keystoneclient.v3 package

Submodules

keystoneclient.v3.client module

class keystoneclient.v3.client.Client(**kwargs)

Bases: keystoneclient.httpclient.HTTPClient

Client for the OpenStack Identity API v3.

Parameters:
  • user_id (string) – User ID for authentication. (optional)
  • username (string) – Username for authentication. (optional)
  • user_domain_id (string) – User’s domain ID for authentication. (optional)
  • user_domain_name (string) – User’s domain name for authentication. (optional)
  • password (string) – Password for authentication. (optional)
  • token (string) – Token for authentication. (optional)
  • domain_id (string) – Domain ID for domain scoping. (optional)
  • domain_name (string) – Domain name for domain scoping. (optional)
  • project_id (string) – Project ID for project scoping. (optional)
  • project_name (string) – Project name for project scoping. (optional)
  • project_domain_id (string) – Project’s domain ID for project scoping. (optional)
  • project_domain_name (string) – Project’s domain name for project scoping. (optional)
  • tenant_name (string) – Tenant name. (optional) The tenant_name keyword argument is deprecated, use project_name instead.
  • tenant_id (string) – Tenant id. (optional) The tenant_id keyword argument is deprecated, use project_id instead.
  • auth_url (string) – Identity service endpoint for authorization.
  • region_name (string) – Name of a region to select when choosing an endpoint from the service catalog.
  • endpoint (string) – A user-supplied endpoint URL for the identity service. Lazy-authentication is possible for API service calls if endpoint is set at instantiation. (optional)
  • timeout (integer) – Allows customization of the timeout for client http requests. (optional)

Example:

>>> from keystoneclient.v3 import client
>>> keystone = client.Client(user_domain_name=DOMAIN_NAME,
...                          username=USER,
...                          password=PASS,
...                          project_domain_name=PROJECT_DOMAIN_NAME,
...                          project_name=PROJECT_NAME,
...                          auth_url=KEYSTONE_URL)
...
>>> keystone.projects.list()
...
>>> user = keystone.users.get(USER_ID)
>>> user.delete()
get_raw_token_from_identity_service(auth_url, user_id=None, username=None, user_domain_id=None, user_domain_name=None, password=None, domain_id=None, domain_name=None, project_id=None, project_name=None, project_domain_id=None, project_domain_name=None, token=None, trust_id=None, **kwargs)

Authenticate against the v3 Identity API.

Returns:access.AccessInfo if authentication was successful.
Raises:AuthorizationFailure if unable to authenticate or validate the existing authorization token
Raises:Unauthorized if authentication fails due to invalid token
process_token(**kwargs)

Extract and process information from the new auth_ref.

And set the relevant authentication information.

serialize(entity)
version = 'v3'

keystoneclient.v3.credentials module

class keystoneclient.v3.credentials.Credential(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity credential.

Attributes:
  • id: a uuid that identifies the credential
class keystoneclient.v3.credentials.CredentialManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity credentials.

collection_key = 'credentials'
create(*args, **kwargs)
delete(credential)
get(credential)
key = 'credential'
list(**kwargs)

List credentials.

If **kwargs are provided, then filter credentials with attributes matching **kwargs.

resource_class

alias of Credential

update(*args, **kwargs)

keystoneclient.v3.domains module

class keystoneclient.v3.domains.Domain(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity domain.

Attributes:
  • id: a uuid that identifies the domain
class keystoneclient.v3.domains.DomainManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity domains.

collection_key = 'domains'
create(*args, **kwargs)
delete(domain)
get(domain)
key = 'domain'
list(**kwargs)

List domains.

**kwargs allows filter criteria to be passed where
supported by the server.
resource_class

alias of Domain

update(*args, **kwargs)

keystoneclient.v3.endpoints module

class keystoneclient.v3.endpoints.Endpoint(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity endpoint.

Attributes:
  • id: a uuid that identifies the endpoint
  • interface: ‘public’, ‘admin’ or ‘internal’ network interface
  • region: geographic location of the endpoint
  • service_id: service to which the endpoint belongs
  • url: fully qualified service endpoint
  • enabled: determines whether the endpoint appears in the catalog
class keystoneclient.v3.endpoints.EndpointManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity endpoints.

collection_key = 'endpoints'
create(*args, **kwargs)
delete(endpoint)
get(endpoint)
key = 'endpoint'
list(*args, **kwargs)

List endpoints.

If **kwargs are provided, then filter endpoints with attributes matching **kwargs.

resource_class

alias of Endpoint

update(*args, **kwargs)

keystoneclient.v3.groups module

class keystoneclient.v3.groups.Group(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity user group.

Attributes:
  • id: a uuid that identifies the group
  • name: group name
  • description: group description
update(*args, **kwargs)
class keystoneclient.v3.groups.GroupManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity groups.

collection_key = 'groups'
create(*args, **kwargs)
delete(group)
get(group)
key = 'group'
list(*args, **kwargs)

List groups.

If domain or user is provided, then filter groups with that attribute.

If **kwargs are provided, then filter groups with attributes matching **kwargs.

resource_class

alias of Group

update(*args, **kwargs)

keystoneclient.v3.policies module

class keystoneclient.v3.policies.Policy(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity policy.

Attributes:
  • id: a uuid that identifies the policy
  • blob: a policy document (blob)
  • type: the mime type of the policy blob
update(*args, **kwargs)
class keystoneclient.v3.policies.PolicyManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity policies.

collection_key = 'policies'
create(*args, **kwargs)
delete(policy)
get(policy)
key = 'policy'
list(**kwargs)

List policies.

**kwargs allows filter criteria to be passed where
supported by the server.
resource_class

alias of Policy

update(*args, **kwargs)

keystoneclient.v3.projects module

class keystoneclient.v3.projects.Project(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity project.

Attributes:
  • id: a uuid that identifies the project
  • name: project name
  • description: project description
  • enabled: boolean to indicate if project is enabled
update(*args, **kwargs)
class keystoneclient.v3.projects.ProjectManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity projects.

collection_key = 'projects'
create(*args, **kwargs)
delete(project)
get(project)
key = 'project'
list(*args, **kwargs)

List projects.

If domain or user are provided, then filter projects with those attributes.

If **kwargs are provided, then filter projects with attributes matching **kwargs.

resource_class

alias of Project

update(*args, **kwargs)

keystoneclient.v3.regions module

class keystoneclient.v3.regions.Region(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents a Catalog region.

Attributes:
  • id: a string that identifies the region.
  • description: a string that describes the region. Optional.
  • parent_region_id: string that is the id field for an pre-existing region in the backend. Allows for hierarchical region organization
  • enabled: determines whether the endpoint appears in the catalog. Defaults to True
class keystoneclient.v3.regions.RegionManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity endpoints.

collection_key = 'regions'
create(id=None, description=None, enabled=True, parent_region=None, **kwargs)

Create a Catalog region.

Parameters:
  • id – a string that identifies the region. If not specified a unique identifier will be assigned to the region.
  • description – a string that describes the region.
  • parent_region – string that is the id field for a pre-existing region in the backend. Allows for hierarchical region organization.
  • enabled – determines whether the endpoint appears in the catalog.
delete(region)
get(region)
key = 'region'
list(**kwargs)

List regions.

If **kwargs are provided, then filter regions with attributes matching **kwargs.

resource_class

alias of Region

update(region, description=None, enabled=True, parent_region=None, **kwargs)

Update a Catalog region.

Parameters:
  • region – a string that identifies the region.
  • description – a string that describes the region.
  • parent_region – string that is the id field for a pre-existing region in the backend. Allows for hierarchical region organization.
  • enabled – determines whether the endpoint appears in the catalog. Defaults to True

keystoneclient.v3.role_assignments module

class keystoneclient.v3.role_assignments.RoleAssignment(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity role assignment.

Attributes:
  • role: an object which contains a role uuid

  • user or group: an object which contains either a user or

    group uuid

  • scope: an object which has either a project or domain object

    containing an uuid

class keystoneclient.v3.role_assignments.RoleAssignmentManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity roles assignments.

collection_key = 'role_assignments'
create(**kwargs)
delete(**kwargs)
find(**kwargs)
get(**kwargs)
key = 'role_assignment'
list(user=None, group=None, project=None, domain=None, role=None, effective=False)

Lists role assignments.

If no arguments are provided, all role assignments in the system will be listed.

If both user and group are provided, a ValidationError will be raised. If both domain and project are provided, it will also raise a ValidationError.

Parameters:
  • user – User to be used as query filter. (optional)
  • group – Group to be used as query filter. (optional)
  • project – Project to be used as query filter. (optional)
  • domain – Domain to be used as query filter. (optional)
  • role – Role to be used as query filter. (optional)
  • effective (boolean) – return effective role assignments. (optional)
put(**kwargs)
resource_class

alias of RoleAssignment

update(**kwargs)

keystoneclient.v3.roles module

class keystoneclient.v3.roles.Role(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity role.

Attributes:
  • id: a uuid that identifies the role
  • name: user-facing identifier
class keystoneclient.v3.roles.RoleManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity roles.

check(*args, **kwargs)

Checks if a user or group has a role on a domain or project.

collection_key = 'roles'
create(*args, **kwargs)
delete(role)
get(role)
grant(*args, **kwargs)

Grants a role to a user or group on a domain or project.

key = 'role'
list(*args, **kwargs)

Lists roles and role grants.

If no arguments are provided, all roles in the system will be listed.

If a user or group is specified, you must also specify either a domain or project to list role grants on that pair. And if **kwargs are provided, then also filter roles with attributes matching **kwargs.

resource_class

alias of Role

revoke(*args, **kwargs)

Revokes a role from a user or group on a domain or project.

update(*args, **kwargs)

keystoneclient.v3.services module

class keystoneclient.v3.services.Service(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity service.

Attributes:
  • id: a uuid that identifies the service
  • name: user-facing name of the service (e.g. Keystone)
  • type: ‘compute’, ‘identity’, etc
  • enabled: determines whether the service appears in the catalog
class keystoneclient.v3.services.ServiceManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity services.

collection_key = 'services'
create(*args, **kwargs)
delete(service)
get(service)
key = 'service'
resource_class

alias of Service

update(*args, **kwargs)

keystoneclient.v3.users module

class keystoneclient.v3.users.User(manager, info, loaded=False)

Bases: keystoneclient.base.Resource

Represents an Identity user.

Attributes:
  • id: a uuid that identifies the user
class keystoneclient.v3.users.UserManager(client)

Bases: keystoneclient.base.CrudManager

Manager class for manipulating Identity users.

add_to_group(user, group)
check_in_group(user, group)
collection_key = 'users'
create(*args, **kwargs)

Create a user.

Warning

The project argument is deprecated, use default_project instead.

If both default_project and project is provided, the default_project will be used.

delete(user)
get(user)
key = 'user'
list(*args, **kwargs)

List users.

If project, domain or group are provided, then filter users with those attributes.

If **kwargs are provided, then filter users with attributes matching **kwargs.

Warning

The project argument is deprecated, use default_project instead.

If both default_project and project is provided, the default_project will be used.

remove_from_group(user, group)
resource_class

alias of User

update(*args, **kwargs)

Update a user.

Warning

The project argument is deprecated, use default_project instead.

If both default_project and project is provided, the default_project will be used.

update_password(old_password, new_password)

Update the password for the user the token belongs to.

Module contents