Keystone is in charge of login and privilege control of the OpenStack.
Here we list the python class and def declarations of the Keystone. It could be easily understood, which parts of the function have done by keystone.
First, we show \keystone\assignment. Three types of back end drivers are included here: kvs, ldap and sql. They take care of creating,deleting,updating,listing the project/role/grant/user/group/domain.
Clicking the link will bring you to the python code of that function on the CubicPower.
OpenStack Study: keystone
OpenStack Index
\OpenStack\keystone-2014.1\keystone\assignment\backends\kvs.py
class Assignment(kvs.Base, assignment.Driver):def get_project(self, tenant_id):
def _build_project_refs(self):
def list_projects(self, hints):
def list_projects_in_domain(self, domain_id):
def get_project_by_name(self, tenant_name, domain_id):
def list_user_ids_for_project(self, tenant_id):
def _get_metadata(self, user_id=None, tenant_id=None, domain_id=None, group_id=None):
def get_role(self, role_id):
def list_roles(self, hints):
def _list_roles(self):
def list_projects_for_user(self, user_id, group_ids, hints):
def get_roles_for_groups(self, group_ids, project_id=None, domain_id=None):
def list_projects_for_groups(self, group_ids):
def list_domains_for_groups(self, group_ids):
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
def list_role_assignments(self):
def create_project(self, tenant_id, tenant):
def update_project(self, tenant_id, tenant):
def delete_project(self, tenant_id):
def _create_metadata(self, user_id, tenant_id, metadata, domain_id=None, group_id=None):
def _update_metadata(self, user_id, tenant_id, metadata, domain_id=None, group_id=None):
def create_role(self, role_id, role):
def update_role(self, role_id, role):
def delete_role(self, role_id):
def create_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def list_grants(self, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def get_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def delete_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def create_domain(self, domain_id, domain):
def list_domains(self, hints):
def get_domain(self, domain_id):
def get_domain_by_name(self, domain_name):
def update_domain(self, domain_id, domain):
def delete_domain(self, domain_id):
def delete_user(self, user_id):
def delete_group(self, group_id):
\OpenStack\keystone-2014.1\keystone\assignment\backends\ldap.py
class Assignment(assignment.Driver):def __init__(self):
def get_project(self, tenant_id):
def list_projects(self, hints):
def list_projects_in_domain(self, domain_id):
def get_project_by_name(self, tenant_name, domain_id):
def create_project(self, tenant_id, tenant):
def update_project(self, tenant_id, tenant):
def _get_metadata(self, user_id=None, tenant_id=None, domain_id=None, group_id=None):
def _get_roles_for_just_user_and_project(user_id, tenant_id):
def _get_roles_for_group_and_project(group_id, project_id):
def get_role(self, role_id):
def list_roles(self, hints):
def list_projects_for_user(self, user_id, group_ids, hints):
def get_roles_for_groups(self, group_ids, project_id=None, domain_id=None):
def list_projects_for_groups(self, group_ids):
def list_domains_for_groups(self, group_ids):
def list_user_ids_for_project(self, tenant_id):
def _subrole_id_to_dn(self, role_id, tenant_id):
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
def _add_role_to_group_and_project(self, group_id, tenant_id, role_id):
def create_role(self, role_id, role):
def delete_role(self, role_id):
def delete_project(self, tenant_id):
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
def _remove_role_from_group_and_project(self, group_id, tenant_id, role_id):
def update_role(self, role_id, role):
def create_domain(self, domain_id, domain):
def get_domain(self, domain_id):
def update_domain(self, domain_id, domain):
def delete_domain(self, domain_id):
def list_domains(self, hints):
def delete_user(self, user_id):
def delete_group(self, group_id):
def create_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def get_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def delete_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def list_grants(self, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def get_domain_by_name(self, domain_name):
def list_role_assignments(self):
class ProjectApi(common_ldap.EnabledEmuMixIn, common_ldap.BaseLdap):
def __init__(self, conf):
def create(self, values):
def get_user_projects(self, user_dn, associations):
def add_user(self, tenant_id, user_dn):
def remove_user(self, tenant_id, user_dn, user_id):
def get_user_dns(self, tenant_id, rolegrants, role_dn=None):
def update(self, project_id, values):
class UserRoleAssociation(object):
def __init__(self, user_dn=None, role_dn=None, tenant_dn=None, *args, **kw):
class GroupRoleAssociation(object):
def __init__(self, group_dn=None, role_dn=None, tenant_dn=None, *args, **kw):
class RoleApi(common_ldap.BaseLdap):
def __init__(self, conf):
def get(self, role_id, role_filter=None):
def create(self, values):
def add_user(self, role_id, role_dn, user_dn, user_id, tenant_id=None):
def delete_user(self, role_dn, user_dn, tenant_dn, user_id, role_id):
def get_role_assignments(self, tenant_dn):
def list_global_roles_for_user(self, user_dn):
def list_project_roles_for_user(self, user_dn, project_subtree):
def roles_delete_subtree_by_project(self, tenant_dn):
def update(self, role_id, role):
def delete(self, role_id, tenant_dn):
def list_role_assignments(self, project_tree_dn):
\OpenStack\keystone-2014.1\keystone\assignment\backends\sql.py
class Assignment(assignment.Driver):def db_sync(self, version=None):
def _get_project(self, session, project_id):
def get_project(self, tenant_id):
def get_project_by_name(self, tenant_name, domain_id):
def list_user_ids_for_project(self, tenant_id):
def _get_metadata(self, user_id=None, tenant_id=None, domain_id=None, group_id=None, session=None):
def create_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def calculate_type(user_id, group_id, project_id, domain_id):
def list_grants(self, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def _build_grant_filter(self, session, role_id, user_id, group_id, domain_id, project_id, inherited_to_projects):
def get_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def delete_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def list_projects(self, hints):
def list_projects_in_domain(self, domain_id):
def list_projects_for_user(self, user_id, group_ids, hints):
def _project_ids_to_dicts(session, ids):
def get_roles_for_groups(self, group_ids, project_id=None, domain_id=None):
def _list_entities_for_groups(self, group_ids, entity):
def list_projects_for_groups(self, group_ids):
def list_domains_for_groups(self, group_ids):
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
def list_role_assignments(self):
def denormalize_role(ref):
def create_project(self, tenant_id, tenant):
def update_project(self, tenant_id, tenant):
def delete_project(self, tenant_id):
def create_domain(self, domain_id, domain):
def list_domains(self, hints):
def _get_domain(self, session, domain_id):
def get_domain(self, domain_id):
def get_domain_by_name(self, domain_name):
def update_domain(self, domain_id, domain):
def delete_domain(self, domain_id):
def create_role(self, role_id, role):
def list_roles(self, hints):
def _get_role(self, session, role_id):
def get_role(self, role_id):
def update_role(self, role_id, role):
def delete_role(self, role_id):
def delete_user(self, user_id):
def delete_group(self, group_id):
class Domain(sql.ModelBase, sql.DictBase):
class Project(sql.ModelBase, sql.DictBase):
class Role(sql.ModelBase, sql.DictBase):
class RoleAssignment(sql.ModelBase, sql.DictBase):
def to_dict(self):
\OpenStack\keystone-2014.1\keystone\assignment\backends\__init__.py
\OpenStack\keystone-2014.1\keystone\assignment\controllers.py
class Tenant(controller.V2Controller):def get_all_projects(self, context, **kw):
def get_projects_for_token(self, context, **kw):
def get_project(self, context, tenant_id):
def get_project_by_name(self, context, tenant_name):
def create_project(self, context, tenant):
def update_project(self, context, tenant_id, tenant):
def delete_project(self, context, tenant_id):
def get_project_users(self, context, tenant_id, **kw):
def _format_project_list(self, tenant_refs, **kwargs):
class Role(controller.V2Controller):
def get_user_roles(self, context, user_id, tenant_id=None):
def get_role(self, context, role_id):
def create_role(self, context, role):
def delete_role(self, context, role_id):
def get_roles(self, context):
def add_role_to_user(self, context, user_id, role_id, tenant_id=None):
def remove_role_from_user(self, context, user_id, role_id, tenant_id=None):
def get_role_refs(self, context, user_id):
def create_role_ref(self, context, user_id, role):
def delete_role_ref(self, context, user_id, role_ref_id):
class DomainV3(controller.V3Controller):
def __init__(self):
def create_domain(self, context, domain):
def list_domains(self, context, filters):
def get_domain(self, context, domain_id):
def update_domain(self, context, domain_id, domain):
def delete_domain(self, context, domain_id):
class ProjectV3(controller.V3Controller):
def __init__(self):
def create_project(self, context, project):
def list_projects(self, context, filters):
def list_user_projects(self, context, filters, user_id):
def get_project(self, context, project_id):
def update_project(self, context, project_id, project):
def delete_project(self, context, project_id):
class RoleV3(controller.V3Controller):
def __init__(self):
def create_role(self, context, role):
def list_roles(self, context, filters):
def get_role(self, context, role_id):
def update_role(self, context, role_id, role):
def delete_role(self, context, role_id):
def _require_domain_xor_project(self, domain_id, project_id):
def _require_user_xor_group(self, user_id, group_id):
def _check_if_inherited(self, context):
def _check_grant_protection(self, context, protection, role_id=None, user_id=None, group_id=None, domain_id=None, project_id=None):
def create_grant(self, context, role_id, user_id=None, group_id=None, domain_id=None, project_id=None):
def list_grants(self, context, user_id=None, group_id=None, domain_id=None, project_id=None):
def check_grant(self, context, role_id, user_id=None, group_id=None, domain_id=None, project_id=None):
def revoke_grant(self, context, role_id, user_id=None, group_id=None, domain_id=None, project_id=None):
class RoleAssignmentV3(controller.V3Controller):
def wrap_member(cls, context, ref):
def _format_entity(self, context, entity):
def _expand_indirect_assignments(self, context, refs):
def _get_group_members(ref):
def _build_user_assignment_equivalent_of_group( user, group_id, template):
def _build_project_equivalent_of_user_domain_role( project_id, domain_id, template):
def _build_project_equivalent_of_group_domain_role( user_id, group_id, project_id, domain_id, template):
def _query_filter_is_true(self, filter_value):
def _filter_inherited(self, entry):
def list_role_assignments(self, context, filters):
def get_role_assignment(self, context):
def update_role_assignment(self, context):
def delete_role_assignment(self, context):
\OpenStack\keystone-2014.1\keystone\assignment\core.py
def calc_default_domain():class Manager(manager.Manager):
def __init__(self):
def create_project(self, tenant_id, tenant):
def _disable_project(self, tenant_id):
def update_project(self, tenant_id, tenant):
def delete_project(self, tenant_id):
def get_roles_for_user_and_project(self, user_id, tenant_id):
def _get_group_project_roles(user_id, project_ref):
def _get_user_project_roles(user_id, project_ref):
def get_roles_for_user_and_domain(self, user_id, domain_id):
def _get_group_domain_roles(user_id, domain_id):
def _get_user_domain_roles(user_id, domain_id):
def add_user_to_project(self, tenant_id, user_id):
def remove_user_from_project(self, tenant_id, user_id):
def list_projects_for_user(self, user_id, hints=None):
def get_domain(self, domain_id):
def get_domain_by_name(self, domain_name):
def create_domain(self, domain_id, domain):
def list_domains(self, hints=None):
def _disable_domain(self, domain_id):
def update_domain(self, domain_id, domain):
def delete_domain(self, domain_id):
def _delete_domain_contents(self, domain_id):
def list_projects(self, hints=None):
def list_projects_in_domain(self, domain_id):
def list_user_projects(self, user_id, hints=None):
def get_project(self, project_id):
def get_project_by_name(self, tenant_name, domain_id):
def get_role(self, role_id):
def create_role(self, role_id, role):
def list_roles(self, hints=None):
def update_role(self, role_id, role):
def delete_role(self, role_id):
def list_role_assignments_for_role(self, role_id=None):
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
def delete_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def _delete_tokens_for_role(self, role_id):
class Driver(object):
def _role_to_dict(self, role_id, inherited):
def _roles_from_role_dicts(self, dict_list, inherited):
def _add_role_to_role_dicts(self, role_id, inherited, dict_list, allow_existing=True):
def _remove_role_from_role_dicts(self, role_id, inherited, dict_list):
def _get_list_limit(self):
def get_project_by_name(self, tenant_name, domain_id):
def list_user_ids_for_project(self, tenant_id):
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
def create_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def list_grants(self, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def get_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def delete_grant(self, role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False):
def list_role_assignments(self):
def create_domain(self, domain_id, domain):
def list_domains(self, hints):
def get_domain(self, domain_id):
def get_domain_by_name(self, domain_name):
def update_domain(self, domain_id, domain):
def delete_domain(self, domain_id):
def create_project(self, project_id, project):
def list_projects(self, hints):
def list_projects_in_domain(self, domain_id):
def list_projects_for_user(self, user_id, group_ids, hints):
def get_roles_for_groups(self, group_ids, project_id=None, domain_id=None):
def list_projects_for_groups(self, group_ids):
def list_domains_for_groups(self, group_ids):
def get_project(self, project_id):
def update_project(self, project_id, project):
def delete_project(self, project_id):
def create_role(self, role_id, role):
def list_roles(self, hints):
def get_role(self, role_id):
def update_role(self, role_id, role):
def delete_role(self, role_id):
def delete_user(self, user_id):
def delete_group(self, group_id):
def _set_default_domain(self, ref):
def _validate_default_domain(self, ref):
def _validate_default_domain_id(self, domain_id):
\OpenStack\keystone-2014.1\keystone\assignment\routers.py
class Public(wsgi.ComposableRouter):def add_routes(self, mapper):
class Admin(wsgi.ComposableRouter):
def add_routes(self, mapper):
def append_v3_routers(mapper, routers):
沒有留言:
張貼留言