v3 Package

v3 Package

client Module

class keystoneclient.v3.client.Client(**kwargs)

Bases: keystoneclient.httpclient.HTTPClient

Client for the OpenStack Identity API v3.

Parameters:
  • user_id (string) – User ID for authentication. (optional)
  • username (string) – Username for authentication. (optional)
  • user_domain_id (string) – User’s domain ID for authentication. (optional)
  • user_domain_name (string) – User’s domain name for authentication. (optional)
  • password (string) – Password for authentication. (optional)
  • token (string) – Token for authentication. (optional)
  • domain_id (string) – Domain ID for domain scoping. (optional)
  • domain_name (string) – Domain name for domain scoping. (optional)
  • project_id (string) – Project ID for project scoping. (optional)
  • project_name (string) – Project name for project scoping. (optional)
  • project_domain_id (string) – Project’s domain ID for project scoping. (optional)
  • project_domain_name (string) – Project’s domain name for project scoping. (optional)
  • tenant_name (string) – Tenant name. (optional) The tenant_name keyword argument is deprecated, use project_name instead.
  • tenant_id (string) – Tenant id. (optional) The tenant_id keyword argument is deprecated, use project_id instead.
  • auth_url (string) – Identity service endpoint for authorization.
  • region_name (string) – Name of a region to select when choosing an endpoint from the service catalog.
  • endpoint (string) – A user-supplied endpoint URL for the identity service. Lazy-authentication is possible for API service calls if endpoint is set at instantiation. (optional)
  • timeout (integer) – Allows customization of the timeout for client http requests. (optional)

Example:

>>> from keystoneclient.v3 import client
>>> keystone = client.Client(user_domain_name=DOMAIN_NAME,
...                          username=USER,
...                          password=PASS,
...                          project_domain_name=PROJECT_DOMAIN_NAME,
...                          project_name=PROJECT_NAME,
...                          auth_url=KEYSTONE_URL)
...
>>> keystone.projects.list()
...
>>> user = keystone.users.get(USER_ID)
>>> user.delete()
get_raw_token_from_identity_service(auth_url, user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None, domain_id=None, domain_name=None, project_id=None, project_name=None, project_domain_id=None, project_domain_name=None, token=None, trust_id=None, **kwargs)

Authenticate against the v3 Identity API.

Returns:access.AccessInfo if authentication was successful.
Raises :AuthorizationFailure if unable to authenticate or validate the existing authorization token
Raises :Unauthorized if authentication fails due to invalid token
process_token(**kwargs)

Extract and process information from the new auth_ref.

And set the relevant authentication information.

serialize(entity)
version = 'v3'

credentials Module

class keystoneclient.v3.credentials.Credential(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity credential.

Attributes:
  • id: a uuid that identifies the credential
class keystoneclient.v3.credentials.CredentialManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity credentials.

collection_key = 'credentials'
create(*args, **kwargs)
delete(credential)
get(credential)
key = 'credential'
list(**kwargs)

List credentials.

If **kwargs are provided, then filter credentials with attributes matching **kwargs.

resource_class

alias of Credential

update(*args, **kwargs)

domains Module

class keystoneclient.v3.domains.Domain(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity domain.

Attributes:
  • id: a uuid that identifies the domain
class keystoneclient.v3.domains.DomainManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity domains.

collection_key = 'domains'
create(*args, **kwargs)
delete(domain)
get(domain)
key = 'domain'
list(**kwargs)

List domains.

**kwargs allows filter criteria to be passed where
supported by the server.
resource_class

alias of Domain

update(*args, **kwargs)

endpoints Module

class keystoneclient.v3.endpoints.Endpoint(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity endpoint.

Attributes:
  • id: a uuid that identifies the endpoint
  • interface: ‘public’, ‘admin’ or ‘internal’ network interface
  • region: geographic location of the endpoint
  • service_id: service to which the endpoint belongs
  • url: fully qualified service endpoint
  • enabled: determines whether the endpoint appears in the catalog
class keystoneclient.v3.endpoints.EndpointManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity endpoints.

collection_key = 'endpoints'
create(*args, **kwargs)
delete(endpoint)
get(endpoint)
key = 'endpoint'
list(*args, **kwargs)

List endpoints.

If **kwargs are provided, then filter endpoints with attributes matching **kwargs.

resource_class

alias of Endpoint

update(*args, **kwargs)

groups Module

class keystoneclient.v3.groups.Group(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity user group.

Attributes:
  • id: a uuid that identifies the group
  • name: group name
  • description: group description
update(*args, **kwargs)
class keystoneclient.v3.groups.GroupManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity groups.

collection_key = 'groups'
create(*args, **kwargs)
delete(group)
get(group)
key = 'group'
list(*args, **kwargs)

List groups.

If domain or user is provided, then filter groups with that attribute.

If **kwargs are provided, then filter groups with attributes matching **kwargs.

resource_class

alias of Group

update(*args, **kwargs)

policies Module

class keystoneclient.v3.policies.Policy(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity policy.

Attributes:
  • id: a uuid that identifies the policy
  • blob: a policy document (blob)
  • type: the mime type of the policy blob
update(*args, **kwargs)
class keystoneclient.v3.policies.PolicyManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity policies.

collection_key = 'policies'
create(*args, **kwargs)
delete(policy)
get(policy)
key = 'policy'
list(**kwargs)

List policies.

**kwargs allows filter criteria to be passed where
supported by the server.
resource_class

alias of Policy

update(*args, **kwargs)

projects Module

class keystoneclient.v3.projects.Project(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity project.

Attributes:
  • id: a uuid that identifies the project
  • name: project name
  • description: project description
  • enabled: boolean to indicate if project is enabled
update(*args, **kwargs)
class keystoneclient.v3.projects.ProjectManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity projects.

collection_key = 'projects'
create(*args, **kwargs)
delete(project)
get(project)
key = 'project'
list(*args, **kwargs)

List projects.

If domain or user are provided, then filter projects with those attributes.

If **kwargs are provided, then filter projects with attributes matching **kwargs.

resource_class

alias of Project

update(*args, **kwargs)

roles Module

class keystoneclient.v3.roles.Role(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity role.

Attributes:
  • id: a uuid that identifies the role
  • name: user-facing identifier
class keystoneclient.v3.roles.RoleManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity roles.

check(*args, **kwargs)

Checks if a user or group has a role on a domain or project.

collection_key = 'roles'
create(*args, **kwargs)
delete(role)
get(role)
grant(*args, **kwargs)

Grants a role to a user or group on a domain or project.

key = 'role'
list(*args, **kwargs)

Lists roles and role grants.

If no arguments are provided, all roles in the system will be listed.

If a user or group is specified, you must also specify either a domain or project to list role grants on that pair. And if **kwargs are provided, then also filter roles with attributes matching **kwargs.

resource_class

alias of Role

revoke(*args, **kwargs)

Revokes a role from a user or group on a domain or project.

update(*args, **kwargs)

services Module

class keystoneclient.v3.services.Service(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity service.

Attributes:
  • id: a uuid that identifies the service
  • name: user-facing name of the service (e.g. Keystone)
  • type: ‘compute’, ‘identity’, etc
  • enabled: determines whether the service appears in the catalog
class keystoneclient.v3.services.ServiceManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity services.

collection_key = 'services'
create(*args, **kwargs)
delete(service)
get(service)
key = 'service'
resource_class

alias of Service

update(*args, **kwargs)

users Module

class keystoneclient.v3.users.User(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity user.

Attributes:
  • id: a uuid that identifies the user
class keystoneclient.v3.users.UserManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity users.

add_to_group(user, group)
check_in_group(user, group)
collection_key = 'users'
create(*args, **kwargs)

Create a user.

Warning

The project argument is deprecated, use default_project instead.

If both default_project and project is provided, the default_project will be used.

delete(user)
get(user)
key = 'user'
list(*args, **kwargs)

List users.

If project, domain or group are provided, then filter users with those attributes.

If **kwargs are provided, then filter users with attributes matching **kwargs.

Warning

The project argument is deprecated, use default_project instead.

If both default_project and project is provided, the default_project will be used.

remove_from_group(user, group)
resource_class

alias of User

update(*args, **kwargs)

Update a user.

Warning

The project argument is deprecated, use default_project instead.

If both default_project and project is provided, the default_project will be used.

update_password(old_password, new_password)

Update the password for the user the token belongs to.