keystoneclient.v2_0 package¶

Submodules¶

keystoneclient.v2_0.certificates module¶

class keystoneclient.v2_0.certificates.CertificatesManager(client)¶

Bases: object

Manager for certificates.

get_ca_certificate()¶

Get CA certificate.

Returns

PEM-formatted string.

Return type

str

get_signing_certificate()¶

Get signing certificate.

Returns

PEM-formatted string.

Return type

str

keystoneclient.v2_0.client module¶

class keystoneclient.v2_0.client.Client(**kwargs)¶

Bases: keystoneclient.httpclient.HTTPClient

Client for the OpenStack Keystone v2.0 API.

Parameters

• username (string) – Username for authentication. (optional)

• password (string) – Password for authentication. (optional)

• token (string) – Token for authentication. (optional)

• tenant_id (string) – Tenant id. (optional)

• tenant_name (string) – Tenant name. (optional)

• auth_url (string) – Keystone service endpoint for authorization.

• region_name (string) – Name of a region to select when choosing an endpoint from the service catalog.

• endpoint (string) – A user-supplied endpoint URL for the keystone service. Lazy-authentication is possible for API service calls if endpoint is set at instantiation.(optional)

• timeout (integer) – Allows customization of the timeout for client http requests. (optional)

• original_ip (string) – The original IP of the requesting user which will be sent to Keystone in a ‘Forwarded’ header. (optional)

• cert (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the corresponding X.509 client certificate needed to established two-way SSL connection with the identity service. (optional)

• key (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the unencrypted client private key needed to established two-way SSL connection with the identity service. (optional)

• cacert (string) – Path to the Privacy Enhanced Mail (PEM) file which contains the trusted authority X.509 certificates needed to established SSL connection with the identity service. (optional)

• insecure (boolean) – Does not perform X.509 certificate validation when establishing SSL connection with identity service. default: False (optional)

• auth_ref (dict) – To allow for consumers of the client to manage their own caching strategy, you may initialize a client with a previously captured auth_reference (token)

• debug (boolean) – Enables debug logging of all request and responses to keystone. default False (option)

Warning

If debug is enabled, it may show passwords in plain text as a part of its output.

Warning

Constructing an instance of this class without a session is deprecated as of the 1.7.0 release and will be removed in the 2.0.0 release.

The client can be created and used like a user or in a strictly bootstrap mode. Normal operation expects a username, password, auth_url, and tenant_name or id to be provided. Other values will be lazily loaded as needed from the service catalog.

Example:

>>> from keystoneauth1.identity import v2
>>> from keystoneauth1 import session
>>> from keystoneclient.v2_0 import client
>>> auth = v2.Password(auth_url=KEYSTONE_URL,
...                    username=USER,
...                    password=PASS,
...                    tenant_name=TENANT_NAME)
>>> sess = session.Session(auth=auth)
>>> keystone = client.Client(session=sess)
>>> keystone.tenants.list()
...
>>> user = keystone.users.get(USER_ID)
>>> user.delete()

Once authenticated, you can store and attempt to re-use the authenticated token. the auth_ref property on the client returns as a dictionary-like-object so that you can export and cache it, re-using it when initiating another client:

>>> from keystoneauth1.identity import v2
>>> from keystoneauth1 import session
>>> from keystoneclient.v2_0 import client
>>> auth = v2.Password(auth_url=KEYSTONE_URL,
...                    username=USER,
...                    password=PASS,
...                    tenant_name=TENANT_NAME)
>>> sess = session.Session(auth=auth)
>>> keystone = client.Client(session=sess)
>>> auth_ref = keystone.auth_ref
>>> # pickle or whatever you like here
>>> new_client = client.Client(auth_ref=auth_ref)

Alternatively, you can provide the administrative token configured in keystone and an endpoint to communicate with directly. See (admin_token in keystone.conf) In this case, authenticate() is not needed, and no service catalog will be loaded.

Example:

>>> from keystoneauth1.identity import v2
>>> from keystoneauth1 import session
>>> from keystoneclient.v2_0 import client
>>> auth = v2.Token(auth_url='http://localhost:35357/v2.0',
...                 token='12345secret7890')
>>> sess = session.Session(auth=auth)
>>> keystone = client.Client(session=sess)
>>> keystone.tenants.list()

get_raw_token_from_identity_service(auth_url, username=None, password=None, tenant_name=None, tenant_id=None, token=None, project_name=None, project_id=None, trust_id=None, **kwargs)¶

Authenticate against the v2 Identity API.

If a token is provided it will be used in preference over username and password.

Returns

access.AccessInfo if authentication was successful.

Raises

keystoneclient.exceptions.AuthorizationFailure – if unable to authenticate or validate the existing authorization token

version = 'v2.0'¶

keystoneclient.v2_0.ec2 module¶

class keystoneclient.v2_0.ec2.CredentialsManager(client)¶

Bases: keystoneclient.base.ManagerWithFind

create(user_id, tenant_id)¶

Create a new access/secret pair for the user/tenant pair.

Return type

object of type EC2

delete(user_id, access)¶

Delete an access/secret pair for a user.

get(user_id, access)¶

Get the access/secret pair for a given access key.

Return type

object of type EC2

list(user_id)¶

Get a list of access/secret pairs for a user_id.

Return type

list of EC2

resource_class¶

alias of EC2

class keystoneclient.v2_0.ec2.EC2(manager, info, loaded=False)¶

Bases: keystoneclient.base.Resource

delete()¶

keystoneclient.v2_0.endpoints module¶

class keystoneclient.v2_0.endpoints.Endpoint(manager, info, loaded=False)¶

Bases: keystoneclient.base.Resource

Represents a Keystone endpoint.

class keystoneclient.v2_0.endpoints.EndpointManager(client)¶

Bases: keystoneclient.base.ManagerWithFind

Manager class for manipulating Keystone endpoints.

create(region, service_id, publicurl, adminurl=None, internalurl=None)¶

Create a new endpoint.

delete(id)¶

Delete an endpoint.

list()¶

List all available endpoints.

resource_class¶

alias of Endpoint

keystoneclient.v2_0.extensions module¶

class keystoneclient.v2_0.extensions.Extension(manager, info, loaded=False)¶

Bases: keystoneclient.base.Resource

Represents an Identity API extension.

class keystoneclient.v2_0.extensions.ExtensionManager(client)¶

Bases: keystoneclient.base.ManagerWithFind

Manager class for listing Identity API extensions.

list()¶

List all available extensions.

resource_class¶

alias of Extension

keystoneclient.v2_0.roles module¶

class keystoneclient.v2_0.roles.Role(manager, info, loaded=False)¶

Bases: keystoneclient.base.Resource

Represents a Keystone role.

delete()¶

class keystoneclient.v2_0.roles.RoleManager(client)¶

Bases: keystoneclient.base.ManagerWithFind

Manager class for manipulating Keystone roles.

add_user_role(user, role, tenant=None)¶

Add a role to a user.

If tenant is specified, the role is added just for that tenant, otherwise the role is added globally.

create(name)¶

Create a role.

delete(role)¶

Delete a role.

get(role)¶

list()¶

List all available roles.

remove_user_role(user, role, tenant=None)¶

Remove a role from a user.

If tenant is specified, the role is removed just for that tenant, otherwise the role is removed from the user’s global roles.

resource_class¶

alias of Role

roles_for_user(user, tenant=None)¶

keystoneclient.v2_0.services module¶

class keystoneclient.v2_0.services.Service(manager, info, loaded=False)¶

Bases: keystoneclient.base.Resource

Represents a Keystone service.

class keystoneclient.v2_0.services.ServiceManager(client)¶

Bases: keystoneclient.base.ManagerWithFind

Manager class for manipulating Keystone services.

create(name, service_type, description=None)¶

Create a new service.

delete(id)¶

Delete a service.

get(id)¶

Retrieve a service by id.

list()¶

List available services.

resource_class¶

alias of Service

keystoneclient.v2_0.tenants module¶

class keystoneclient.v2_0.tenants.Tenant(manager, info, loaded=False)¶

Bases: keystoneclient.base.Resource

Represents a Keystone tenant.

Attributes:

• id: a uuid that identifies the tenant

• name: tenant name

• description: tenant description

• enabled: boolean to indicate if tenant is enabled

add_user(user, role)¶

delete()¶

list_users()¶

remove_user(user, role)¶

update(name=None, description=None, enabled=None)¶

class keystoneclient.v2_0.tenants.TenantManager(client, role_manager, user_manager)¶

Bases: keystoneclient.base.ManagerWithFind

Manager class for manipulating Keystone tenants.

add_user(tenant, user, role)¶

Add a user to a tenant with the given role.

create(tenant_name, description=None, enabled=True, **kwargs)¶

Create a new tenant.

delete(tenant)¶

Delete a tenant.

get(tenant_id)¶

list(limit=None, marker=None)¶

Get a list of tenants.

Parameters

• limit (integer) – maximum number to return. (optional)

• marker (string) – use when specifying a limit and making multiple calls for querying. (optional)

Return type

list of Tenant

list_users(tenant)¶

List users for a tenant.

remove_user(tenant, user, role)¶

Remove the specified role from the user on the tenant.

resource_class¶

alias of Tenant

update(tenant_id, tenant_name=None, description=None, enabled=None, **kwargs)¶

Update a tenant with a new name and description.

keystoneclient.v2_0.tokens module¶

class keystoneclient.v2_0.tokens.Token(manager, info, loaded=False)¶

Bases: keystoneclient.base.Resource

property expires¶

property id¶

property tenant¶

class keystoneclient.v2_0.tokens.TokenManager(client)¶

Bases: keystoneclient.base.Manager

authenticate(username=None, tenant_id=None, tenant_name=None, password=None, token=None, return_raw=False)¶

delete(token)¶

endpoints(token)¶

get_revoked()¶

Return the revoked tokens response.

The response will be a dict containing ‘signed’ which is a CMS-encoded document.

get_token_data(token)¶

Fetch the data about a token from the identity server.

Parameters

token (str) – The token id.

Return type

dict

resource_class¶

alias of Token

validate(token)¶

Validate a token.

Parameters

token – Token to be validated.

Return type

Token

validate_access_info(token)¶

Validate a token.

Parameters

token – Token to be validated. This can be an instance of keystoneclient.access.AccessInfo or a string token_id.

Return type

keystoneclient.access.AccessInfoV2

keystoneclient.v2_0.users module¶

class keystoneclient.v2_0.users.User(manager, info, loaded=False)¶

Bases: keystoneclient.base.Resource

Represents a Keystone user.

delete()¶

list_roles(tenant=None)¶

class keystoneclient.v2_0.users.UserManager(client, role_manager)¶

Bases: keystoneclient.base.ManagerWithFind

Manager class for manipulating Keystone users.

create(name, password=None, email=None, tenant_id=None, enabled=True)¶

Create a user.

delete(user)¶

Delete a user.

get(user)¶

list(tenant_id=None, limit=None, marker=None)¶

Get a list of users (optionally limited to a tenant).

Return type

list of User

list_roles(user, tenant=None)¶

resource_class¶

alias of User

update(user, **kwargs)¶

Update user data.

Supported arguments include name, email, and enabled.

update_enabled(user, enabled)¶

Update enabled-ness.

update_own_password(origpasswd, passwd)¶

Update password.

update_password(user, password)¶

Update password.

update_tenant(user, tenant)¶

Update default tenant.

Module contents¶