keystone package

Subpackages

Submodules

keystone.clean module

keystone.clean.check_enabled(property_name, enabled)[source]
keystone.clean.check_length(property_name, value, min_length=1, max_length=64)[source]
keystone.clean.check_name(property_name, name, min_length=1, max_length=64)[source]
keystone.clean.check_type(property_name, value, expected_type, display_expected_type)[source]
keystone.clean.domain_enabled(enabled)[source]
keystone.clean.domain_name(name)[source]
keystone.clean.group_name(name)[source]
keystone.clean.project_enabled(enabled)[source]
keystone.clean.project_name(name)[source]
keystone.clean.user_enabled(enabled)[source]
keystone.clean.user_name(name)[source]

keystone.cli module

class keystone.cli.BaseApp[source]

Bases: object

classmethod add_argument_parser(subparsers)[source]
name = None
class keystone.cli.BaseCertificateSetup[source]

Bases: keystone.cli.BaseApp

Common user/group setup for PKI and SSL generation.

classmethod add_argument_parser(subparsers)[source]
static get_user_group()[source]
class keystone.cli.DbSync[source]

Bases: keystone.cli.BaseApp

Sync the database.

classmethod add_argument_parser(subparsers)[source]
static main()[source]
name = 'db_sync'
class keystone.cli.DbVersion[source]

Bases: keystone.cli.BaseApp

Print the current migration version of the database.

classmethod add_argument_parser(subparsers)[source]
static main()[source]
name = 'db_version'
class keystone.cli.PKISetup[source]

Bases: keystone.cli.BaseCertificateSetup

Set up Key pairs and certificates for token signing and verification.

classmethod main()[source]
name = 'pki_setup'
class keystone.cli.SSLSetup[source]

Bases: keystone.cli.BaseCertificateSetup

Create key pairs and certificates for HTTPS connections.

classmethod main()[source]
name = 'ssl_setup'
class keystone.cli.TokenFlush[source]

Bases: keystone.cli.BaseApp

Flush expired tokens from the backend.

classmethod main()[source]
name = 'token_flush'
keystone.cli.add_command_parsers(subparsers)[source]
keystone.cli.main(argv=None, config_files=None)[source]

keystone.config module

Wrapper for keystone.common.config that configures itself on import.

keystone.config.find_paste_config()[source]

Find Keystone’s paste.deploy configuration file.

Keystone’s paste.deploy configuration file is specified in the [paste_deploy] section of the main Keystone configuration file, keystone.conf.

For example:

[paste_deploy]
config_file = keystone-paste.ini
Returns:The selected configuration filename
Raises:exception.ConfigFileNotFound
keystone.config.set_default_for_default_log_levels()[source]

Set the default for the default_log_levels option for keystone.

Keystone uses some packages that other OpenStack services don’t use that do logging. This will set the default_log_levels default level for those packages.

This function needs to be called before CONF().

keystone.config.setup_logging()[source]

Sets up logging for the keystone package.

keystone.controllers module

class keystone.controllers.AdminExtensions(*args, **kwargs)[source]

Bases: keystone.controllers.Extensions

extensions[source]
class keystone.controllers.Extensions(*args, **kwargs)[source]

Bases: keystone.common.wsgi.Application

Base extensions controller to be extended by public and admin API’s.

extensions[source]
get_extension_info(context, extension_alias)[source]
get_extensions_info(context)[source]
class keystone.controllers.PublicExtensions(*args, **kwargs)[source]

Bases: keystone.controllers.Extensions

extensions[source]
class keystone.controllers.Version(version_type)[source]

Bases: keystone.common.wsgi.Application

get_version_v2(context)[source]
get_version_v3(context)[source]
get_versions(context)[source]
keystone.controllers.register_version(version)[source]

keystone.exception module

exception keystone.exception.AdditionalAuthRequired(auth_response=None, **kwargs)[source]

Bases: keystone.exception.AuthPluginException

message_format = u'Additional authentications steps required.'
exception keystone.exception.AuthMethodNotSupported(*args, **kwargs)[source]

Bases: keystone.exception.AuthPluginException

message_format = u'Attempted to authenticate with an unsupported method.'
exception keystone.exception.AuthPluginException(*args, **kwargs)[source]

Bases: keystone.exception.Unauthorized

message_format = u'Authentication plugin error.'
exception keystone.exception.CertificateFilesUnavailable(message=None, **kwargs)[source]

Bases: keystone.exception.UnexpectedError

debug_message_format = u'Expected signing certificates are not available on the server. Please check Keystone configuration.'
exception keystone.exception.ConfigFileNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.UnexpectedError

debug_message_format = u'The Keystone configuration file %(config_file)s could not be found.'
exception keystone.exception.Conflict(message=None, **kwargs)[source]

Bases: keystone.exception.Error

code = 409
message_format = u'Conflict occurred attempting to store %(type)s. %(details)s'
title = 'Conflict'
exception keystone.exception.CredentialNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find credential, %(credential_id)s.'
exception keystone.exception.DomainNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find domain, %(domain_id)s.'
exception keystone.exception.EndpointNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find endpoint, %(endpoint_id)s.'
exception keystone.exception.Error(message=None, **kwargs)[source]

Bases: exceptions.Exception

Base error class.

Child classes should define an HTTP status code, title, and a message_format.

code = None
message_format = None
title = None
exception keystone.exception.FederatedProtocolNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find federated protocol %(protocol_id)s for IdentityProvider, %(idp_id)s'
exception keystone.exception.Forbidden(message=None, **kwargs)[source]

Bases: keystone.exception.SecurityError

code = 403
message_format = u'You are not authorized to perform the requested action.'
title = 'Forbidden'
exception keystone.exception.ForbiddenAction(message=None, **kwargs)[source]

Bases: keystone.exception.Forbidden

message_format = u'You are not authorized to perform the requested action, %(action)s.'
exception keystone.exception.Gone(message=None, **kwargs)[source]

Bases: keystone.exception.Error

code = 410
message_format = u'The service you have requested is no longer available on this server.'
title = 'Gone'
exception keystone.exception.GroupNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find group, %(group_id)s.'
exception keystone.exception.IdentityProviderNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find IdentityProvider, %(idp_id)s.'
exception keystone.exception.ImmutableAttributeError(message=None, **kwargs)[source]

Bases: keystone.exception.Forbidden

message_format = u'Could not change immutable attribute %(attribute)s in target %(target)s'
exception keystone.exception.MalformedEndpoint(message=None, **kwargs)[source]

Bases: keystone.exception.UnexpectedError

debug_message_format = u'Malformed endpoint URL (%(endpoint)s), see ERROR log for details.'
exception keystone.exception.MappedGroupNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.UnexpectedError

debug_message_format = u'Group %(group_id)s returned by mapping %(mapping_id)s was not found in the backend.'
exception keystone.exception.MappingNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find mapping, %(mapping_id)s.'
exception keystone.exception.MetadataNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

(dolph): metadata is not a user-facing concept, so this exception should not be exposed

message_format = u'An unhandled exception has occurred: Could not find metadata.'
exception keystone.exception.MigrationNotProvided(mod_name, path)[source]

Bases: exceptions.Exception

exception keystone.exception.MissingGroups(message=None, **kwargs)[source]

Bases: keystone.exception.Unauthorized

message_format = u'Unable to find valid groups while using mapping %(mapping_id)s'
exception keystone.exception.NotFound(message=None, **kwargs)[source]

Bases: keystone.exception.Error

code = 404
message_format = u'Could not find, %(target)s.'
title = 'Not Found'
exception keystone.exception.NotImplemented(message=None, **kwargs)[source]

Bases: keystone.exception.Error

code = 501
message_format = u'The action you have requested has not been implemented.'
title = 'Not Implemented'
exception keystone.exception.PKITokenExpected(message=None, **kwargs)[source]

Bases: keystone.exception.Error

code = 403
message_format = u'The certificates you requested are not available. It is likely that this server does not use PKI tokens otherwise this is the result of misconfiguration.'
title = 'Cannot retrieve certificates'
exception keystone.exception.PolicyNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find policy, %(policy_id)s.'
exception keystone.exception.ProjectNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find project, %(project_id)s.'
exception keystone.exception.RegionNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find region, %(region_id)s.'
exception keystone.exception.RequestTooLarge(message=None, **kwargs)[source]

Bases: keystone.exception.Error

code = 413
message_format = u'Request is too large.'
title = 'Request is too large.'
exception keystone.exception.RoleNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find role, %(role_id)s.'
exception keystone.exception.SecurityError(message=None, **kwargs)[source]

Bases: keystone.exception.Error

Avoids exposing details of security failures, unless in debug mode.

exception keystone.exception.ServiceNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find service, %(service_id)s.'
exception keystone.exception.StringLengthExceeded(message=None, **kwargs)[source]

Bases: keystone.exception.ValidationError

message_format = u"String length exceeded.The length of string '%(string)s' exceeded the limit of column %(type)s(CHAR(%(length)d))."
exception keystone.exception.TokenNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find token, %(token_id)s.'
exception keystone.exception.TrustNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find trust, %(trust_id)s.'
exception keystone.exception.TrustUseLimitReached(message=None, **kwargs)[source]

Bases: keystone.exception.Forbidden

message_format = u'No remaining uses for trust %(trust_id)s.'
exception keystone.exception.Unauthorized(message=None, **kwargs)[source]

Bases: keystone.exception.SecurityError

code = 401
message_format = u'The request you have made requires authentication.'
title = 'Unauthorized'
exception keystone.exception.UnexpectedError(message=None, **kwargs)[source]

Bases: keystone.exception.SecurityError

Avoids exposing details of failures, unless in debug mode.

code = 500
debug_message_format = u'An unexpected error prevented the server from fulfilling your request. %(exception)s'
message_format[source]

Return the generic message format string unless debug is enabled.

title = 'Internal Server Error'
exception keystone.exception.UserNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find user, %(user_id)s.'
exception keystone.exception.ValidationError(message=None, **kwargs)[source]

Bases: keystone.exception.Error

code = 400
message_format = u'Expecting to find %(attribute)s in %(target)s. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.'
title = 'Bad Request'
exception keystone.exception.ValidationSizeError(message=None, **kwargs)[source]

Bases: keystone.exception.Error

code = 400
message_format = u'Request attribute %(attribute)s must be less than or equal to %(size)i. The server could not comply with the request because the attribute size is invalid (too large). The client is assumed to be in error.'
title = 'Bad Request'
exception keystone.exception.ValidationTimeStampError(message=None, **kwargs)[source]

Bases: keystone.exception.Error

code = 400
message_format = u'Timestamp not in expected format. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.'
title = 'Bad Request'
exception keystone.exception.VersionNotFound(message=None, **kwargs)[source]

Bases: keystone.exception.NotFound

message_format = u'Could not find version, %(version)s.'

keystone.notifications module

Notifications module for OpenStack Identity Service resources

class keystone.notifications.CadfNotificationWrapper(action)[source]

Bases: object

Send CADF event notifications for various methods.

Sends CADF notifications for events such as whether an authentication was successful or not.

class keystone.notifications.ManagerNotificationWrapper(operation, resource_type, public=True, resource_id_arg_index=1)[source]

Bases: object

Send event notifications for Manager methods.

Sends a notification if the wrapped Manager method does not raise an Exception (such as keystone.exception.NotFound).

Parameters:
  • operation – one of the values from ACTIONS
  • resource_type – type of resource being affected
  • public – If True (default), the event will be sent to the notifier API. If False, the event will only be sent via notify_event_callbacks to in process listeners
keystone.notifications.created(*args, **kwargs)[source]

Decorator to send notifications for Manager.create_* methods.

keystone.notifications.deleted(*args, **kwargs)[source]

Decorator to send notifications for Manager.delete_* methods.

keystone.notifications.disabled(*args, **kwargs)[source]

Decorator to send notifications when an object is disabled.

keystone.notifications.emit_event

alias of CadfNotificationWrapper

keystone.notifications.notify_event_callbacks(service, resource_type, operation, payload)[source]

Sends a notification to registered extensions.

keystone.notifications.register_event_callback(event, resource_type, callbacks)[source]
keystone.notifications.updated(*args, **kwargs)[source]

Decorator to send notifications for Manager.update_* methods.

keystone.routers module

The only types of routers in this file should be ComposingRouters.

The routers for the backends should be in the backend-specific router modules. For example, the ComposableRouter for identity belongs in:

keystone.identity.routers
class keystone.routers.Extension(is_admin=True)[source]

Bases: keystone.common.wsgi.ComposableRouter

add_routes(mapper)[source]
class keystone.routers.VersionV2(description)[source]

Bases: keystone.common.wsgi.ComposableRouter

add_routes(mapper)[source]
class keystone.routers.VersionV3(description)[source]

Bases: keystone.common.wsgi.ComposableRouter

add_routes(mapper)[source]
class keystone.routers.Versions(description)[source]

Bases: keystone.common.wsgi.ComposableRouter

add_routes(mapper)[source]

keystone.service module

keystone.service.admin_app_factory(*args, **kw)[source]
keystone.service.admin_version_app_factory(*args, **kw)[source]
keystone.service.fail_gracefully(f)[source]

Logs exceptions and aborts.

keystone.service.load_backends()[source]
keystone.service.public_app_factory(*args, **kw)[source]
keystone.service.public_version_app_factory(*args, **kw)[source]
keystone.service.v3_app_factory(*args, **kw)[source]

Module contents