keystone package¶
Subpackages¶
- keystone.assignment package
- keystone.auth package
- Subpackages
- keystone.auth.plugins package
- Submodules
- keystone.auth.plugins.base module
- keystone.auth.plugins.core module
- keystone.auth.plugins.external module
- keystone.auth.plugins.mapped module
- keystone.auth.plugins.oauth1 module
- keystone.auth.plugins.password module
- keystone.auth.plugins.token module
- keystone.auth.plugins.totp module
- Module contents
- keystone.auth.plugins package
- Submodules
- keystone.auth.controllers module
- keystone.auth.core module
- keystone.auth.routers module
- keystone.auth.schema module
- Module contents
- Subpackages
- keystone.catalog package
- keystone.cmd package
- Subpackages
- keystone.cmd.doctor package
- Submodules
- keystone.cmd.doctor.caching module
- keystone.cmd.doctor.credential module
- keystone.cmd.doctor.database module
- keystone.cmd.doctor.debug module
- keystone.cmd.doctor.federation module
- keystone.cmd.doctor.ldap module
- keystone.cmd.doctor.security_compliance module
- keystone.cmd.doctor.tokens module
- keystone.cmd.doctor.tokens_fernet module
- Module contents
- keystone.cmd.doctor package
- Submodules
- keystone.cmd.cli module
- keystone.cmd.manage module
- Module contents
- Subpackages
- keystone.common package
- Subpackages
- keystone.common.cache package
- keystone.common.kvs package
- keystone.common.ldap package
- keystone.common.sql package
- Subpackages
- keystone.common.sql.contract_repo package
- Subpackages
- keystone.common.sql.contract_repo.versions package
- Submodules
- keystone.common.sql.contract_repo.versions.001_contract_initial_null_migration module
- keystone.common.sql.contract_repo.versions.002_password_created_at_not_nullable module
- keystone.common.sql.contract_repo.versions.003_remove_unencrypted_blob_column_from_credential module
- keystone.common.sql.contract_repo.versions.004_reset_password_created_at module
- keystone.common.sql.contract_repo.versions.005_placeholder module
- keystone.common.sql.contract_repo.versions.006_placeholder module
- keystone.common.sql.contract_repo.versions.007_placeholder module
- keystone.common.sql.contract_repo.versions.008_placeholder module
- keystone.common.sql.contract_repo.versions.009_placeholder module
- keystone.common.sql.contract_repo.versions.010_contract_add_revocation_event_index module
- keystone.common.sql.contract_repo.versions.011_contract_user_id_unique_for_nonlocal_user module
- keystone.common.sql.contract_repo.versions.012_contract_add_domain_id_to_idp module
- keystone.common.sql.contract_repo.versions.013_protocol_cascade_delete_for_federated_user module
- keystone.common.sql.contract_repo.versions.014_contract_add_domain_id_to_user_table module
- keystone.common.sql.contract_repo.versions.015_contract_update_federated_user_domain module
- keystone.common.sql.contract_repo.versions.016_contract_add_user_options module
- Module contents
- keystone.common.sql.contract_repo.versions package
- Submodules
- keystone.common.sql.contract_repo.manage module
- Module contents
- Subpackages
- keystone.common.sql.data_migration_repo package
- Subpackages
- keystone.common.sql.data_migration_repo.versions package
- Submodules
- keystone.common.sql.data_migration_repo.versions.001_data_initial_null_migration module
- keystone.common.sql.data_migration_repo.versions.002_password_created_at_not_nullable module
- keystone.common.sql.data_migration_repo.versions.003_migrate_unencrypted_credentials module
- keystone.common.sql.data_migration_repo.versions.004_reset_password_created_at module
- keystone.common.sql.data_migration_repo.versions.005_placeholder module
- keystone.common.sql.data_migration_repo.versions.006_placeholder module
- keystone.common.sql.data_migration_repo.versions.007_placeholder module
- keystone.common.sql.data_migration_repo.versions.008_placeholder module
- keystone.common.sql.data_migration_repo.versions.009_placeholder module
- keystone.common.sql.data_migration_repo.versions.010_migrate_add_revocation_event_index module
- keystone.common.sql.data_migration_repo.versions.011_expand_user_id_unique_for_nonlocal_user module
- keystone.common.sql.data_migration_repo.versions.012_migrate_add_domain_id_to_idp module
- keystone.common.sql.data_migration_repo.versions.013_protocol_cascade_delete_for_federated_user module
- keystone.common.sql.data_migration_repo.versions.014_migrate_add_domain_id_to_user_table module
- keystone.common.sql.data_migration_repo.versions.015_migrate_update_federated_user_domain module
- keystone.common.sql.data_migration_repo.versions.016_migrate_add_user_options module
- Module contents
- keystone.common.sql.data_migration_repo.versions package
- Submodules
- keystone.common.sql.data_migration_repo.manage module
- Module contents
- Subpackages
- keystone.common.sql.expand_repo package
- Subpackages
- keystone.common.sql.expand_repo.versions package
- Submodules
- keystone.common.sql.expand_repo.versions.001_expand_initial_null_migration module
- keystone.common.sql.expand_repo.versions.002_password_created_at_not_nullable module
- keystone.common.sql.expand_repo.versions.003_add_key_hash_and_encrypted_blob_to_credential module
- keystone.common.sql.expand_repo.versions.004_reset_password_created_at module
- keystone.common.sql.expand_repo.versions.005_placeholder module
- keystone.common.sql.expand_repo.versions.006_placeholder module
- keystone.common.sql.expand_repo.versions.007_placeholder module
- keystone.common.sql.expand_repo.versions.008_placeholder module
- keystone.common.sql.expand_repo.versions.009_placeholder module
- keystone.common.sql.expand_repo.versions.010_expand_add_revocation_event_index module
- keystone.common.sql.expand_repo.versions.011_expand_user_id_unique_for_nonlocal_user module
- keystone.common.sql.expand_repo.versions.012_expand_add_domain_id_to_idp module
- keystone.common.sql.expand_repo.versions.013_protocol_cascade_delete_for_federated_user module
- keystone.common.sql.expand_repo.versions.014_expand_add_domain_id_to_user_table module
- keystone.common.sql.expand_repo.versions.015_expand_update_federated_user_domain module
- keystone.common.sql.expand_repo.versions.016_expand_add_user_options module
- Module contents
- keystone.common.sql.expand_repo.versions package
- Submodules
- keystone.common.sql.expand_repo.manage module
- Module contents
- Subpackages
- keystone.common.sql.migrate_repo package
- Subpackages
- keystone.common.sql.migrate_repo.versions package
- Submodules
- keystone.common.sql.migrate_repo.versions.067_kilo module
- keystone.common.sql.migrate_repo.versions.068_placeholder module
- keystone.common.sql.migrate_repo.versions.069_placeholder module
- keystone.common.sql.migrate_repo.versions.070_placeholder module
- keystone.common.sql.migrate_repo.versions.071_placeholder module
- keystone.common.sql.migrate_repo.versions.072_placeholder module
- keystone.common.sql.migrate_repo.versions.073_insert_assignment_inherited_pk module
- keystone.common.sql.migrate_repo.versions.074_add_is_domain_project module
- keystone.common.sql.migrate_repo.versions.075_confirm_config_registration module
- keystone.common.sql.migrate_repo.versions.076_placeholder module
- keystone.common.sql.migrate_repo.versions.077_placeholder module
- keystone.common.sql.migrate_repo.versions.078_placeholder module
- keystone.common.sql.migrate_repo.versions.079_placeholder module
- keystone.common.sql.migrate_repo.versions.080_placeholder module
- keystone.common.sql.migrate_repo.versions.081_add_endpoint_policy_table module
- keystone.common.sql.migrate_repo.versions.082_add_federation_tables module
- keystone.common.sql.migrate_repo.versions.083_add_oauth1_tables module
- keystone.common.sql.migrate_repo.versions.084_add_revoke_tables module
- keystone.common.sql.migrate_repo.versions.085_add_endpoint_filtering_table module
- keystone.common.sql.migrate_repo.versions.086_add_duplicate_constraint_trusts module
- keystone.common.sql.migrate_repo.versions.087_implied_roles module
- keystone.common.sql.migrate_repo.versions.088_domain_specific_roles module
- keystone.common.sql.migrate_repo.versions.089_add_root_of_all_domains module
- keystone.common.sql.migrate_repo.versions.090_add_local_user_and_password_tables module
- keystone.common.sql.migrate_repo.versions.091_migrate_data_to_local_user_and_password_tables module
- keystone.common.sql.migrate_repo.versions.092_make_implied_roles_fks_cascaded module
- keystone.common.sql.migrate_repo.versions.093_migrate_domains_to_projects module
- keystone.common.sql.migrate_repo.versions.094_add_federated_user_table module
- keystone.common.sql.migrate_repo.versions.095_add_integer_pkey_to_revocation_event_table module
- keystone.common.sql.migrate_repo.versions.096_drop_role_name_constraint module
- keystone.common.sql.migrate_repo.versions.097_drop_user_name_domainid_constraint module
- keystone.common.sql.migrate_repo.versions.098_placeholder module
- keystone.common.sql.migrate_repo.versions.099_placeholder module
- keystone.common.sql.migrate_repo.versions.100_placeholder module
- keystone.common.sql.migrate_repo.versions.101_drop_role_name_constraint module
- keystone.common.sql.migrate_repo.versions.102_drop_domain_table module
- keystone.common.sql.migrate_repo.versions.103_add_nonlocal_user_table module
- keystone.common.sql.migrate_repo.versions.104_drop_user_name_domainid_constraint module
- keystone.common.sql.migrate_repo.versions.105_add_password_date_columns module
- keystone.common.sql.migrate_repo.versions.106_allow_password_column_to_be_nullable module
- keystone.common.sql.migrate_repo.versions.107_add_user_date_columns module
- keystone.common.sql.migrate_repo.versions.108_add_failed_auth_columns module
- keystone.common.sql.migrate_repo.versions.109_add_password_self_service_column module
- Module contents
- keystone.common.sql.migrate_repo.versions package
- Submodules
- keystone.common.sql.migrate_repo.manage module
- Module contents
- Subpackages
- keystone.common.sql.contract_repo package
- Submodules
- keystone.common.sql.core module
- keystone.common.sql.upgrades module
- Module contents
- Subpackages
- keystone.common.validation package
- Submodules
- keystone.common.authorization module
- keystone.common.clean module
- keystone.common.context module
- keystone.common.controller module
- keystone.common.dependency module
- keystone.common.driver_hints module
- keystone.common.extension module
- keystone.common.fernet_utils module
- keystone.common.json_home module
- keystone.common.manager module
- keystone.common.openssl module
- keystone.common.profiler module
- keystone.common.request module
- keystone.common.resource_options module
- keystone.common.router module
- keystone.common.tokenless_auth module
- keystone.common.utils module
- keystone.common.wsgi module
- Module contents
- Subpackages
- keystone.conf package
- Submodules
- keystone.conf.assignment module
- keystone.conf.auth module
- keystone.conf.catalog module
- keystone.conf.constants module
- keystone.conf.credential module
- keystone.conf.default module
- keystone.conf.domain_config module
- keystone.conf.endpoint_filter module
- keystone.conf.endpoint_policy module
- keystone.conf.eventlet_server module
- keystone.conf.federation module
- keystone.conf.fernet_tokens module
- keystone.conf.identity module
- keystone.conf.identity_mapping module
- keystone.conf.kvs module
- keystone.conf.ldap module
- keystone.conf.memcache module
- keystone.conf.oauth1 module
- keystone.conf.opts module
- keystone.conf.paste_deploy module
- keystone.conf.policy module
- keystone.conf.resource module
- keystone.conf.revoke module
- keystone.conf.role module
- keystone.conf.saml module
- keystone.conf.security_compliance module
- keystone.conf.shadow_users module
- keystone.conf.signing module
- keystone.conf.token module
- keystone.conf.tokenless_auth module
- keystone.conf.trust module
- keystone.conf.utils module
- Module contents
- keystone.contrib package
- keystone.credential package
- keystone.endpoint_policy package
- keystone.federation package
- keystone.identity package
- Subpackages
- keystone.identity.backends package
- keystone.identity.id_generators package
- keystone.identity.mapping_backends package
- keystone.identity.shadow_backends package
- Submodules
- keystone.identity.controllers module
- keystone.identity.core module
- keystone.identity.generator module
- keystone.identity.routers module
- keystone.identity.schema module
- Module contents
- Subpackages
- keystone.middleware package
- keystone.models package
- keystone.oauth1 package
- keystone.policy package
- keystone.resource package
- keystone.revoke package
- keystone.server package
- keystone.tests package
- Subpackages
- keystone.tests.common package
- keystone.tests.functional package
- keystone.tests.hacking package
- keystone.tests.unit package
- Subpackages
- keystone.tests.unit.assignment package
- keystone.tests.unit.auth package
- keystone.tests.unit.backend package
- keystone.tests.unit.catalog package
- keystone.tests.unit.common package
- Submodules
- keystone.tests.unit.common.test_authorization module
- keystone.tests.unit.common.test_cache module
- keystone.tests.unit.common.test_database_conflicts module
- keystone.tests.unit.common.test_injection module
- keystone.tests.unit.common.test_json_home module
- keystone.tests.unit.common.test_notifications module
- keystone.tests.unit.common.test_resource_options_common module
- keystone.tests.unit.common.test_sql_core module
- keystone.tests.unit.common.test_utils module
- Module contents
- keystone.tests.unit.contrib package
- keystone.tests.unit.credential package
- keystone.tests.unit.endpoint_policy package
- keystone.tests.unit.external package
- keystone.tests.unit.federation package
- keystone.tests.unit.identity package
- Subpackages
- Submodules
- keystone.tests.unit.identity.test_backend_sql module
- keystone.tests.unit.identity.test_backends module
- keystone.tests.unit.identity.test_controllers module
- keystone.tests.unit.identity.test_core module
- Module contents
- keystone.tests.unit.ksfixtures package
- Submodules
- keystone.tests.unit.ksfixtures.auth_plugins module
- keystone.tests.unit.ksfixtures.backendloader module
- keystone.tests.unit.ksfixtures.cache module
- keystone.tests.unit.ksfixtures.database module
- keystone.tests.unit.ksfixtures.hacking module
- keystone.tests.unit.ksfixtures.key_repository module
- keystone.tests.unit.ksfixtures.ldapdb module
- keystone.tests.unit.ksfixtures.policy module
- keystone.tests.unit.ksfixtures.temporaryfile module
- Module contents
- keystone.tests.unit.policy package
- keystone.tests.unit.resource package
- keystone.tests.unit.schema package
- keystone.tests.unit.tests package
- keystone.tests.unit.token package
- Submodules
- keystone.tests.unit.token.test_backends module
- keystone.tests.unit.token.test_common module
- keystone.tests.unit.token.test_fernet_provider module
- keystone.tests.unit.token.test_token_data_helper module
- keystone.tests.unit.token.test_token_model module
- keystone.tests.unit.token.test_uuid_provider module
- Module contents
- keystone.tests.unit.trust package
- Submodules
- keystone.tests.unit.core module
- keystone.tests.unit.default_fixtures module
- keystone.tests.unit.fakeldap module
- keystone.tests.unit.federation_fixtures module
- keystone.tests.unit.filtering module
- keystone.tests.unit.identity_mapping module
- keystone.tests.unit.mapping_fixtures module
- keystone.tests.unit.rest module
- keystone.tests.unit.test_associate_project_endpoint_extension module
- keystone.tests.unit.test_auth module
- keystone.tests.unit.test_auth_plugin module
- keystone.tests.unit.test_backend_endpoint_policy module
- keystone.tests.unit.test_backend_endpoint_policy_sql module
- keystone.tests.unit.test_backend_federation_sql module
- keystone.tests.unit.test_backend_id_mapping_sql module
- keystone.tests.unit.test_backend_kvs module
- keystone.tests.unit.test_backend_ldap module
- keystone.tests.unit.test_backend_ldap_pool module
- keystone.tests.unit.test_backend_rules module
- keystone.tests.unit.test_backend_sql module
- keystone.tests.unit.test_backend_templated module
- keystone.tests.unit.test_catalog module
- keystone.tests.unit.test_cert_setup module
- keystone.tests.unit.test_cli module
- keystone.tests.unit.test_config module
- keystone.tests.unit.test_contrib_ec2_core module
- keystone.tests.unit.test_contrib_s3_core module
- keystone.tests.unit.test_contrib_simple_cert module
- keystone.tests.unit.test_credential module
- keystone.tests.unit.test_driver_hints module
- keystone.tests.unit.test_entry_points module
- keystone.tests.unit.test_exception module
- keystone.tests.unit.test_hacking_checks module
- keystone.tests.unit.test_kvs module
- keystone.tests.unit.test_ldap_livetest module
- keystone.tests.unit.test_ldap_pool_livetest module
- keystone.tests.unit.test_ldap_tls_livetest module
- keystone.tests.unit.test_middleware module
- keystone.tests.unit.test_no_admin_token_auth module
- keystone.tests.unit.test_policy module
- keystone.tests.unit.test_revoke module
- keystone.tests.unit.test_shadow_users module
- keystone.tests.unit.test_sql_banned_operations module
- keystone.tests.unit.test_sql_upgrade module
- keystone.tests.unit.test_token_bind module
- keystone.tests.unit.test_token_provider module
- keystone.tests.unit.test_url_middleware module
- keystone.tests.unit.test_v2 module
- keystone.tests.unit.test_v2_controller module
- keystone.tests.unit.test_v2_validation module
- keystone.tests.unit.test_v3 module
- keystone.tests.unit.test_v3_assignment module
- keystone.tests.unit.test_v3_auth module
- keystone.tests.unit.test_v3_catalog module
- keystone.tests.unit.test_v3_credential module
- keystone.tests.unit.test_v3_domain_config module
- keystone.tests.unit.test_v3_endpoint_policy module
- keystone.tests.unit.test_v3_federation module
- keystone.tests.unit.test_v3_filters module
- keystone.tests.unit.test_v3_identity module
- keystone.tests.unit.test_v3_oauth1 module
- keystone.tests.unit.test_v3_os_revoke module
- keystone.tests.unit.test_v3_policy module
- keystone.tests.unit.test_v3_protection module
- keystone.tests.unit.test_v3_resource module
- keystone.tests.unit.test_v3_trust module
- keystone.tests.unit.test_validation module
- keystone.tests.unit.test_versions module
- keystone.tests.unit.test_wsgi module
- keystone.tests.unit.utils module
- Module contents
- Subpackages
- Module contents
- Subpackages
- keystone.token package
- Subpackages
- Submodules
- keystone.token.controllers module
- keystone.token.provider module
- keystone.token.routers module
- Module contents
- keystone.trust package
- keystone.v2_crud package
- keystone.version package
Submodules¶
keystone.exception module¶
-
exception
keystone.exception.
AccountLocked
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Unauthorized
-
message_format
= u'The account is locked for user: %(user_id)s.'¶
-
-
exception
keystone.exception.
AdditionalAuthRequired
(auth_response=None, **kwargs)[source]¶ Bases:
keystone.exception.AuthPluginException
-
message_format
= u'Additional authentications steps required.'¶
-
-
exception
keystone.exception.
AssignmentTypeCalculationError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'Unexpected combination of grant attributes - User: %(user_id)s, Group: %(group_id)s, Project: %(project_id)s, Domain: %(domain_id)s.'¶
-
-
exception
keystone.exception.
AuthMethodNotSupported
(*args, **kwargs)[source]¶ Bases:
keystone.exception.AuthPluginException
-
message_format
= u'Attempted to authenticate with an unsupported method.'¶
-
-
exception
keystone.exception.
AuthPluginException
(*args, **kwargs)[source]¶ Bases:
keystone.exception.Unauthorized
-
message_format
= u'Authentication plugin error.'¶
-
-
exception
keystone.exception.
CircularRegionHierarchyError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 400¶
-
message_format
= u'The specified parent region %(parent_region_id)s would create a circular region hierarchy.'¶
-
title
= 'Bad Request'¶
-
-
exception
keystone.exception.
ConfigFileNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'The Keystone configuration file %(config_file)s could not be found.'¶
-
-
exception
keystone.exception.
Conflict
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 409¶
-
message_format
= u'Conflict occurred attempting to store %(type)s - %(details)s.'¶
-
title
= 'Conflict'¶
-
-
exception
keystone.exception.
CredentialEncryptionError
[source]¶ Bases:
exceptions.Exception
-
message_format
= u'An unexpected error prevented the server from accessing encrypted credentials.'¶
-
-
exception
keystone.exception.
CredentialNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find credential: %(credential_id)s.'¶
-
-
exception
keystone.exception.
CrossBackendNotAllowed
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Forbidden
-
message_format
= u'Group membership across backend boundaries is not allowed. Group in question is %(group_id)s, user is %(user_id)s.'¶
-
-
exception
keystone.exception.
DirectMappingError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
message_format
= u"Local section in mapping %(mapping_id)s refers to a remote match that doesn't exist (e.g. {0} in a local section)."¶
-
-
exception
keystone.exception.
DomainConfigNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find %(group_or_option)s in domain configuration for domain %(domain_id)s.'¶
-
-
exception
keystone.exception.
DomainNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find domain: %(domain_id)s.'¶
-
-
exception
keystone.exception.
DomainSpecificRoleMismatch
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Forbidden
-
message_format
= u'Project %(project_id)s must be in the same domain as the role %(role_id)s being assigned.'¶
-
-
exception
keystone.exception.
DomainSpecificRoleNotWithinIdPDomain
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Forbidden
-
message_format
= u'role: %(role_name)s must be within the same domain as the identity provider: %(identity_provider)s.'¶
-
-
exception
keystone.exception.
EndpointGroupNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find Endpoint Group: %(endpoint_group_id)s.'¶
-
-
exception
keystone.exception.
EndpointNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find endpoint: %(endpoint_id)s.'¶
-
-
exception
keystone.exception.
Error
(message=None, **kwargs)[source]¶ Bases:
exceptions.Exception
Base error class.
Child classes should define an HTTP status code, title, and a message_format.
-
code
= None¶
-
message_format
= None¶
-
title
= None¶
-
-
exception
keystone.exception.
FederatedProtocolNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find federated protocol %(protocol_id)s for Identity Provider: %(idp_id)s.'¶
-
-
exception
keystone.exception.
Forbidden
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.SecurityError
-
code
= 403¶
-
message_format
= u'You are not authorized to perform the requested action.'¶
-
title
= 'Forbidden'¶
-
-
exception
keystone.exception.
ForbiddenAction
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Forbidden
-
message_format
= u'You are not authorized to perform the requested action: %(action)s.'¶
-
-
exception
keystone.exception.
ForbiddenNotSecurity
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
When you want to return a 403 Forbidden response but not security.
Use this for errors where the message is always safe to present to the user and won’t give away extra information.
-
code
= 403¶
-
title
= 'Forbidden'¶
-
-
exception
keystone.exception.
Gone
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 410¶
-
message_format
= u'The service you have requested is no longer available on this server.'¶
-
title
= 'Gone'¶
-
-
exception
keystone.exception.
GroupNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find group: %(group_id)s.'¶
-
-
exception
keystone.exception.
IdentityProviderNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find Identity Provider: %(idp_id)s.'¶
-
-
exception
keystone.exception.
ImpliedRoleNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'%(prior_role_id)s does not imply %(implied_role_id)s.'¶
-
-
exception
keystone.exception.
InsufficientAuthMethods
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 401¶
-
message_format
= u'Insufficient auth methods received for %(user_id)s. Auth Methods Provided: %(methods)s.'¶
-
title
= 'Unauthorized'¶
-
-
exception
keystone.exception.
InvalidDomainConfig
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Forbidden
-
message_format
= u'Invalid domain specific configuration: %(reason)s.'¶
-
-
exception
keystone.exception.
InvalidImpliedRole
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Forbidden
-
message_format
= u'%(role_id)s cannot be an implied roles.'¶
-
-
exception
keystone.exception.
InvalidOperatorError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.ValidationError
-
message_format
= u"The given operator %(_op)s is not valid. It must be one of the following: 'eq', 'neq', 'lt', 'lte', 'gt', or 'gte'."¶
-
-
exception
keystone.exception.
InvalidPolicyAssociation
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Forbidden
-
message_format
= u'Invalid mix of entities for policy association: only Endpoint, Service, or Region+Service allowed. Request was - Endpoint: %(endpoint_id)s, Service: %(service_id)s, Region: %(region_id)s.'¶
-
-
exception
keystone.exception.
KeysNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'No encryption keys found; run keystone-manage fernet_setup to bootstrap one.'¶
-
-
exception
keystone.exception.
LDAPServerConnectionError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 504¶
-
message_format
= u'Timed out waiting to establish a connection to the LDAP Server (%(url)s).'¶
-
title
= 'Gateway Timeout'¶
-
-
exception
keystone.exception.
MalformedEndpoint
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'Malformed endpoint URL (%(endpoint)s), see ERROR log for details.'¶
-
-
exception
keystone.exception.
MappedGroupNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'Group %(group_id)s returned by mapping %(mapping_id)s was not found in the backend.'¶
-
-
exception
keystone.exception.
MappingNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find mapping: %(mapping_id)s.'¶
-
-
exception
keystone.exception.
MetadataFileError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'Error while reading metadata file: %(reason)s.'¶
-
-
exception
keystone.exception.
MigrationNotProvided
(mod_name, path)[source]¶ Bases:
exceptions.Exception
-
exception
keystone.exception.
MultipleSQLDriversInConfig
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'The Keystone domain-specific configuration has specified more than one SQL driver (only one is permitted): %(source)s.'¶
-
-
exception
keystone.exception.
NotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 404¶
-
message_format
= u'Could not find: %(target)s.'¶
-
title
= 'Not Found'¶
-
-
exception
keystone.exception.
NotImplemented
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 501¶
-
message_format
= u'The action you have requested has not been implemented.'¶
-
title
= 'Not Implemented'¶
-
-
exception
keystone.exception.
OAuthHeadersMissingError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'No Authorization headers found, cannot proceed with OAuth related calls. If running under HTTPd or Apache, ensure WSGIPassAuthorization is set to On.'¶
-
-
exception
keystone.exception.
PasswordAgeValidationError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.PasswordValidationError
-
message_format
= u'You cannot change your password at this time due to the minimum password age. Once you change your password, it must be used for %(min_age_days)d day(s) before it can be changed. Please try again in %(days_left)d day(s) or contact your administrator to reset your password.'¶
-
-
exception
keystone.exception.
PasswordExpired
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Unauthorized
-
message_format
= u'The password is expired and needs to be changed for user: %(user_id)s.'¶
-
-
exception
keystone.exception.
PasswordHistoryValidationError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.PasswordValidationError
-
message_format
= u'The new password cannot be identical to a previous password. The number of previous passwords that must be unique is %(unique_count)s.'¶
-
-
exception
keystone.exception.
PasswordRequirementsValidationError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.PasswordValidationError
-
message_format
= u'The password does not match the requirements: %(detail)s.'¶
-
-
exception
keystone.exception.
PasswordValidationError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.ValidationError
-
message_format
= u'Password validation error: %(detail)s.'¶
-
-
exception
keystone.exception.
PasswordVerificationError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.ForbiddenNotSecurity
-
message_format
= u'The password length must be less than or equal to %(size)i. The server could not comply with the request because the password is invalid.'¶
-
-
exception
keystone.exception.
PolicyAssociationNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find policy association.'¶
-
-
exception
keystone.exception.
PolicyNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find policy: %(policy_id)s.'¶
-
-
exception
keystone.exception.
ProjectNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find project: %(project_id)s.'¶
-
-
exception
keystone.exception.
PublicIDNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= '%(id)s'¶
-
-
exception
keystone.exception.
RegionDeletionError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.ForbiddenNotSecurity
-
message_format
= u'Unable to delete region %(region_id)s because it or its child regions have associated endpoints.'¶
-
-
exception
keystone.exception.
RegionNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find region: %(region_id)s.'¶
-
-
exception
keystone.exception.
RoleAssignmentNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find role assignment with role: %(role_id)s, user or group: %(actor_id)s, project or domain: %(target_id)s.'¶
-
-
exception
keystone.exception.
RoleNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find role: %(role_id)s.'¶
-
-
exception
keystone.exception.
SAMLSigningError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'Unable to sign SAML assertion. It is likely that this server does not have xmlsec1 installed or this is the result of misconfiguration. Reason %(reason)s.'¶
-
-
exception
keystone.exception.
SchemaValidationError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.ValidationError
-
message_format
= u'%(detail)s'¶
-
-
exception
keystone.exception.
SecurityError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
Security error exception.
Avoids exposing details of security errors, unless in insecure_debug mode.
-
amendment
= u'(Disable insecure_debug mode to suppress these details.)'¶
-
-
exception
keystone.exception.
ServiceNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find service: %(service_id)s.'¶
-
-
exception
keystone.exception.
ServiceProviderNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find Service Provider: %(sp_id)s.'¶
-
-
exception
keystone.exception.
StringLengthExceeded
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.ValidationError
-
message_format
= u"String length exceeded. The length of string '%(string)s' exceeds the limit of column %(type)s(CHAR(%(length)d))."¶
-
-
exception
keystone.exception.
TokenNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find token: %(token_id)s.'¶
-
-
exception
keystone.exception.
TokenlessAuthConfigError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.ValidationError
-
message_format
= u'Could not determine Identity Provider ID. The configuration option %(issuer_attribute)s was not found in the request environment.'¶
-
-
exception
keystone.exception.
TrustConsumeMaximumAttempt
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'Unable to consume trust %(trust_id)s. Unable to acquire lock.'¶
-
-
exception
keystone.exception.
TrustNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find trust: %(trust_id)s.'¶
-
-
exception
keystone.exception.
TrustUseLimitReached
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Forbidden
-
message_format
= u'No remaining uses for trust: %(trust_id)s.'¶
-
-
exception
keystone.exception.
URLValidationError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.ValidationError
-
message_format
= u'Cannot create an endpoint with an invalid URL: %(url)s.'¶
-
-
exception
keystone.exception.
UnexpectedError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.SecurityError
Avoids exposing details of failures, unless in insecure_debug mode.
-
code
= 500¶
-
debug_message_format
= u'An unexpected error prevented the server from fulfilling your request: %(exception)s.'¶
-
message_format
= u'An unexpected error prevented the server from fulfilling your request.'¶
-
title
= 'Internal Server Error'¶
-
-
exception
keystone.exception.
UnsupportedTokenVersionException
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.UnexpectedError
-
debug_message_format
= u'Token version is unrecognizable or unsupported.'¶
-
-
exception
keystone.exception.
UserDisabled
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Unauthorized
-
message_format
= u'The account is disabled for user: %(user_id)s.'¶
-
-
exception
keystone.exception.
UserNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find user: %(user_id)s.'¶
-
-
exception
keystone.exception.
ValidationError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 400¶
-
message_format
= u'Expecting to find %(attribute)s in %(target)s. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.'¶
-
title
= 'Bad Request'¶
-
-
exception
keystone.exception.
ValidationExpirationError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 400¶
-
message_format
= u"The 'expires_at' must not be before now. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error."¶
-
title
= 'Bad Request'¶
-
-
exception
keystone.exception.
ValidationSizeError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 400¶
-
message_format
= u'Request attribute %(attribute)s must be less than or equal to %(size)i. The server could not comply with the request because the attribute size is invalid (too large). The client is assumed to be in error.'¶
-
title
= 'Bad Request'¶
-
-
exception
keystone.exception.
ValidationTimeStampError
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.Error
-
code
= 400¶
-
message_format
= u'Timestamp not in expected format. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.'¶
-
title
= 'Bad Request'¶
-
-
exception
keystone.exception.
VersionNotFound
(message=None, **kwargs)[source]¶ Bases:
keystone.exception.NotFound
-
message_format
= u'Could not find version: %(version)s.'¶
-
keystone.i18n module¶
oslo.i18n integration module.
See https://docs.openstack.org/developer/oslo.i18n/usage.html .
keystone.notifications module¶
Notifications module for OpenStack Identity Service resources.
-
keystone.notifications.
ACTIONS
= NotificationActions(created='created', deleted='deleted', disabled='disabled', updated='updated', internal='internal')¶ The actions on resources.
-
class
keystone.notifications.
Audit
[source]¶ Bases:
object
Namespace for audit notification functions.
This is a namespace object to contain all of the direct notification functions utilized for
Manager
methods.-
classmethod
added_to
(target_type, target_id, actor_type, actor_id, initiator=None, public=True, reason=None)[source]¶
-
classmethod
-
class
keystone.notifications.
CadfNotificationWrapper
(operation)[source]¶ Bases:
object
Send CADF event notifications for various methods.
This function is only used for Authentication events. Its
action
andevent_type
are dictated below.- action:
authenticate
- event_type:
identity.authenticate
Sends CADF notifications for events such as whether an authentication was successful or not.
Parameters: operation – The authentication related action being performed - action:
-
class
keystone.notifications.
CadfRoleAssignmentNotificationWrapper
(operation)[source]¶ Bases:
object
Send CADF notifications for
role_assignment
methods.This function is only used for role assignment events. Its
action
andevent_type
are dictated below.action:
created.role_assignment
ordeleted.role_assignment
- event_type:
identity.role_assignment.created
or identity.role_assignment.deleted
- event_type:
Sends a CADF notification if the wrapped method does not raise an
Exception
(such askeystone.exception.NotFound
).Parameters: operation – one of the values from ACTIONS (created or deleted) -
ROLE_ASSIGNMENT
= 'role_assignment'¶
-
keystone.notifications.
clear_subscribers
()[source]¶ Empty subscribers dictionary.
This effectively stops notifications since there will be no subscribers to publish to.
-
keystone.notifications.
emit_event
¶ alias of
CadfNotificationWrapper
-
keystone.notifications.
listener
(cls)[source]¶ A class decorator to declare a class to be a notification listener.
A notification listener must specify the event(s) it is interested in by defining a
event_callbacks
attribute or property.event_callbacks
is a dictionary where the key is the type of event and the value is a dictionary containing a mapping of resource types to callback(s).ACTIONS
contains constants for the currently supported events. There is currently no single place to find constants for the resource types.Example:
@listener class Something(object): def __init__(self): self.event_callbacks = { notifications.ACTIONS.created: { 'user': self._user_created_callback, }, notifications.ACTIONS.deleted: { 'project': [ self._project_deleted_callback, self._do_cleanup, ] }, }
-
keystone.notifications.
notify_event_callbacks
(service, resource_type, operation, payload)[source]¶ Send a notification to registered extensions.
-
keystone.notifications.
register_event_callback
(event, resource_type, callbacks)[source]¶ Register each callback with the event.
Parameters: - event (keystone.notifications.ACTIONS) – Action being registered
- resource_type (str) – Type of resource being operated on
- callbacks (list) – Callback items to be registered with event
Raises: - ValueError – If event is not a valid ACTION
- TypeError – If callback is not callable
-
keystone.notifications.
reset_notifier
()[source]¶ Reset the notifications internal state.
This is used only for testing purposes.
-
keystone.notifications.
role_assignment
¶
-
keystone.notifications.
send_saml_audit_notification
(action, request, user_id, group_ids, identity_provider, protocol, token_id, outcome)[source]¶ Send notification to inform observers about SAML events.
Parameters: - action (str) – Action being audited
- request (keystone.common.request.Request) – Current request to collect request info from
- user_id (str) – User ID from Keystone token
- group_ids (list) – List of Group IDs from Keystone token
- identity_provider (str or None) – ID of the IdP from the Keystone token
- protocol (str) – Protocol ID for IdP from the Keystone token
- token_id (str or None) – audit_id from Keystone token
- outcome (str) – One of
pycadf.cadftaxonomy