Workflow Logic the Identity service.
Bases: type
Metaclass that ensures that the correct methods on the deprecated classes are reported as deprecated on call.
Bases: keystone.common.controller.V3Controller
Bases: keystone.common.controller.V3Controller
Main entry point into the Identity service.
Bases: dict
Discover, store and provide access to domain specific configs.
The setup_domain_drivers() call will be made via the wrapper from the first call to any driver function handled by this manager. This setup call it will scan the domain config directory for files of the form
keystone.<domain_name>.conf
For each file, the domain_name will be turned into a domain_id and then this class will:
Bases: object
Interface description for an Identity driver.
Adds a user to a group.
Raises: | keystone.exception.UserNotFound, keystone.exception.GroupNotFound |
---|
Authenticate a given user and password. :returns: user_ref :raises: AssertionError
Checks if a user is a member of a group.
Raises: | keystone.exception.UserNotFound, keystone.exception.GroupNotFound |
---|
Get a group by ID.
Returns: | group_ref |
---|---|
Raises: | keystone.exception.GroupNotFound |
Get a user by ID.
Returns: | user_ref |
---|---|
Raises: | keystone.exception.UserNotFound |
Get a user by name.
Returns: | user_ref |
---|---|
Raises: | keystone.exception.UserNotFound |
List groups in the system.
Parameters: | hints – filter hints which the driver should implement if at all possible. |
---|---|
Returns: | a list of group_refs or an empty list. |
List groups a user is in
Parameters: |
|
---|---|
Returns: | a list of group_refs or an empty list. |
List users in the system.
Parameters: | hints – filter hints which the driver should implement if at all possible. |
---|---|
Returns: | a list of user_refs or an empty list. |
List users in a group.
Parameters: |
|
---|---|
Returns: | a list of user_refs or an empty list. |
Removes a user from a group.
Raises: | keystone.exception.NotFound |
---|
Bases: keystone.common.manager.Manager
Default pivot point for the Identity backend.
See keystone.common.manager.Manager for more details on how this dynamically calls the backend.
This class also handles the support of domain specific backends, by using the DomainConfigs class. The setup call for DomainConfigs is called from with the @domains_configured wrapper in a lazy loading fashion to get around the fact that we can’t satisfy the assignment api it needs from within our __init__() function since the assignment driver is not itself yet initialized.
Each of the identity calls are pre-processed here to choose, based on domain, which of the drivers should be called. The non-domain-specific driver is still in place, and is used if there is no specific driver for the domain in question.
Wraps API calls to lazy load domain configs after init.
This is required since the assignment manager needs to be initialized before this manager, and yet this manager’s init wants to be able to make assignment calls (to build the domain configs). So instead, we check if the domains have been initialized on entry to each call, and if requires load them,
WSGI Routers for the Identity service.