keystone.identity.backends.sql_model module¶

class keystone.identity.backends.sql_model.FederatedUser(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

attributes = ['id', 'user_id', 'idp_id', 'protocol_id', 'unique_id', 'display_name']¶

display_name¶

id¶

idp_id¶

protocol_id¶

unique_id¶

user_id¶

class keystone.identity.backends.sql_model.Group(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixinWithExtras

attributes = ['id', 'name', 'domain_id', 'description']¶

description¶

domain_id¶

extra¶

id¶

name¶

class keystone.identity.backends.sql_model.LocalUser(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

attributes = ['id', 'user_id', 'domain_id', 'name']¶

domain_id¶

failed_auth_at¶

failed_auth_count¶

id¶

name¶

passwords¶

user_id¶

class keystone.identity.backends.sql_model.NonLocalUser(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

SQL data model for nonlocal users (LDAP and custom).

attributes = ['domain_id', 'name', 'user_id']¶

domain_id¶

name¶

user_id¶

class keystone.identity.backends.sql_model.Password(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

attributes = ['id', 'local_user_id', 'password_hash', 'created_at', 'expires_at']¶

created_at¶

created_at_int¶

expires_at¶

expires_at_int¶

id¶

local_user_id¶

password_hash¶

self_service¶

class keystone.identity.backends.sql_model.User(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixinWithExtras

attributes = ['id', 'name', 'domain_id', 'password', 'enabled', 'default_project_id', 'password_expires_at']¶

created_at¶

default_project_id¶

domain_id¶

enabled¶: Return whether user is enabled or not.

extra¶

federated_users¶

classmethod from_dict(user_dict)[source]¶

Override from_dict to remove password_expires_at attribute.

Overriding this method to remove password_expires_at attribute to support update_user and unit tests where password_expires_at inadvertently gets added by calling to_dict followed by from_dict.

Parameters: user_dict – User entity dictionary
Returns User: User object

get_resource_option(option_id)[source]¶

id¶

last_active_at¶

local_user¶

name¶: Return the current user name.

nonlocal_user¶

password¶: Return the current password.

property password_created_at¶: Return when password was created at.

property password_expires_at¶: Return when password expires at.

property password_is_expired¶: Return whether password is expired or not.

property password_ref¶: Return the current password ref.

readonly_attributes = ['id', 'password_expires_at', 'password']¶

resource_options_registry = <keystone.common.resource_options.core.ResourceOptionRegistry object>¶

to_dict(include_extra_dict=False)[source]¶

Return the model’s attributes as a dictionary.

If include_extra_dict is True, ‘extra’ attributes are literally included in the resulting dictionary twice, for backwards-compatibility with a broken implementation.

class keystone.identity.backends.sql_model.UserGroupMembership(*args, **kwargs)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.ModelDictMixin

Group membership join table.

group_id¶

user_id¶

class keystone.identity.backends.sql_model.UserOption(option_id, option_value)[source]¶

Bases: sqlalchemy.ext.declarative.api.Base

option_id¶

option_value¶

user_id¶