Bases: dict
Encapsulates a raw authentication token from keystone.
Provides helper methods for extracting useful values from that token.
Returns the token_id associated with the auth request, to be used in headers for authenticating OpenStack API requests.
Returns: | str |
---|
Returns a tuple of URLs from publicURL and adminURL for the service ‘identity’ from the service catalog associated with the authorization request. If the authentication request wasn’t scoped to a tenant (project), this property will return None.
DEPRECATED: this doesn’t correctly handle region name. You should fetch it from the service catalog yourself.
Returns: | tuple of urls |
---|
Returns the domain id associated with the authentication token.
Returns: | str or None (if no domain associated with the token) |
---|
Returns the domain name associated with the authentication token.
Returns: | str or None (if no domain associated with the token) |
---|
Returns true if the authorization token was scoped to a domain.
Returns: | bool |
---|
Returns the token expiration (as datetime object)
Returns: | datetime |
---|
Create AccessInfo object given a successful auth response & body or a user-provided dict.
Returns true if the authorization token has a service catalog.
Returns: | boolean |
---|
Returns true if federation was used to get the token.
Returns: | boolean |
---|
Determines if processing v2 or v3 token given a successful auth body or a user-provided dict.
Returns: | true if auth body matches implementing class |
---|---|
Return type: | boolean |
Returns the token issue time (as datetime object)
Returns: | datetime |
---|
Returns the first adminURL for ‘identity’ from the service catalog associated with the authorization request, or None if the authentication request wasn’t scoped to a tenant (project).
DEPRECATED: this doesn’t correctly handle region name. You should fetch it from the service catalog yourself.
Returns: | tuple of urls |
---|
Return the access token ID if OAuth authentication used.
Returns: | str or None. |
---|
Return the consumer ID if OAuth authentication used.
Returns: | str or None. |
---|
Returns the domain id of the project associated with the authentication request.
For v2, it returns ‘default’ if a project is scoped or None which may be different from the keystone configuration.
Returns: | str |
---|
Returns the domain name of the project associated with the authentication request.
For v2, it returns ‘Default’ if a project is scoped or None which may be different from the keystone configuration.
Returns: | str |
---|
Returns the project ID associated with the authentication request, or None if the authentication request wasn’t scoped to a project.
Returns: | str or None (if no project associated with the token) |
---|
Returns the project name associated with the authentication request.
Returns: | str or None (if no project associated with the token) |
---|
Returns: | bool |
---|
Returns a list of role ids of the user associated with the authentication request.
Returns: | a list of strings of role ids |
---|
Returns a list of role names of the user associated with the authentication request.
Returns: | a list of strings of role names |
---|
(project), and contains a populated service catalog.
This is deprecated, use project_scoped instead.
Returns: | bool |
---|
Synonym for project_id.
Synonym for project_name.
Returns the trust id associated with the authentication token.
Returns: | str or None (if no trust associated with the token) |
---|
Returns true if the authorization token was scoped as delegated in a trust, via the OS-TRUST v3 extension.
Returns: | bool |
---|
Returns the trustee user id associated with a trust.
Returns: | str or None (if no trust associated with the token) |
---|
Returns the trustor user id associated with a trust.
Returns: | str or None (if no trust associated with the token) |
---|
Returns the domain id of the user associated with the authentication request.
For v2, it always returns ‘default’ which may be different from the Keystone configuration.
Returns: | str |
---|
Returns the domain name of the user associated with the authentication request.
For v2, it always returns ‘Default’ which may be different from the Keystone configuration.
Returns: | str |
---|
Returns the user id associated with the authentication request.
Returns: | str |
---|
Returns the username associated with the authentication request. Follows the pattern defined in the V2 API of first looking for ‘name’, returning that if available, and falling back to ‘username’ if name is unavailable.
Returns: | str |
---|
Returns the version of the auth token from identity service.
Returns: | str |
---|
Determines if expiration is about to occur.
Returns: | true if expiration is within the given duration |
---|---|
Return type: | boolean |
Bases: keystoneclient.access.AccessInfo
An object for encapsulating a raw v2 auth token from identity service.
Bases: keystoneclient.access.AccessInfo
An object for encapsulating a raw v3 auth token from identity service.
Bases: object
An instance of a session with local variables.
A session is a global object that is shared around amongst many clients. It therefore contains state that is relevant to everyone. There is a lot of state such as the service type and region_name that are only relevant to a particular client that is using the session. An adapter provides a wrapper of client local data around the global session object.
Parameters: |
|
---|
Get an endpoint as provided by the auth plugin.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises keystoneclient.exceptions.MissingAuthPlugin: | |
if a plugin is not available. | |
Returns: | An endpoint if available or None. |
Return type: | string |
Return the authenticated project_id as provided by the auth plugin.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Current project_id or None if not supported by plugin. |
Return type: | string |
Return a token as provided by the auth plugin.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises keystoneclient.exceptions.AuthorizationFailure: | |
if a new token fetch fails. | |
Returns: | A valid token. |
Return type: | string |
Return the authenticated user_id as provided by the auth plugin.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Current user_id or None if not supported by plugin. |
Return type: | string |
Invalidate an authentication plugin.
Bases: keystoneclient.adapter.Adapter
Make something that looks like an old HTTPClient.
A common case when using an adapter is that we want an interface similar to the HTTPClients of old which returned the body as JSON as well.
You probably don’t want this if you are starting from scratch.
Base utilities to build API operation managers and objects on top of.
Bases: keystoneclient.base.Manager
Base manager class for manipulating Keystone entities.
Children of this class are expected to define a collection_key and key.
Builds a query that does not include values, just keys.
The Identity API has some calls that define queries without values, this can not be accomplished by using urllib.parse.urlencode(). This method builds a query using only the keys.
Builds a resource URL for the given kwargs.
Given an example collection where collection_key = ‘entities’ and key = ‘entity’, the following URL’s could be generated.
By default, the URL will represent a collection of entities, e.g.:
/entities
If kwargs contains an entity_id, then the URL will represent a specific member, e.g.:
/entities/{entity_id}
If a base_url is provided, the generated URL will be appended to it.
Find a single item with attributes matching **kwargs.
Bases: object
Basic manager type providing common operations.
Managers interact with a particular type of API (servers, flavors, images, etc.) and provide CRUD operations for them.
Parameters: | client – instance of BaseClient descendant for HTTP requests |
---|
Deprecated. Use client instead.
Bases: keystoneclient.base.Manager
Manager with additional find()/findall() methods.
Find a single item with attributes matching **kwargs.
This isn’t very efficient: it loads the entire list then filters on the Python side.
Find all items with attributes matching **kwargs.
This isn’t very efficient: it loads the entire list then filters on the Python side.
Bases: keystoneclient.openstack.common.apiclient.base.Resource
Base class for OpenStack resources (tenant, user, etc.).
This is pretty much just a bag for attributes.
Remove any entries from a dictionary where the value is None.
Return id if argument is a Resource.
Abstracts the common pattern of allowing both an object or an object’s ID (UUID) as a parameter when dealing with relationships.
Factory function to create a new identity service client.
The returned client will be either a V3 or V2 client. Check the version using the version property or the instance’s class (with instanceof).
Parameters: |
|
---|---|
Returns: | New keystone client object. |
Return type: | keystoneclient.v3.client.Client or keystoneclient.v2_0.client.Client |
Raises: |
|
Bases: keystoneclient._discover.Discover
A means to discover and create clients depending on the supported API versions on the server.
Querying the server is done on object creation and every subsequent method operates upon the data that was retrieved.
The connection parameters associated with this method are the same format and name as those used by a client (see keystoneclient.v2_0.client.Client and keystoneclient.v3.client.Client). If not overridden in subsequent methods they will also be what is passed to the constructed client.
In the event that auth_url and endpoint is provided then auth_url will be used in accordance with how the client operates.
Parameters: |
|
---|
Return a list of identity APIs available on the server and the data associated with them.
DEPRECATED: use raw_version_data()
Parameters: |
|
---|---|
Returns: | A List of dictionaries as presented by the server. Each dict will contain the version and the URL to use for the version. It is a direct representation of the layout presented by the identity API. |
Factory function to create a new identity service client.
Parameters: |
|
---|---|
Returns: | An instantiated identity client object. |
Raises: |
|
Get raw version information from URL.
Raw data indicates that only minimal validation processing is performed on the data, so what is returned here will be the data in the same format it was received from the endpoint.
Parameters: | |
---|---|
Returns: | The endpoints returned from the server that match the criteria. |
Return type: | list |
Example:
>>> from keystoneclient import discover
>>> disc = discover.Discovery(auth_url='http://localhost:5000')
>>> disc.raw_version_data()
[{'id': 'v3.0',
'links': [{'href': u'http://127.0.0.1:5000/v3/',
'rel': u'self'}],
'media-types': [
{'base': 'application/json',
'type': 'application/vnd.openstack.identity-v3+json'},
{'base': 'application/xml',
'type': 'application/vnd.openstack.identity-v3+xml'}],
'status': 'stable',
'updated': '2013-03-06T00:00:00Z'},
{'id': 'v2.0',
'links': [{'href': u'http://127.0.0.1:5000/v2.0/',
'rel': u'self'},
{'href': u'...',
'rel': u'describedby',
'type': u'application/pdf'}],
'media-types': [
{'base': 'application/json',
'type': 'application/vnd.openstack.identity-v2.0+json'},
{'base': 'application/xml',
'type': 'application/vnd.openstack.identity-v2.0+xml'}],
'status': 'stable',
'updated': '2013-03-06T00:00:00Z'}]
Adds a version removal rule for a particular service.
Originally deployments of OpenStack would contain a versioned endpoint in the catalog for different services. E.g. an identity service might look like http://localhost:5000/v2.0. This is a problem when we want to use a different version like v3.0 as there is no way to tell where it is located. We cannot simply change all service catalogs either so there must be a way to handle the older style of catalog.
This function adds a rule for a given service type that if part of the URL matches a given regular expression in old then it will be replaced with the new value. This will replace all instances of old with new. It should therefore contain a regex anchor.
For example the included rule states:
add_catalog_version_hack('identity', re.compile('/v2.0/?$'), '/')
so if the catalog retrieves an identity URL that ends with /v2.0 or /v2.0/ then it should replace it simply with / to fix the user’s catalog.
Parameters: |
|
---|
Retrieve raw version data from a url.
Turn a version representation into a tuple.
Takes a string, tuple or float which represent version formats we can handle and converts them into a (major, minor) version tuple that we can actually use for discovery.
Parameters: | version – Inputted version number to try and convert. |
---|---|
Returns: | A usable version tuple |
Return type: | tuple |
Raises TypeError: | |
if the inputted version cannot be converted to tuple. |
Test that an available version is a suitable match for a required version.
To be suitable a version must be of the same major version as required and be at least a match in minor/patch level.
eg. 3.3 is a match for a required 3.1 but 4.1 is not.
Parameters: | |
---|---|
Returns: | True if candidate is suitable False otherwise. |
Return type: | bool |
Exception definitions.
Bases: exceptions.Exception
Error reading the certificate.
Bases: exceptions.Exception
Error reading the certificate.
Bases: keystoneclient.openstack.common.apiclient.exceptions.ClientException
Discovery of client versions failed.
Bases: keystoneclient.openstack.common.apiclient.exceptions.EndpointNotFound
The service catalog is empty.
Bases: keystoneclient.openstack.common.apiclient.exceptions.ClientException
The response from the server is not valid for this request.
Bases: keystoneclient.openstack.common.apiclient.exceptions.ClientException
Method not implemented by the keystoneclient API.
Bases: keystoneclient.openstack.common.apiclient.exceptions.ClientException
An authenticated request is required but no plugin available.
Bases: keystoneclient.openstack.common.apiclient.exceptions.ClientException
There were no auth plugins that could be created from the parameters provided.
Parameters: | name (str) – The name of the plugin that was attempted to load. |
---|
The name of the plugin that was attempted to load.
Bases: keystoneclient.openstack.common.apiclient.exceptions.ConnectionRefused
An SSL error occurred.
Bases: keystoneclient.exceptions.DiscoveryFailure
Discovery failed as the version you requested is not available.
OpenStack Client interface. Handles the REST calls and responses.
Bases: keystoneclient.baseclient.Client, keystoneclient.auth.base.BaseAuthPlugin
HTTP client
Parameters: |
|
---|
Authenticate user.
Uses the data provided at instantiation to authenticate against the Identity server. This may use either a username and password or token for authentication. If a tenant name or id was provided then the resulting authenticated client will be scoped to that tenant and contain a service catalog of available endpoints.
With the v2.0 API, if a tenant name or ID is not provided, the authentication token returned will be ‘unscoped’ and limited in capabilities until a fully-scoped token is acquired.
With the v3 API, if a domain name or id was provided then the resulting authenticated client will be scoped to that domain. If a project name or ID is not provided, and the authenticating user has a default project configured, the authentication token returned will be ‘scoped’ to the default project. Otherwise, the authentication token returned will be ‘unscoped’ and limited in capabilities until a fully-scoped token is acquired.
With the v3 API, with the OS-TRUST extension enabled, the trust_id can be provided to allow project-specific role delegation between users
If successful, sets the self.auth_ref and self.auth_token with the returned token. If not already set, will also set self.management_url from the details provided in the token.
Returns: | True if authentication was successful. |
---|---|
Raises: |
|
If keyring is used, token is retrieved from keyring instead. Authentication will only be necessary if any of the following conditions are met:
Perform an authenticate DELETE request.
This calls request() with method set to DELETE and an authentication token if one is available.
Warning
DEPRECATED: This function is no longer used. It was designed to be used by the managers and the managers now receive an adapter so this function is no longer on the standard request path.
Perform an authenticated GET request.
This calls request() with method set to GET and an authentication token if one is available.
Warning
DEPRECATED: This function is no longer used. It was designed to be used by the managers and the managers now receive an adapter so this function is no longer on the standard request path.
Retrieve auth_ref from keyring.
If auth_ref is found in keyring, (keyring_key, auth_ref) is returned. Otherwise, (keyring_key, None) is returned.
Returns: | (keyring_key, auth_ref) or (keyring_key, None) |
---|---|
Returns: | or (None, None) if use_keyring is not set in the object |
Authenticate against the Identity API and get a token.
Not implemented here because auth protocols should be API version-specific.
Expected to authenticate or validate an existing authentication reference already associated with the client. Invoking this call always makes a call to the Identity service.
Returns: | (resp, body) |
---|
Returns True if this client provides a service catalog.
Perform an authenticated HEAD request.
This calls request() with method set to HEAD and an authentication token if one is available.
Warning
DEPRECATED: This function is no longer used. It was designed to be used by the managers and the managers now receive an adapter so this function is no longer on the standard request path.
Perform an authenticate PATCH request.
This calls request() with method set to PATCH and an authentication token if one is available.
Warning
DEPRECATED: This function is no longer used. It was designed to be used by the managers and the managers now receive an adapter so this function is no longer on the standard request path.
Perform an authenticate POST request.
This calls request() with method set to POST and an authentication token if one is available.
Warning
DEPRECATED: This function is no longer used. It was designed to be used by the managers and the managers now receive an adapter so this function is no longer on the standard request path.
Extract and process information from the new auth_ref.
And set the relevant authentication information.
Perform an authenticate PUT request.
This calls request() with method set to PUT and an authentication token if one is available.
Warning
DEPRECATED: This function is no longer used. It was designed to be used by the managers and the managers now receive an adapter so this function is no longer on the standard request path.
Send an http request with the specified characteristics.
Wrapper around requests.request to handle tasks such as setting headers, JSON encoding/decoding, and error handling.
Warning
DEPRECATED: This function is no longer used. It was designed to be used only by the managers and the managers now receive an adapter so this function is no longer on the standard request path.
Returns this client’s service catalog.
Store auth_ref into keyring.
Provide read-only backwards compatibility for tenant_id. This is deprecated, use project_id instead.
Provide read-only backwards compatibility for tenant_name. This is deprecated, use project_name instead.
oslo.i18n integration module.
See http://docs.openstack.org/developer/oslo.i18n/usage.html .
Bases: object
Helper methods for dealing with a Keystone Service Catalog.
Create ServiceCatalog object given an auth token.
Get the raw catalog structure.
Get the version dependent catalog structure as it is presented within the resource.
Returns: | list containing raw catalog data entries or None |
---|
Fetch and filter endpoints for the specified service(s).
Returns endpoints for the specified service (or all) containing the specified type (or all) and region (or all) and service name.
If there is no name in the service catalog the service_name check will be skipped. This allows compatibility with services that existed before the name was available in the catalog.
Fetch token details from service catalog.
Returns a dictionary containing the following:
- `id`: Token's ID
- `expires`: Token's expiration
- `user_id`: Authenticated user's ID
- `tenant_id`: Authorized project's ID
- `domain_id`: Authorized domain's ID
Fetch endpoint urls from the service catalog.
Fetch the endpoints from the service catalog for a particular endpoint attribute. If no attribute is given, return the first endpoint of the specified type.
Parameters: |
|
---|---|
Returns: | tuple of urls or None (if no match found) |
Fetch an endpoint from the service catalog.
Fetch the specified endpoint from the service catalog for a particular endpoint attribute. If no attribute is given, return the first endpoint of the specified type.
Parameters: |
---|
Bases: keystoneclient.service_catalog.ServiceCatalog
An object for encapsulating the service catalog using raw v2 auth token from Keystone.
Bases: keystoneclient.service_catalog.ServiceCatalog
An object for encapsulating the service catalog using raw v3 auth token from Keystone.
Bases: object
Maintains client communication state and common functionality.
As much as possible the parameters to this class reflect and are passed directly to the requests library.
Parameters: |
|
---|
This property is deprecated.
This property is deprecated.
Handles constructing a session from the older HTTPClient args as well as the new request-style arguments.
Warning
DEPRECATED: This function is purely for bridging the gap between older client arguments and the session arguments that they relate to. It is not intended to be used as a generic Session Factory.
This function purposefully modifies the input kwargs dictionary so that the remaining kwargs dict can be reused and passed on to other functions without session arguments.
Return auth headers as provided by the auth plugin.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | Authentication headers or None for failure. |
Return type: | dict |
Get the oslo_config options that are needed for a Session.
These may be useful without being registered for config file generation or to manipulate the options before registering them yourself.
cafile: | The certificate authority filename. |
---|---|
certfile: | The client certificate file to present. |
keyfile: | The key for the client certificate. |
insecure: | Whether to ignore SSL verification. |
timeout: | The max time to wait for HTTP connections. |
Parameters: | deprecated_opts (dict) – Deprecated options that should be included in the definition of new options. This should be a dict from the name of the new option to a list of oslo.DeprecatedOpts that correspond to the new option. (optional) For example, to support the ca_file option pointing to the new cafile option name: old_opt = oslo.cfg.DeprecatedOpt('ca_file', 'old_group')
deprecated_opts={'cafile': [old_opt]}
|
---|---|
Returns: | A list of oslo_config options. |
Get an endpoint as provided by the auth plugin.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises keystoneclient.exceptions.MissingAuthPlugin: | |
if a plugin is not available. | |
Returns: | An endpoint if available or None. |
Return type: | string |
Return the authenticated project_id as provided by the auth plugin.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns string: | Current project_id or None if not supported by plugin. |
Return a token as provided by the auth plugin.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns: | A valid token. |
---|---|
Return type: | string |
Return the authenticated user_id as provided by the auth plugin.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to use for token. Overrides the plugin on the session. (optional) |
---|---|
Raises: |
|
Returns string: | Current user_id or None if not supported by plugin. |
Invalidate an authentication plugin.
Parameters: | auth (keystoneclient.auth.base.BaseAuthPlugin) – The auth plugin to invalidate. Overrides the plugin on the session. (optional) |
---|
Create a Session object from CLI arguments.
The CLI arguments must have been registered with register_cli_options().
Parameters: | args (Namespace) – result of parsed arguments. |
---|---|
Returns: | A new session object. |
Return type: | Session |
Create a session object from an oslo_config object.
The options must have been previously registered with register_conf_options.
Parameters: | |
---|---|
Returns: | A new session object. |
Return type: |
Redacts the secure headers to be logged.
Register the argparse arguments that are needed for a session.
Parameters: | parser (argparse.ArgumentParser) – parser to add to. |
---|
Register the oslo_config options that are needed for a session.
cafile: | The certificate authority filename. |
---|---|
certfile: | The client certificate file to present. |
keyfile: | The key for the client certificate. |
insecure: | Whether to ignore SSL verification. |
timeout: | The max time to wait for HTTP connections. |
Parameters: |
|
---|---|
Returns: | The list of options that was registered. |
Send an HTTP request with the specified characteristics.
Wrapper around requests.Session.request to handle tasks such as setting headers, JSON encoding/decoding, and error handling.
Arguments that are not handled are passed through to the requests library.
Parameters: |
|
---|---|
Raises keystoneclient.exceptions.ClientException: | |
For connection failure, or to indicate an error response code. |
|
Returns: | The response to the request. |
Bases: requests.adapters.HTTPAdapter
The custom adapter used to set TCP Keep-Alive on all connections.
Command-line interface to the OpenStack Identity API.
Bases: argparse.HelpFormatter
Bases: object
Prints all of the commands and options to stdout.
The keystone.bash_completion script doesn’t have to hard code them.
Display help about this program or one of its subcommands.
Search for the first defined of possibly many env vars
Returns the first environment variable defined in vars, or returns the default defined in kwargs.
Helper for the _find_* methods.
Checks to see if the function is marked as not requiring authentication with the @unauthenticated decorator.
Returns True if decorator is set to True, False otherwise.
Bases: object
A decorator which enforces only some args may be passed positionally.
This idea and some of the code was taken from the oauth2 client of the google-api client.
This decorator makes it easy to support Python 3 style key-word only parameters. For example, in Python 3 it is possible to write:
def fn(pos1, *, kwonly1, kwonly2=None):
...
All named parameters after * must be a keyword:
fn(10, 'kw1', 'kw2') # Raises exception.
fn(10, kwonly1='kw1', kwonly2='kw2') # Ok.
To replicate this behaviour with the positional decorator you simply specify how many arguments may be passed positionally. To replicate the example above:
@positional(1)
def fn(pos1, kwonly1=None, kwonly2=None):
...
If no default value is provided to a keyword argument, it becomes a required keyword argument:
@positional(0)
def fn(required_kw):
...
This must be called with the keyword parameter:
fn() # Raises exception.
fn(10) # Raises exception.
fn(required_kw=10) # Ok.
When defining instance or class methods always remember that in python the first positional argument passed is always the instance so you will need to account for self and cls:
class MyClass(object):
@positional(2)
def my_method(self, pos1, kwonly1=None):
...
@classmethod
@positional(2)
def my_method(cls, pos1, kwonly1=None):
...
If you would prefer not to account for self and cls you can use the method and classmethod helpers which do not consider the initial positional argument. So the following class is exactly the same as the one above:
class MyClass(object):
@positional.method(1)
def my_method(self, pos1, kwonly1=None):
...
@positional.classmethod(1)
def my_method(cls, pos1, kwonly1=None):
...
If a value isn’t provided to the decorator then it will enforce that every variable without a default value will be required to be a kwarg:
@positional()
def fn(pos1, kwonly1=None):
...
fn(10) # Ok.
fn(10, 20) # Raises exception.
fn(10, kwonly1=20) # Ok.
This behaviour will work with the positional.method and positional.classmethod helper functions as well:
class MyClass(object):
@positional.classmethod()
def my_method(cls, pos1, kwonly1=None):
...
MyClass.my_method(10) # Ok.
MyClass.my_method(10, 20) # Raises exception.
MyClass.my_method(10, kwonly1=20) # Ok.
For compatibility reasons you may wish to not always raise an exception so a WARN mode is available. Rather than raise an exception a warning message will be logged:
@positional(1, enforcement=positional.WARN):
def fn(pos1, kwonly=1):
...
Available modes are:
pretty table prints dictionaries.
Wrap values to max_length wrap if wrap>0
Prompt user for password if not provided so the password doesn’t show up in the bash history.
Adds ‘unauthenticated’ attribute to decorated function.
Usage:
@unauthenticated
def mymethod(f):
...
The python bindings for the OpenStack Identity (Keystone) project.
A Client object will allow you to communicate with the Identity server. The recommended way to get a Client object is to use keystoneclient.client.Client(). Client() uses version discovery to create a V3 or V2 client depending on what versions the Identity server supports and what version is requested.
Identity V2 and V3 clients can also be created directly. See keystoneclient.v3.client.Client for the V3 client and keystoneclient.v2_0.client.Client for the V2 client.