v3 Package

v3 Package

client Module

class keystoneclient.v3.client.Client(**kwargs)

Bases: keystoneclient.httpclient.HTTPClient

Client for the OpenStack Identity API v3.

Parameters:

• user_id (string) – User ID for authentication. (optional)
• username (string) – Username for authentication. (optional)
• user_domain_id (string) – User’s domain ID for authentication. (optional)
• user_domain_name (string) – User’s domain name for authentication. (optional)
• password (string) – Password for authentication. (optional)
• token (string) – Token for authentication. (optional)
• domain_id (string) – Domain ID for domain scoping. (optional)
• domain_name (string) – Domain name for domain scoping. (optional)
• project_id (string) – Project ID for project scoping. (optional)
• project_name (string) – Project name for project scoping. (optional)
• project_domain_id (string) – Project’s domain ID for project scoping. (optional)
• project_domain_name (string) – Project’s domain name for project scoping. (optional)
• tenant_name (string) – Tenant name. (optional) The tenant_name keyword argument is deprecated, use project_name instead.
• tenant_id (string) – Tenant id. (optional) The tenant_id keyword argument is deprecated, use project_id instead.
• auth_url (string) – Identity service endpoint for authorization.
• region_name (string) – Name of a region to select when choosing an endpoint from the service catalog.
• endpoint (string) – A user-supplied endpoint URL for the identity service. Lazy-authentication is possible for API service calls if endpoint is set at instantiation. (optional)
• timeout (integer) – Allows customization of the timeout for client http requests. (optional)

Example:

>>> from keystoneclient.v3 import client
>>> keystone = client.Client(user_domain_name=DOMAIN_NAME,
...                          username=USER,
...                          password=PASS,
...                          project_domain_name=PROJECT_DOMAIN_NAME,
...                          project_name=PROJECT_NAME,
...                          auth_url=KEYSTONE_URL)
...
>>> keystone.projects.list()
...
>>> user = keystone.users.get(USER_ID)
>>> user.delete()

get_raw_token_from_identity_service(auth_url, user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None, domain_id=None, domain_name=None, project_id=None, project_name=None, project_domain_id=None, project_domain_name=None, token=None, trust_id=None, **kwargs)

Authenticate against the v3 Identity API.

Returns:access.AccessInfo if authentication was successful. Raises :AuthorizationFailure if unable to authenticate or validate the existing authorization token Raises :Unauthorized if authentication fails due to invalid token

process_token(**kwargs)

Extract and process information from the new auth_ref.

And set the relevant authentication information.

serialize(entity)

version = 'v3'

credentials Module

class keystoneclient.v3.credentials.Credential(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity credential.

Attributes:

• id: a uuid that identifies the credential

class keystoneclient.v3.credentials.CredentialManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity credentials.

collection_key = 'credentials'

create(*args, **kwargs)

delete(credential)

get(credential)

key = 'credential'

list(**kwargs)

List credentials.

If **kwargs are provided, then filter credentials with attributes matching **kwargs.

resource_class

alias of Credential

update(*args, **kwargs)

domains Module

class keystoneclient.v3.domains.Domain(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity domain.

Attributes:

• id: a uuid that identifies the domain

class keystoneclient.v3.domains.DomainManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity domains.

collection_key = 'domains'

create(*args, **kwargs)

delete(domain)

get(domain)

key = 'domain'

list(**kwargs)

List domains.

**kwargs allows filter criteria to be passed where

supported by the server.

resource_class

alias of Domain

update(*args, **kwargs)

endpoints Module

class keystoneclient.v3.endpoints.Endpoint(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity endpoint.

Attributes:

• id: a uuid that identifies the endpoint
• interface: ‘public’, ‘admin’ or ‘internal’ network interface
• region: geographic location of the endpoint
• service_id: service to which the endpoint belongs
• url: fully qualified service endpoint
• enabled: determines whether the endpoint appears in the catalog

class keystoneclient.v3.endpoints.EndpointManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity endpoints.

collection_key = 'endpoints'

create(*args, **kwargs)

delete(endpoint)

get(endpoint)

key = 'endpoint'

list(*args, **kwargs)

List endpoints.

If **kwargs are provided, then filter endpoints with attributes matching **kwargs.

resource_class

alias of Endpoint

update(*args, **kwargs)

groups Module

class keystoneclient.v3.groups.Group(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity user group.

Attributes:

• id: a uuid that identifies the group
• name: group name
• description: group description

update(*args, **kwargs)

class keystoneclient.v3.groups.GroupManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity groups.

collection_key = 'groups'

create(*args, **kwargs)

delete(group)

get(group)

key = 'group'

list(*args, **kwargs)

List groups.

If domain or user is provided, then filter groups with that attribute.

If **kwargs are provided, then filter groups with attributes matching **kwargs.

resource_class

alias of Group

update(*args, **kwargs)

policies Module

class keystoneclient.v3.policies.Policy(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity policy.

Attributes:

• id: a uuid that identifies the policy
• blob: a policy document (blob)
• type: the mime type of the policy blob

update(*args, **kwargs)

class keystoneclient.v3.policies.PolicyManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity policies.

collection_key = 'policies'

create(*args, **kwargs)

delete(policy)

get(policy)

key = 'policy'

list(**kwargs)

List policies.

**kwargs allows filter criteria to be passed where

supported by the server.

resource_class

alias of Policy

update(*args, **kwargs)

projects Module

class keystoneclient.v3.projects.Project(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity project.

Attributes:

• id: a uuid that identifies the project
• name: project name
• description: project description
• enabled: boolean to indicate if project is enabled

update(*args, **kwargs)

class keystoneclient.v3.projects.ProjectManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity projects.

collection_key = 'projects'

create(*args, **kwargs)

delete(project)

get(project)

key = 'project'

list(*args, **kwargs)

List projects.

If domain or user are provided, then filter projects with those attributes.

If **kwargs are provided, then filter projects with attributes matching **kwargs.

resource_class

alias of Project

update(*args, **kwargs)

roles Module

class keystoneclient.v3.roles.Role(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity role.

Attributes:

• id: a uuid that identifies the role
• name: user-facing identifier

class keystoneclient.v3.roles.RoleManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity roles.

check(*args, **kwargs)

Checks if a user or group has a role on a domain or project.

collection_key = 'roles'

create(*args, **kwargs)

delete(role)

get(role)

grant(*args, **kwargs)

Grants a role to a user or group on a domain or project.

key = 'role'

list(*args, **kwargs)

Lists roles and role grants.

If no arguments are provided, all roles in the system will be listed.

If a user or group is specified, you must also specify either a domain or project to list role grants on that pair. And if **kwargs are provided, then also filter roles with attributes matching **kwargs.

resource_class

alias of Role

revoke(*args, **kwargs)

Revokes a role from a user or group on a domain or project.

update(*args, **kwargs)

services Module

class keystoneclient.v3.services.Service(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity service.

Attributes:

• id: a uuid that identifies the service
• name: user-facing name of the service (e.g. Keystone)
• type: ‘compute’, ‘identity’, etc
• enabled: determines whether the service appears in the catalog

class keystoneclient.v3.services.ServiceManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity services.

collection_key = 'services'

create(*args, **kwargs)

delete(service)

get(service)

key = 'service'

resource_class

alias of Service

update(*args, **kwargs)

users Module

class keystoneclient.v3.users.User(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity user.

Attributes:

• id: a uuid that identifies the user

class keystoneclient.v3.users.UserManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity users.

add_to_group(user, group)

check_in_group(user, group)

collection_key = 'users'

create(*args, **kwargs)

Create a user.

Warning

The project argument is deprecated, use default_project instead.

If both default_project and project is provided, the default_project will be used.

delete(user)

get(user)

key = 'user'

list(*args, **kwargs)

List users.

If project, domain or group are provided, then filter users with those attributes.

If **kwargs are provided, then filter users with attributes matching **kwargs.

Warning

The project argument is deprecated, use default_project instead.

If both default_project and project is provided, the default_project will be used.

remove_from_group(user, group)

resource_class

alias of User

update(*args, **kwargs)

Update a user.

Warning

The project argument is deprecated, use default_project instead.

If both default_project and project is provided, the default_project will be used.

update_password(old_password, new_password)

Update the password for the user the token belongs to.

Subpackages

• contrib Package
  • contrib Package
  • endpoint_filter Module
  • trusts Module
  • Subpackages
    • federation Package
      • federation Package
      • core Module
      • identity_providers Module
      • mappings Module