keystone.application_credential.backends.sql module¶

class keystone.application_credential.backends.sql.AccessRuleModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

application_credential¶

attributes = ['service', 'path', 'method']¶

id¶

method¶

path¶

service¶

class keystone.application_credential.backends.sql.ApplicationCredential[source]¶

Bases: keystone.application_credential.backends.base.ApplicationCredentialDriverBase

authenticate(application_credential_id, secret)[source]¶

Validate an application credential.

Parameters:	application_credential_id (str) – Application Credential ID secret (str) – Secret
Raises:	AssertionError – If id or secret is invalid.

create_application_credential(application_credential, roles, access_rules=None)[source]¶

Create a new application credential.

Parameters:	application_credential (dict) – Application Credential data roles (list) – A list of roles that apply to the application_credential.
Returns:	a new application credential

delete_application_credential(application_credential_id)[source]¶

Delete a single application credential.

Parameters:	application_credential_id (str) – ID of the application credential to delete.

delete_application_credentials_for_user(user_id)[source]¶

Delete all application credentials for a user.

Parameters:	user_id – ID of a user to whose application credentials should be deleted.

delete_application_credentials_for_user_on_project(user_id, project_id)[source]¶

Delete all application credentials for a user on a given project.

Parameters:	user_id (str) – ID of a user to whose application credentials should be deleted. project_id (str) – ID of a project on which to filter application credentials.

get_application_credential(application_credential_id)[source]¶

Get an application credential by the credential id.

Parameters:	application_credential_id (str) – Application Credential ID

list_application_credentials_for_user(user_id, hints)[source]¶

List application credentials for a user.

Parameters:	user_id (str) – User ID hints – contains the list of filters yet to be satisfied. Any filters satisfied here will be removed so that the caller will know if any filters remain.

class keystone.application_credential.backends.sql.ApplicationCredentialAccessRuleModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

access_rule_id¶

application_credential_id¶

attributes = ['application_credential_id', 'access_rule_id']¶

class keystone.application_credential.backends.sql.ApplicationCredentialModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

access_rules¶

attributes = ['internal_id', 'id', 'name', 'secret_hash', 'description', 'user_id', 'project_id', 'system', 'expires_at', 'unrestricted']¶

description¶

expires_at¶

id¶

internal_id¶

name¶

project_id¶

roles¶

secret_hash¶

system¶

unrestricted¶

user_id¶

class keystone.application_credential.backends.sql.ApplicationCredentialRoleModel(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

application_credential_id¶

attributes = ['application_credential_id', 'role_id']¶

role_id¶