keystone.assignment.role_backends package
Submodules
keystone.assignment.role_backends.base module
-
class keystone.assignment.role_backends.base.RoleDriverBase[source]
Bases: object
-
create_role(role_id, role)[source]
Create a new role.
-
delete_role(role_id)[source]
Delete an existing role.
-
get_role(role_id)[source]
Get a role by ID.
-
list_roles(hints)[source]
List roles in the system.
| Parameters: | hints – filter hints which the driver should
implement if at all possible. |
|---|
| Returns: | a list of role_refs or an empty list. |
|---|
-
list_roles_from_ids(role_ids)[source]
List roles for the provided list of ids.
| Parameters: | role_ids – list of ids |
|---|
| Returns: | a list of role_refs. |
|---|
This method is used internally by the assignment manager to bulk read
a set of roles given their ids.
-
update_role(role_id, role)[source]
Update an existing role.
-
class keystone.assignment.role_backends.base.RoleDriverV8[source]
Bases: keystone.assignment.role_backends.base.RoleDriverBase
Removed or redefined methods from V8.
Move the abstract methods of any methods removed or modified in later
versions of the driver from RoleDriverBase to here. We maintain this
so that legacy drivers, which will be a subclass of RoleDriverV8, can
still reference them.
-
class keystone.assignment.role_backends.base.RoleDriverV9[source]
Bases: keystone.assignment.role_backends.base.RoleDriverBase
New or redefined methods from V8.
Add any new V9 abstract methods (or those with modified signatures) to
this class.
-
create_implied_role(prior_role_id, implied_role_id)[source]
Create a role inference rule.
| Raises: | keystone.exception.RoleNotFound: If the role doesn’t exist. |
|---|
-
delete_implied_role(prior_role_id, implied_role_id)[source]
Delete a role inference rule.
-
get_implied_role(prior_role_id, implied_role_id)[source]
Get a role inference rule.
-
list_implied_roles(prior_role_id)[source]
List roles implied from the prior role ID.
-
list_role_inference_rules()[source]
List all the rules used to imply one role from another.
-
class keystone.assignment.role_backends.base.V9RoleWrapperForV8Driver(*args, **kwargs)[source]
Bases: keystone.assignment.role_backends.base.RoleDriverV9
Wrapper class to supported a V8 legacy driver.
In order to support legacy drivers without having to make the manager code
driver-version aware, we wrap legacy drivers so that they look like the
latest version. For the various changes made in a new driver, here are the
actions needed in this wrapper:
- Method removed from new driver - remove the call-through method from this
- class, since the manager will no longer be
calling it.
- Method signature (or meaning) changed - wrap the old method in a new
- signature here, and munge the input
and output parameters accordingly.
- New method added to new driver - add a method to implement the new
- functionality here if possible. If that is
not possible, then return NotImplemented,
since we do not guarantee to support new
functionality with legacy drivers.
This V8 wrapper contains the following support for newer manager code:
- The current manager code expects a role entity to have a domain_id
attribute, with a non-None value indicating a domain specific role. V8
drivers will only understand global roles, hence if a non-None domain_id
is passed to this wrapper, it will raise a NotImplemented exception.
If a None-valued domain_id is passed in, it will be trimmed off before
the underlying driver is called (and a None-valued domain_id attribute
is added in for any entities returned to the manager.
-
create_implied_role(prior_role_id, implied_role_id)[source]
-
create_role(role_id, role)[source]
-
delete_implied_role(prior_role_id, implied_role_id)[source]
-
delete_role(role_id)[source]
-
get_implied_role(prior_role_id, implied_role_id)[source]
-
get_role(role_id)[source]
-
list_implied_roles(prior_role_id)[source]
-
list_role_inference_rules()[source]
-
list_roles(hints)[source]
-
list_roles_from_ids(role_ids)[source]
-
update_role(role_id, role)[source]
keystone.assignment.role_backends.sql module
Module contents