The horizon.api.keystone ModuleΒΆ

class horizon.api.keystone.Service(service, *args, **kwargs)[source]

Bases: horizon.api.base.APIDictWrapper

Wrapper for a dict based on the service data from keystone.

horizon.api.keystone.add_tenant_user_role(request, tenant_id, user_id, role_id)[source]

Adds a role for a user on a tenant.

horizon.api.keystone.create_ec2_credentials(request, user_id, tenant_id)[source]
horizon.api.keystone.get_default_role(request)[source]

Gets the default role object from Keystone and saves it as a global since this is configured in settings and should not change from request to request. Supports lookup by name or id.

horizon.api.keystone.get_user_ec2_credentials(request, user_id, access_token)[source]
horizon.api.keystone.keystone_backend_name()[source]
horizon.api.keystone.keystone_can_edit_user()[source]
horizon.api.keystone.keystoneclient(request, username=None, password=None, tenant_id=None, token_id=None, endpoint=None, endpoint_type=None, admin=False)[source]

Returns a client connected to the Keystone backend.

Several forms of authentication are supported:

  • Username + password -> Unscoped authentication
  • Username + password + tenant id -> Scoped authentication
  • Unscoped token -> Unscoped authentication
  • Unscoped token + tenant id -> Scoped authentication
  • Scoped token -> Scoped authentication

Available services and data from the backend will vary depending on whether the authentication was scoped or unscoped.

Lazy authentication if an endpoint parameter is provided.

Calls requiring the admin endpoint should have admin=True passed in as a keyword argument.

The client is cached so that subsequent API calls during the same request/response cycle don’t have to be re-authenticated.

horizon.api.keystone.list_ec2_credentials(request, user_id)[source]
horizon.api.keystone.remove_tenant_user(request, tenant_id, user_id)[source]

Removes all roles from a user on a tenant, removing them from it.

horizon.api.keystone.role_list(request)[source]

Returns a global list of available roles.

horizon.api.keystone.tenant_create(request, tenant_name, description, enabled)[source]
horizon.api.keystone.tenant_delete(request, tenant_id)[source]
horizon.api.keystone.tenant_get(request, tenant_id, admin=False)[source]
horizon.api.keystone.tenant_list(request, admin=False)[source]
horizon.api.keystone.tenant_list_for_token(request, token, endpoint_type=None)[source]
horizon.api.keystone.tenant_name(request, tenant_id)[source]
horizon.api.keystone.tenant_update(request, tenant_id, tenant_name, description, enabled)[source]
horizon.api.keystone.token_create(request, tenant, username, password)[source]

Creates a token using the username and password provided. If tenant is provided it will retrieve a scoped token and the service catalog for the given tenant. Otherwise it will return an unscoped token and without a service catalog.

horizon.api.keystone.token_create_scoped(request, tenant, token)[source]

Creates a scoped token using the tenant id and unscoped token; retrieves the service catalog for the given tenant.

horizon.api.keystone.user_create(request, user_id, email, password, tenant_id, enabled)[source]
horizon.api.keystone.user_delete(request, user_id)[source]
horizon.api.keystone.user_get(request, user_id, admin=True)[source]
horizon.api.keystone.user_list(request, tenant_id=None)[source]
horizon.api.keystone.user_update(request, user, **data)[source]
horizon.api.keystone.user_update_enabled(request, user_id, enabled)[source]
horizon.api.keystone.user_update_password(request, user_id, password, admin=True)[source]
horizon.api.keystone.user_update_tenant(request, user_id, tenant_id, admin=True)[source]

Previous topic

The horizon.api.swift Module

Next topic

The horizon.usage.base Module

This Page