Main entry point into the Identity service.
Bases: keystone.common.wsgi.ComposableRouter
Bases: object
Interface description for an Identity driver.
Add a role to a user within given tenant.
Authenticate a given user, tenant and password.
Returns: (user, tenant, metadata).
Get a role by id.
Returns: role_ref or None.
Get the roles associated with a user within given tenant.
Returns: a list of role ids.
Get a tenant by id.
Returns: tenant_ref or None.
Get a tenant by name.
Returns: tenant_ref or None.
Get the tenants associated with a given user.
Returns: a list of tenant ids.
Get a user by id.
Returns: user_ref or None.
Get a user by name.
Returns: user_ref or None.
List all roles in the system.
Returns: a list of role_refs or an empty list.
List all users in the system.
Returns: a list of user_refs or an empty list.
Remove a role from a user within given tenant.
Bases: keystone.common.manager.Manager
Default pivot point for the Identity backend.
See keystone.common.manager.Manager for more details on how this dynamically calls the backend.
Bases: keystone.common.wsgi.ComposableRouter
Bases: keystone.common.wsgi.Application
Add a role to a user and tenant pair.
Since we’re trying to ignore the idea of user-only roles we’re not implementing them in hopes that the idea will die off.
This is actually used for adding a user to a tenant.
In the legacy data model adding a user to a tenant required setting a role.
This is actually used for deleting a user from a tenant.
In the legacy data model removing a user from a tenant required deleting a role.
To emulate this, we encode the tenant and role in the role_ref_id, and if this happens to be the last role for the user-tenant pair, we remove the user from the tenant.
Ultimate hack to get around having to make role_refs first-class.
This will basically iterate over the various roles the user has in all tenants the user is a member of and create fake role_refs where the id encodes the user-tenant-role information so we can look up the appropriate data when we need to delete them.
Get the roles for a user and tenant pair.
Since we’re trying to ignore the idea of user-only roles we’re not implementing them in hopes that the idea will die off.
Remove a role from a user and tenant pair.
Since we’re trying to ignore the idea of user-only roles we’re not implementing them in hopes that the idea will die off.
Bases: keystone.common.wsgi.Application
Gets a list of all tenants for an admin user.
Get valid tenants for token based on token used to authenticate.
Pulls the token from the context, validates it and gets the valid tenants for the user in the token.
Doesn’t care about token scopedness.
Bases: keystone.common.wsgi.Application
Update the default tenant.
Model descriptions.
Unless marked otherwise, all fields are strings.
Bases: keystone.identity.models.Model
Role object.
Bases: keystone.identity.models.Model
Tenant object.
Bases: keystone.identity.models.Model
User object.