keystone.application_credential.backends.sql module¶

class keystone.application_credential.backends.sql.AccessRuleModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

application_credential¶

attributes = ['external_id', 'user_id', 'service', 'path', 'method']¶

external_id¶

id¶

method¶

path¶

service¶

user_id¶

class keystone.application_credential.backends.sql.ApplicationCredential[source]¶

Bases: keystone.application_credential.backends.base.ApplicationCredentialDriverBase

authenticate(application_credential_id, secret)[source]¶

Validate an application credential.

Parameters

• application_credential_id (str) – Application Credential ID

• secret (str) – Secret

Raises

AssertionError – If id or secret is invalid.

create_application_credential(application_credential, roles, access_rules=None)[source]¶

Create a new application credential.

Parameters

• application_credential (dict) – Application Credential data

• roles (list) – A list of roles that apply to the application_credential.

Returns

a new application credential

delete_access_rule(access_rule_id)[source]¶

Delete one access rule.

Parameters

access_rule_id (str) – Access Rule ID

delete_access_rules_for_user(user_id)[source]¶

Delete all access rules for user.

This is called when the user itself is deleted.

Parameters

user_id (str) – User ID

delete_application_credential(application_credential_id)[source]¶

Delete a single application credential.

Parameters

application_credential_id (str) – ID of the application credential to delete.

delete_application_credentials_for_user(user_id)[source]¶

Delete all application credentials for a user.

Parameters

user_id – ID of a user to whose application credentials should be deleted.

delete_application_credentials_for_user_on_project(user_id, project_id)[source]¶

Delete all application credentials for a user on a given project.

Parameters

• user_id (str) – ID of a user to whose application credentials should be deleted.

• project_id (str) – ID of a project on which to filter application credentials.

get_access_rule(access_rule_id)[source]¶

Get an access rule by its ID.

Parameters

access_rule_id (str) – Access Rule ID

get_application_credential(application_credential_id)[source]¶

Get an application credential by the credential id.

Parameters

application_credential_id (str) – Application Credential ID

list_access_rules_for_user(user_id, hints)[source]¶

List the access rules that a user has created.

Access rules are only created as attributes of application credentials, they cannot be created independently.

Parameters

user_id (str) – User ID

list_application_credentials_for_user(user_id, hints)[source]¶

List application credentials for a user.

Parameters

• user_id (str) – User ID

• hints – contains the list of filters yet to be satisfied. Any filters satisfied here will be removed so that the caller will know if any filters remain.

class keystone.application_credential.backends.sql.ApplicationCredentialAccessRuleModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

access_rule_id¶

application_credential_id¶

attributes = ['application_credential_id', 'access_rule_id']¶

class keystone.application_credential.backends.sql.ApplicationCredentialModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

access_rules¶

attributes = ['internal_id', 'id', 'name', 'secret_hash', 'description', 'user_id', 'project_id', 'system', 'expires_at', 'unrestricted']¶

description¶

expires_at¶

id¶

internal_id¶

name¶

project_id¶

roles¶

secret_hash¶

system¶

unrestricted¶

user_id¶

class keystone.application_credential.backends.sql.ApplicationCredentialRoleModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

application_credential_id¶

attributes = ['application_credential_id', 'role_id']¶

role_id¶