keystone.assignment.backends package

Submodules

keystone.assignment.backends.base module

class keystone.assignment.backends.base.AssignmentDriverBase[source]

Bases: object

add_role_to_user_and_project(user_id, tenant_id, role_id)[source]

Add a role to a user within given tenant.

Raises:keystone.exception.Conflict – If a duplicate role assignment exists.
check_grant_role_id(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]

Check an assignment/grant role id.

Raises:keystone.exception.RoleAssignmentNotFound – If the role assignment doesn’t exist.
Returns:None or raises an exception if grant not found
create_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]

Create a new assignment/grant.

If the assignment is to a domain, then optionally it may be specified as inherited to owned projects (this requires the OS-INHERIT extension to be enabled).

delete_domain_assignments(domain_id)[source]

Delete all assignments for a domain.

delete_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]

Delete assignments/grants.

Raises:keystone.exception.RoleAssignmentNotFound – If the role assignment doesn’t exist.
delete_group_assignments(group_id)[source]

Delete all assignments for a group.

Raises:keystone.exception.RoleNotFound – If the role doesn’t exist.
delete_project_assignments(project_id)[source]

Delete all assignments for a project.

Raises:keystone.exception.ProjectNotFound – If the project doesn’t exist.
delete_role_assignments(role_id)[source]

Delete all assignments for a role.

delete_user_assignments(user_id)[source]

Delete all assignments for a user.

Raises:keystone.exception.RoleNotFound – If the role doesn’t exist.
list_grant_role_ids(user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]

List role ids for assignments/grants.

list_role_assignments(role_id=None, user_id=None, group_ids=None, domain_id=None, project_ids=None, inherited_to_projects=None)[source]

Return a list of role assignments for actors on targets.

Available parameters represent values in which the returned role assignments attributes need to be filtered on.

remove_role_from_user_and_project(user_id, tenant_id, role_id)[source]

Remove a role from a user within given tenant.

Raises:keystone.exception.RoleNotFound – If the role doesn’t exist.

keystone.assignment.backends.sql module

class keystone.assignment.backends.sql.Assignment[source]

Bases: keystone.assignment.backends.base.AssignmentDriverBase

add_role_to_user_and_project(user_id, tenant_id, role_id)[source]
check_grant_role_id(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
create_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
default_role_driver()[source]
delete_domain_assignments(domain_id)[source]
delete_grant(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
delete_group_assignments(group_id)[source]
delete_project_assignments(project_id)[source]
delete_role_assignments(role_id)[source]
delete_user_assignments(user_id)[source]
list_grant_role_ids(user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]
list_role_assignments(role_id=None, user_id=None, group_ids=None, domain_id=None, project_ids=None, inherited_to_projects=None)[source]
remove_role_from_user_and_project(user_id, tenant_id, role_id)[source]
class keystone.assignment.backends.sql.AssignmentType[source]

Bases: object

GROUP_DOMAIN = 'GroupDomain'
GROUP_PROJECT = 'GroupProject'
USER_DOMAIN = 'UserDomain'
USER_PROJECT = 'UserProject'
classmethod calculate_type(user_id, group_id, project_id, domain_id)[source]
class keystone.assignment.backends.sql.RoleAssignment(*args, **kwargs)[source]

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

actor_id
attributes = ['type', 'actor_id', 'target_id', 'role_id', 'inherited']
inherited
role_id
target_id
to_dict()[source]

Override parent method with a simpler implementation.

RoleAssignment doesn’t have non-indexed ‘extra’ attributes, so the parent implementation is not applicable.

type

Module contents