keystone.identity.backends.sql_model module

class keystone.identity.backends.sql_model.ExpiringUserGroupMembership(*args, **kwargs)[source]

Bases: Base, ModelDictMixin

Expiring group membership through federation mapping rules.

expired
expires
group_id
idp_id
last_verified
user_id
class keystone.identity.backends.sql_model.FederatedUser(*args, **kwargs)[source]

Bases: Base, ModelDictMixin

attributes = ['id', 'user_id', 'idp_id', 'protocol_id', 'unique_id', 'display_name']
display_name
id
idp_id
protocol_id
unique_id
user_id
class keystone.identity.backends.sql_model.Group(*args, **kwargs)[source]

Bases: Base, ModelDictMixinWithExtras

attributes: list[str] = ['id', 'name', 'domain_id', 'description']
description
domain_id
expiring_user_group_memberships
extra
id
name
class keystone.identity.backends.sql_model.LocalUser(*args, **kwargs)[source]

Bases: Base, ModelDictMixin

attributes = ['id', 'user_id', 'domain_id', 'name']
domain_id
failed_auth_at
failed_auth_count
id
name
passwords
user_id
class keystone.identity.backends.sql_model.NonLocalUser(*args, **kwargs)[source]

Bases: Base, ModelDictMixin

SQL data model for nonlocal users (LDAP and custom).

attributes = ['domain_id', 'name', 'user_id']
domain_id
name
user_id
class keystone.identity.backends.sql_model.Password(*args, **kwargs)[source]

Bases: Base, ModelDictMixin

attributes = ['id', 'local_user_id', 'password_hash', 'created_at', 'expires_at']
created_at
created_at_int
expires_at
expires_at_int
id
local_user_id
password_hash
self_service
class keystone.identity.backends.sql_model.User(*args, **kwargs)[source]

Bases: Base, ModelDictMixinWithExtras

attributes: list[str] = ['id', 'name', 'domain_id', 'password', 'enabled', 'default_project_id', 'password_expires_at']
created_at
default_project_id
domain_id
enabled

Return whether user is enabled or not.

expiring_user_group_memberships
extra
federated_users
classmethod from_dict(user_dict)[source]

Override from_dict to remove password_expires_at attribute.

Overriding this method to remove password_expires_at attribute to support update_user and unit tests where password_expires_at inadvertently gets added by calling to_dict followed by from_dict.

Parameters:

user_dict – User entity dictionary

Returns User:

User object

get_resource_option(option_id)[source]
id
last_active_at
local_user
name

Return the current user name.

nonlocal_user
password

Return the current password.

property password_created_at

Return when password was created at.

property password_expires_at

Return when password expires at.

property password_is_expired

Return whether password is expired or not.

property password_ref

Return the current password ref.

readonly_attributes = ['id', 'password_expires_at', 'password']
resource_options_registry = <keystone.common.resource_options.core.ResourceOptionRegistry object>
to_dict(include_extra_dict=False)[source]

Return the model’s attributes as a dictionary.

If include_extra_dict is True, ‘extra’ attributes are literally included in the resulting dictionary twice, for backwards-compatibility with a broken implementation.

class keystone.identity.backends.sql_model.UserGroupMembership(*args, **kwargs)[source]

Bases: Base, ModelDictMixin

Group membership join table.

group_id
user_id
class keystone.identity.backends.sql_model.UserOption(option_id, option_value)[source]

Bases: Base

option_id
option_value
user_id