keystone.identity.backends.sql_model module¶

class keystone.identity.backends.sql_model.ExpiringUserGroupMembership(*args, **kwargs)[source]¶

Bases: Base, ModelDictMixin

Expiring group membership through federation mapping rules.

expired¶

expires¶

group_id¶

idp_id¶

last_verified¶

user_id¶

class keystone.identity.backends.sql_model.FederatedUser(*args, **kwargs)[source]¶

Bases: Base, ModelDictMixin

attributes = ['id', 'user_id', 'idp_id', 'protocol_id', 'unique_id', 'display_name']¶

display_name¶

id¶

idp_id¶

protocol_id¶

unique_id¶

user_id¶

class keystone.identity.backends.sql_model.Group(*args, **kwargs)[source]¶

Bases: Base, ModelDictMixinWithExtras

attributes = ['id', 'name', 'domain_id', 'description']¶

description¶

domain_id¶

expiring_user_group_memberships¶

extra¶

id¶

name¶

class keystone.identity.backends.sql_model.LocalUser(*args, **kwargs)[source]¶

Bases: Base, ModelDictMixin

attributes = ['id', 'user_id', 'domain_id', 'name']¶

domain_id¶

failed_auth_at¶

failed_auth_count¶

id¶

name¶

passwords¶

user_id¶

class keystone.identity.backends.sql_model.NonLocalUser(*args, **kwargs)[source]¶

Bases: Base, ModelDictMixin

SQL data model for nonlocal users (LDAP and custom).

attributes = ['domain_id', 'name', 'user_id']¶

domain_id¶

name¶

user_id¶

class keystone.identity.backends.sql_model.Password(*args, **kwargs)[source]¶

Bases: Base, ModelDictMixin

attributes = ['id', 'local_user_id', 'password_hash', 'created_at', 'expires_at']¶

created_at¶

created_at_int¶

expires_at¶

expires_at_int¶

id¶

local_user_id¶

password_hash¶

self_service¶

class keystone.identity.backends.sql_model.User(*args, **kwargs)[source]¶

Bases: Base, ModelDictMixinWithExtras

attributes = ['id', 'name', 'domain_id', 'password', 'enabled', 'default_project_id', 'password_expires_at']¶

created_at¶

default_project_id¶

domain_id¶

enabled¶

Return whether user is enabled or not.

expiring_user_group_memberships¶

extra¶

federated_users¶

classmethod from_dict(user_dict)[source]¶

Override from_dict to remove password_expires_at attribute.

Overriding this method to remove password_expires_at attribute to support update_user and unit tests where password_expires_at inadvertently gets added by calling to_dict followed by from_dict.

Parameters:

user_dict – User entity dictionary

Returns User:

User object

get_resource_option(option_id)[source]¶

id¶

last_active_at¶

local_user¶

name¶

Return the current user name.

nonlocal_user¶

password¶

Return the current password.

property password_created_at¶

Return when password was created at.

property password_expires_at¶

Return when password expires at.

property password_is_expired¶

Return whether password is expired or not.

property password_ref¶

Return the current password ref.

readonly_attributes = ['id', 'password_expires_at', 'password']¶

resource_options_registry = <keystone.common.resource_options.core.ResourceOptionRegistry object>¶

to_dict(include_extra_dict=False)[source]¶

Return the model’s attributes as a dictionary.

If include_extra_dict is True, ‘extra’ attributes are literally included in the resulting dictionary twice, for backwards-compatibility with a broken implementation.

class keystone.identity.backends.sql_model.UserGroupMembership(*args, **kwargs)[source]¶

Bases: Base, ModelDictMixin

Group membership join table.

group_id¶

user_id¶

class keystone.identity.backends.sql_model.UserOption(option_id, option_value)[source]¶

Bases: Base

option_id¶

option_value¶

user_id¶