heat.engine.clients.os.keystone.heat_keystoneclient module

Keystone Client functionality for use by resources.

class heat.engine.clients.os.keystone.heat_keystoneclient.AccessKey(id, access, secret)

Bases: tuple


Alias for field number 1


Alias for field number 0


Alias for field number 2

class heat.engine.clients.os.keystone.heat_keystoneclient.KeystoneClient(context, region_name=None)[source]

Bases: object

Keystone Auth Client.

Delay choosing the backend client module until the client’s class needs to be initialized.

class heat.engine.clients.os.keystone.heat_keystoneclient.KsClientWrapper(context, region_name)[source]

Bases: object

Wrap keystone client so we can encapsulate logic used in resources.

Note this is intended to be initialized from a resource on a per-session basis, so the session context is passed in on initialization Also note that an instance of this is created in each request context as part of a lazy-loaded cloud backend and it can be easily referenced in each resource as self.keystone(), so there should not be any need to directly instantiate instances of this class inside resources themselves.

property auth_region_name
property client
property context

Create a project in the heat stack-user domain.

create_stack_domain_user(username, project_id, password=None)[source]

Create a domain user defined as part of a stack.

The user is defined either via template or created internally by a resource. This user will be added to the heat_stack_user_role as defined in the config, and created in the specified project (which is expected to be in the stack_domain).

Returns the keystone ID of the resulting user.

create_stack_domain_user_keypair(user_id, project_id)[source]
create_stack_user(username, password='')[source]

Create a user defined as part of a stack.

The user is defined either via template or created internally by a resource. This user will be added to the heat_stack_user_role as defined in the config.

Returns the keystone ID of the resulting user.


Create a trust using the trustor identity in the current context.

The trust is created with the trustee as the heat service user.

If the current context already contains a trust_id, we do nothing and return the current context.

Returns a context containing the new trust_id.

delete_ec2_keypair(credential_id=None, access=None, user_id=None)[source]

Delete credential containing ec2 keypair.

delete_stack_domain_user(user_id, project_id)[source]
delete_stack_domain_user_keypair(user_id, project_id, credential_id)[source]

Delete the specified trust.

disable_stack_domain_user(user_id, project_id)[source]
property domain_admin_auth
property domain_admin_client
enable_stack_domain_user(user_id, project_id)[source]
get_ec2_keypair(credential_id=None, access=None, user_id=None)[source]

Get an ec2 keypair via v3/credentials, by id or access.

property stack_domain

Domain scope data.

This is only used for checking for scoping data, not using the value.

property stack_domain_id
stack_domain_user_token(user_id, project_id, password)[source]

Get a token for a stack domain user.