keystone.identity.backends.base module¶
- class keystone.identity.backends.base.IdentityDriverBase[source]¶
- Bases: - object- Interface description for an Identity driver. - The schema for users and groups is different depending on whether the driver is domain aware or not (as returned by self.is_domain_aware()). - If the driver is not domain aware: - domain_id will be not be included in the user / group passed in to create_user / create_group 
- the domain_id should not be returned in user / group refs. They’ll be overwritten. 
 - The password_expires_at in the user schema is a read-only attribute, meaning that it is expected in the response, but not in the request. - User schema (if driver is domain aware): - type: object properties: id: type: string name: type: string domain_id: type: string password: type: string password_expires_at: type: datetime enabled: type: boolean default_project_id: type: string required: [id, name, domain_id, enabled] additionalProperties: True - User schema (if driver is not domain aware): - type: object properties: id: type: string name: type: string password: type: string password_expires_at: type: datetime enabled: type: boolean default_project_id: type: string required: [id, name, enabled] additionalProperties: True # Note that domain_id is not allowed as a property - Group schema (if driver is domain aware): - type: object properties: id: type: string name: type: string domain_id: type: string description: type: string required: [id, name, domain_id] additionalProperties: True - Group schema (if driver is not domain aware): - type: object properties: id: type: string name: type: string description: type: string required: [id, name] additionalProperties: True # Note that domain_id is not allowed as a property - abstract add_user_to_group(user_id, group_id)[source]¶
- Add a user to a group. - Parameters:
- user_id (str) – User ID. 
- group_id (str) – Group ID. 
 
- Raises:
- keystone.exception.UserNotFound – If the user doesn’t exist. 
- keystone.exception.GroupNotFound – If the group doesn’t exist. 
 
 
 - abstract authenticate(user_id, password)[source]¶
- Authenticate a given user and password. - Parameters:
- user_id (str) – User ID 
- password (str) – Password 
 
- Returns:
- user. See user schema in - IdentityDriverBase.
- Return type:
- dict 
- Raises:
- AssertionError – If user or password is invalid. 
 
 - abstract change_password(user_id, new_password)[source]¶
- Self-service password change. - Parameters:
- user_id (str) – User ID. 
- new_password (str) – New password. 
 
- Raises:
- keystone.exception.UserNotFound – If the user doesn’t exist. 
- keystone.exception.PasswordValidation – If password fails validation 
 
 
 - abstract check_user_in_group(user_id, group_id)[source]¶
- Check if a user is a member of a group. - Parameters:
- user_id (str) – User ID. 
- group_id (str) – Group ID. 
 
- Raises:
- keystone.exception.NotFound – If the user is not a member of the group. 
- keystone.exception.UserNotFound – If the user doesn’t exist. 
- keystone.exception.GroupNotFound – If the group doesn’t exist. 
 
 
 - abstract create_group(group_id, group)[source]¶
- Create a new group. - Parameters:
- group_id (str) – group ID. The driver can ignore this value. 
- group (dict) – group info. See group schema in - IdentityDriverBase.
 
- Returns:
- group, matching the group schema. 
- Return type:
- dict 
- Raises:
- keystone.exception.Conflict – If a duplicate group exists. 
 
 - abstract create_user(user_id, user)[source]¶
- Create a new user. - Parameters:
- user_id (str) – user ID. The driver can ignore this value. 
- user (dict) – user info. See user schema in - IdentityDriverBase.
 
- Returns:
- user, matching the user schema. The driver should not return the password. 
- Return type:
- dict 
- Raises:
- keystone.exception.Conflict – If a duplicate user exists. 
 
 - abstract delete_group(group_id)[source]¶
- Delete an existing group. - Parameters:
- group_id (str) – Group ID. 
- Raises:
- keystone.exception.GroupNotFound – If the group doesn’t exist. 
 
 - abstract delete_user(user_id)[source]¶
- Delete an existing user. - Raises:
- keystone.exception.UserNotFound – If the user doesn’t exist. 
 
 - abstract get_group(group_id)[source]¶
- Get a group by ID. - Parameters:
- group_id (str) – group ID. 
- Returns:
- group info. See group schema in - IdentityDriverBase
- Return type:
- dict 
- Raises:
- keystone.exception.GroupNotFound – If the group doesn’t exist. 
 
 - abstract get_group_by_name(group_name, domain_id)[source]¶
- Get a group by name. - Parameters:
- group_name (str) – group name. 
- domain_id (str) – domain ID. 
 
- Returns:
- group info. See group schema in - IdentityDriverBase.
- Return type:
- dict 
- Raises:
- keystone.exception.GroupNotFound – If the group doesn’t exist. 
 
 - abstract get_user(user_id)[source]¶
- Get a user by ID. - Parameters:
- user_id (str) – User ID. 
- Returns:
- user. See user schema in - IdentityDriverBase.
- Return type:
- dict 
- Raises:
- keystone.exception.UserNotFound – If the user doesn’t exist. 
 
 - abstract get_user_by_name(user_name, domain_id)[source]¶
- Get a user by name. - Returns:
- user_ref 
- Raises:
- keystone.exception.UserNotFound – If the user doesn’t exist. 
 
 - property is_sql¶
- Indicate if this Driver uses SQL. 
 - abstract list_groups(hints)[source]¶
- List groups in the system. - Parameters:
- hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible. 
- Returns:
- a list of group_refs or an empty list. See group schema in - IdentityDriverBase.
 
 - abstract list_groups_for_user(user_id, hints)[source]¶
- List groups a user is in. - Parameters:
- user_id (str) – the user in question 
- hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible. 
 
- Returns:
- a list of group_refs or an empty list. See group schema in - IdentityDriverBase.
- Raises:
- keystone.exception.UserNotFound – If the user doesn’t exist. 
 
 - abstract list_users(hints)[source]¶
- List users in the system. - Parameters:
- hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible. 
- Returns:
- a list of users or an empty list. See user schema in - IdentityDriverBase.
- Return type:
- list of dict 
 
 - abstract list_users_in_group(group_id, hints)[source]¶
- List users in a group. - Parameters:
- group_id (str) – the group in question 
- hints (keystone.common.driver_hints.Hints) – filter hints which the driver should implement if at all possible. 
 
- Returns:
- a list of users or an empty list. See user schema in - IdentityDriverBase.
- Return type:
- list of dict 
- Raises:
- keystone.exception.GroupNotFound – If the group doesn’t exist. 
 
 - property multiple_domains_supported¶
 - abstract remove_user_from_group(user_id, group_id)[source]¶
- Remove a user from a group. - Parameters:
- user_id (str) – User ID. 
- group_id (str) – Group ID. 
 
- Raises:
- keystone.exception.NotFound – If the user is not in the group. 
 
 - abstract reset_last_active()[source]¶
- Resets null last_active_at values. - This method looks for all users in the database that have a null value for last_updated_at and resets that value to the current time. 
 - abstract unset_default_project_id(project_id)[source]¶
- Unset a user’s default project given a specific project ID. - Parameters:
- project_id (str) – project ID 
 
 - abstract update_group(group_id, group)[source]¶
- Update an existing group. - Parameters:
- group_id (str) – Group ID. 
- group (dict) – Group modification. See group schema in - IdentityDriverBase. Required properties cannot be removed.
 
- Returns:
- group, matching the group schema. 
- Return type:
- dict 
- Raises:
- keystone.exception.GroupNotFound – If the group doesn’t exist. 
- keystone.exception.Conflict – If a duplicate group exists. 
 
 
 - abstract update_user(user_id, user)[source]¶
- Update an existing user. - Parameters:
- user_id (str) – User ID. 
- user (dict) – User modification. See user schema in - IdentityDriverBase. Properties set to None will be removed. Required properties cannot be removed.
 
- Returns:
- user. See user schema in - IdentityDriverBase.
- Raises:
- keystone.exception.UserNotFound – If the user doesn’t exist. 
- keystone.exception.Conflict – If a duplicate user exists in the same domain. 
 
 
 
