Bases: keystoneclient.httpclient.HTTPClient
Client for the OpenStack Keystone v2.0 API.
Parameters: |
If debug is enabled, it may show passwords in plain text as a part of its output.
Constructing an instance of this class without a session is deprecated as of the 1.7.0 release and will be removed in the 2.0.0 release.
The client can be created and used like a user or in a strictly bootstrap mode. Normal operation expects a username, password, auth_url, and tenant_name or id to be provided. Other values will be lazily loaded as needed from the service catalog.
>>> from keystoneclient.v2_0 import client
>>> keystone = client.Client(username=USER,
... password=PASS,
... tenant_name=TENANT_NAME,
... auth_url=KEYSTONE_URL)
>>> keystone.tenants.list()
>>> user = keystone.users.get(USER_ID)
>>> user.delete()
Once authenticated, you can store and attempt to re-use the authenticated token. the auth_ref property on the client returns as a dictionary-like-object so that you can export and cache it, re-using it when initiating another client:
>>> from keystoneclient.v2_0 import client
>>> keystone = client.Client(username=USER,
... password=PASS,
... tenant_name=TENANT_NAME,
... auth_url=KEYSTONE_URL)
>>> auth_ref = keystone.auth_ref
>>> # pickle or whatever you like here
>>> new_client = client.Client(auth_ref=auth_ref)
Alternatively, you can provide the administrative token configured in keystone and an endpoint to communicate with directly. See (admin_token in keystone.conf) In this case, authenticate() is not needed, and no service catalog will be loaded.
>>> from keystoneclient.v2_0 import client
>>> admin_client = client.Client(
... token='12345secret7890',
... endpoint='http://localhost:35357/v2.0')
>>> admin_client.tenants.list()
Authenticate against the v2 Identity API.
If a token is provided it will be used in preference over username and password.
Returns: | access.AccessInfo if authentication was successful. |
Raises keystoneclient.exceptions.AuthorizationFailure: | |
if unable to authenticate or validate the existing authorization token |
Bases: keystoneclient.base.ManagerWithFind
Create a new access/secret pair for the user/tenant pair.
Return type: | object of type EC2 |
Delete an access/secret pair for a user.
Bases: keystoneclient.base.Resource
Bases: keystoneclient.base.Resource
Represents a Keystone endpoint.
Bases: keystoneclient.base.ManagerWithFind
Manager class for manipulating Keystone endpoints.
Create a new endpoint.
Delete an endpoint.
List all available endpoints.
Bases: keystoneclient.base.Resource
Represents an Identity API extension.
Bases: keystoneclient.base.ManagerWithFind
Manager class for listing Identity API extensions.
List all available extensions.
Bases: keystoneclient.base.Resource
Represents a Keystone role.
Bases: keystoneclient.base.ManagerWithFind
Manager class for manipulating Keystone roles.
Adds a role to a user.
If tenant is specified, the role is added just for that tenant, otherwise the role is added globally.
Create a role.
Delete a role.
List all available roles.
Removes a role from a user.
If tenant is specified, the role is removed just for that tenant, otherwise the role is removed from the user’s global roles.
Bases: keystoneclient.base.Resource
Represents a Keystone service.
Bases: keystoneclient.base.ManagerWithFind
Manager class for manipulating Keystone services.
Create a new service.
Delete a service.
Retrieve a service by id.
List available services.
This module is deprecated as of the 1.7.0 release in favor of python-openstackclient and may be removed in the 2.0.0 release.
Bug fixes are welcome, but new features should be exposed to the CLI by python-openstackclient after being added to the python-keystoneclient library.
List service catalog, possibly filtered by service.
Create EC2-compatible credentials for user per tenant.
Delete EC2-compatible credentials.
Display EC2-compatible credentials.
List EC2-compatible credentials for a user.
Create a new endpoint associated with a service.
Delete a service endpoint.
Find endpoint filtered by a specific attribute or service type.
List configured service endpoints.
Update own password.
Create new role.
Delete role.
Display role details.
List all roles.
Add service to Service Catalog.
Delete service from Service Catalog.
Display service from Service Catalog.
List all services in Service Catalog.
Create new tenant.
Delete tenant.
Display tenant details.
List all tenants.
Update tenant name, description, enabled status.
Display the current user token.
Create new user.
Delete user.
Display user details.
List users.
Update user password.
Add role to user.
List roles granted to a user.
Remove role from user.
Update user’s name, email, and enabled status.
Bases: keystoneclient.base.Resource
Represents a Keystone tenant
Bases: keystoneclient.base.ManagerWithFind
Manager class for manipulating Keystone tenants.
Add a user to a tenant with the given role.
Create a new tenant.
Delete a tenant.
Get a list of tenants.
Parameters: |
Return type: | list of Tenant |
List users for a tenant.
Remove the specified role from the user on the tenant.
Update a tenant with a new name and description.
Bases: keystoneclient.base.Resource
Bases: keystoneclient.base.Manager
Returns the revoked tokens response.
The response will be a dict containing ‘signed’ which is a CMS-encoded document.
Fetch the data about a token from the identity server.
Parameters: | token (str) – The token id. |
Return type: | dict |
Validate a token.
Parameters: | token – Token to be validated. This can be an instance of keystoneclient.access.AccessInfo or a string token_id. |
Return type: | keystoneclient.access.AccessInfoV2 |
Bases: keystoneclient.base.Resource
Represents a Keystone user.
Bases: keystoneclient.base.ManagerWithFind
Manager class for manipulating Keystone users.
Create a user.
Delete a user.
Get a list of users (optionally limited to a tenant).
Return type: | list of User |
Update user data.
Supported arguments include name, email, and enabled.
Update enabled-ness.
Update password.
Update password.
Update default tenant.