.shell.do_role_create(kc, args)

Create new role.

keystoneclient.v2_0.shell.do_role_delete(kc, args)

Delete role.

keystoneclient.v2_0.shell.do_role_get(kc, args)

Display role details.

keystoneclient.v2_0.shell.do_role_list(kc, args)

List all roles.

keystoneclient.v2_0.shell.do_service_create(kc, args)

Add service to Service Catalog.

keystoneclient.v2_0.shell.do_service_delete(kc, args)

Delete service from Service Catalog.

keystoneclient.v2_0.shell.do_service_get(kc, args)

Display service from Service Catalog.

keystoneclient.v2_0.shell.do_service_list(kc, args)

List all services in Service Catalog.

keystoneclient.v2_0.shell.do_tenant_create(kc, args)

Create new tenant.

keystoneclient.v2_0.shell.do_tenant_delete(kc, args)

Delete tenant.

keystoneclient.v2_0.shell.do_tenant_get(kc, args)

Display tenant details.

keystoneclient.v2_0.shell.do_tenant_list(kc, args)

List all tenants.

keystoneclient.v2_0.shell.do_tenant_update(kc, args)

Update tenant name, description, enabled status.

keystoneclient.v2_0.shell.do_token_get(kc, args)

Display the current user token.

keystoneclient.v2_0.shell.do_user_create(kc, args)

Create new user

keystoneclient.v2_0.shell.do_user_delete(kc, args)

Delete user.

keystoneclient.v2_0.shell.do_user_get(kc, args)

Display user details.

keystoneclient.v2_0.shell.do_user_list(kc, args)

List users.

keystoneclient.v2_0.shell.do_user_password_update(kc, args)

Update user password.

keystoneclient.v2_0.shell.do_user_role_add(kc, args)

Add role to user.

keystoneclient.v2_0.shell.do_user_role_list(kc, args)

List roles granted to a user.

keystoneclient.v2_0.shell.do_user_role_remove(kc, args)

Remove role from user.

keystoneclient.v2_0.shell.do_user_update(kc, args)

Update user’s name, email, and enabled status.

keystoneclient.v2_0.shell.require_service_catalog(f)

tenants Module

class keystoneclient.v2_0.tenants.Tenant(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents a Keystone tenant

Attributes:

• id: a uuid that identifies the tenant
• name: tenant name
• description: tenant description
• enabled: boolean to indicate if tenant is enabled

add_user(user, role)

delete()

list_users()

remove_user(user, role)

update(name=None, description=None, enabled=None)

class keystoneclient.v2_0.tenants.TenantManager(client)

Bases: keystoneclient.base.ManagerWithFind

Manager class for manipulating Keystone tenants.

add_user(tenant, user, role)

Add a user to a tenant with the given role.

create(tenant_name, description=None, enabled=True, **kwargs)

Create a new tenant.

delete(tenant)

Delete a tenant.

get(tenant_id)

list(limit=None, marker=None)

Get a list of tenants.

Parameters:

• limit (integer) – maximum number to return. (optional)
• marker (string) – use when specifying a limit and making multiple calls for querying. (optional)

Return type:

list of Tenant

list_users(tenant)

List users for a tenant.

remove_user(tenant, user, role)

Remove the specified role from the user on the tenant.

resource_class

alias of Tenant

update(tenant_id, tenant_name=None, description=None, enabled=None, **kwargs)

Update a tenant with a new name and description.

tokens Module

class keystoneclient.v2_0.tokens.Token(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

expires

id

tenant

class keystoneclient.v2_0.tokens.TokenManager(client)

Bases: keystoneclient.base.Manager

authenticate(*args, **kwargs)

delete(token)

endpoints(token)

resource_class

alias of Token

users Module

class keystoneclient.v2_0.users.User(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents a Keystone user

delete()

list_roles(tenant=None)

class keystoneclient.v2_0.users.UserManager(client)

Bases: keystoneclient.base.ManagerWithFind

Manager class for manipulating Keystone users.

create(name, password, email=None, tenant_id=None, enabled=True)

Create a user.

delete(user)

Delete a user.

get(user)

list(tenant_id=None, limit=None, marker=None)

Get a list of users (optionally limited to a tenant).

Return type:list of User

list_roles(user, tenant=None)

resource_class

alias of User

update(user, **kwargs)

Update user data.

Supported arguments include name, email, and enabled.

update_enabled(user, enabled)

Update enabled-ness.

update_own_password(origpasswd, passwd)

Update password.

update_password(user, password)

Update password.

update_tenant(user, tenant)

Update default tenant.