Workflow Logic the Resource service.
Bases: keystone.common.controller.V3Controller
Bases: keystone.common.controller.V3Controller
Bases: keystone.common.controller.V3Controller
Main entry point into the Resource service.
Bases: object
Interface description for a Domain Config driver.
Creates a config option for a domain.
Parameters: |
|
---|---|
Returns: | dict containing group, option and value |
Raises keystone.exception.Conflict: | |
when the option already exists |
Deletes config options for a domain.
Allows deletion of all options for a domain, all options in a group or a specific option. The driver is silent if there are no options to delete.
Parameters: |
|
---|
Gets the config option for a domain.
Parameters: |
|
---|---|
Returns: | dict containing group, option and value |
Raises keystone.exception.DomainConfigNotFound: | |
the option doesn’t exist. |
Gets a config options for a domain.
Parameters: |
|
---|---|
Returns: | list of dicts containing group, option and value |
Try and register this domain to use the type specified.
Parameters: |
|
---|---|
Returns: | True if the domain was registered, False otherwise. Failing to register means that someone already has it (which could even be the domain being requested). |
Get the domain ID of who is registered to use this type.
Parameters: | type – type of registration |
---|---|
Returns: | domain_id of who is registered. |
Raises: | keystone.exception.ConfigRegistrationNotFound: nobody is registered. |
Release registration if it is held by the domain specified.
If the specified domain is registered for this domain then free it, if it is not then do nothing - no exception is raised.
Parameters: |
|
---|
Updates a config option for a domain.
Parameters: |
|
---|---|
Returns: | dict containing updated group, option and value |
Raises keystone.exception.DomainConfigNotFound: | |
the option doesn’t exist. |
Bases: keystone.common.manager.Manager
Default pivot point for the Domain Config backend.
Create config for a domain
Parameters: |
|
---|
Creates a new config, overwriting any previous config (no Conflict error will be generated).
Returns: | a dict of group dicts containing the options, with any that are sensitive removed |
---|---|
Raises keystone.exception.InvalidDomainConfig: | |
when the config contains options we do not support |
Delete config, or partial config, for the domain.
Parameters: |
|
---|
If group and option are None, then the entire config for the domain is deleted. If group is not None, then just that group of options will be deleted. If group and option are both specified, then just that option is deleted.
Raises keystone.exception.InvalidDomainConfig: | |
---|---|
when group/option parameters specify an option we do not support or one that does not exist in the original config. |
Get config, or partial config, for a domain
Parameters: |
|
---|---|
Returns: | a dict of group dicts containing the whitelisted options, filtered by group and option specified |
Raises: |
|
An example response:
{
'ldap': {
'url': 'myurl'
'user_tree_dn': 'OU=myou'},
'identity': {
'driver': 'ldap'}
}
Get config for a domain with sensitive info included.
This method is not exposed via the public API, but is used by the identity manager to initialize a domain with the fully formed config options.
Update config, or partial config, for a domain
Parameters: |
|
---|
The contents of the supplied config will be merged with the existing config for this domain, updating or creating new options if these did not previously exist. If group or option is specified, then the update will be limited to those specified items and the inclusion of other options in the supplied config will raise an exception, as will the situation when those options do not already exist in the current config.
Returns: | a dict of groups containing all whitelisted options |
---|---|
Raises keystone.exception.InvalidDomainConfig: | |
when the config and group/option parameters specify an option we do not support or one that does not exist in the original config |
Bases: keystone.common.manager.Manager
Default pivot point for the Resource backend.
See keystone.common.manager.Manager for more details on how this dynamically calls the backend.
Assert the Domain is enabled.
Raises AssertionError: | |
---|---|
if domain is disabled. |
Assert the Domain’s name and id do not match the reserved keyword.
Note that the reserved keyword is defined in the configuration file, by default, it is ‘Federated’, it is also case insensitive. If config’s option is empty the default hardcoded value ‘Federated’ will be used.
Raises AssertionError: | |
---|---|
if domain named match the value in the config. |
Assert the project is enabled and its associated domain is enabled.
Raises AssertionError: | |
---|---|
if the project or domain is disabled. |
Gets the IDs from the parents from a given project.
The project IDs are returned as a structured dictionary traversing up the hierarchy to the top level project. For example, considering the following project hierarchy:
A
|
+-B-+
| |
C D
If we query for project C parents, the expected return is the following dictionary:
'parents': {
B['id']: {
A['id']: None
}
}
Gets the IDs from the projects in the subtree from a given project.
The project IDs are returned as a structured dictionary representing their hierarchy. For example, considering the following project hierarchy:
A
|
+-B-+
| |
C D
If we query for project A subtree, the expected return is the following dictionary:
'subtree': {
B['id']: {
C['id']: None,
D['id']: None
}
}
Bases: object
Creates a new domain.
Raises keystone.exception.Conflict: | |
---|---|
if the domain_id or domain name already exists |
Creates a new project.
Raises keystone.exception.Conflict: | |
---|---|
if project_id or project name already exists |
Deletes an existing domain.
Raises keystone.exception.DomainNotFound: | |
---|---|
if domain_id does not exist |
Deletes an existing project.
Raises keystone.exception.ProjectNotFound: | |
---|---|
if project_id does not exist |
Get a domain by ID.
Returns: | domain_ref |
---|---|
Raises keystone.exception.DomainNotFound: | |
if domain_id does not exist |
Get a domain by name.
Returns: | domain_ref |
---|---|
Raises keystone.exception.DomainNotFound: | |
if domain_name does not exist |
Get a project by ID.
Returns: | project_ref |
---|---|
Raises keystone.exception.ProjectNotFound: | |
if project_id does not exist |
Get a tenant by name.
Returns: | tenant_ref |
---|---|
Raises keystone.exception.ProjectNotFound: | |
if a project with the tenant_name does not exist within the domain |
Checks if a project is a leaf in the hierarchy.
Parameters: | project_id – the driver will check if this project is a leaf in the hierarchy. |
---|---|
Raises keystone.exception.ProjectNotFound: | |
if project_id does not exist |
List domains in the system.
Parameters: | hints – filter hints which the driver should implement if at all possible. |
---|---|
Returns: | a list of domain_refs or an empty list. |
List domains for the provided list of ids.
Parameters: | domain_ids – list of ids |
---|---|
Returns: | a list of domain_refs. |
This method is used internally by the assignment manager to bulk read a set of domains given their ids.
List project ids for the provided list of domain ids.
Parameters: | domain_ids – list of domain ids |
---|---|
Returns: | a list of project ids owned by the specified domain ids. |
This method is used internally by the assignment manager to bulk read a set of project ids given a list of domain ids.
List all parents from a project by its ID.
Parameters: | project_id – the driver will list the parents of this project. |
---|---|
Returns: | a list of project_refs or an empty list. |
Raises keystone.exception.ProjectNotFound: | |
if project_id does not exist |
List projects in the system.
Parameters: | hints – filter hints which the driver should implement if at all possible. |
---|---|
Returns: | a list of project_refs or an empty list. |
List projects for the provided list of ids.
Parameters: | project_ids – list of ids |
---|---|
Returns: | a list of project_refs. |
This method is used internally by the assignment manager to bulk read a set of projects given their ids.
List projects in the domain.
Parameters: | domain_id – the driver MUST only return projects within this domain. |
---|---|
Returns: | a list of project_refs or an empty list. |
List all projects in the subtree below the hierarchy of the given project.
Parameters: | project_id – the driver will get the subtree under this project. |
---|---|
Returns: | a list of project_refs or an empty list |
Raises keystone.exception.ProjectNotFound: | |
if project_id does not exist |
Updates an existing domain.
Raises: |
|
---|
Updates an existing project.
Raises: |
|
---|
WSGI Routers for the Resource service.