keystone.federation.backends package

Submodules

keystone.federation.backends.base module

class keystone.federation.backends.base.FederationDriverBase

Bases: object

create_idp(idp_id, idp)

Create an identity provider.

Parameters:

• idp_id (string) – ID of IdP object
• idp (dict) – idp object

Returns:

idp ref

Return type:

dict

create_mapping(mapping_id, mapping)

Create a mapping.

Parameters:

• mapping_id (string) – ID of mapping object
• mapping (dict) – mapping ref with mapping name

Returns:

mapping ref

Return type:

dict

create_protocol(idp_id, protocol_id, protocol)

Add an IdP-Protocol configuration.

Parameters:

• idp_id (string) – ID of IdP object
• protocol_id (string) – ID of protocol object
• protocol (dict) – protocol object

Raises:

keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.

Returns:

protocol ref

Return type:

dict

create_sp(sp_id, sp)

Create a service provider.

Parameters:

• sp_id (string) – id of the service provider
• sp (dict) – service provider object

Returns:

service provider ref

Return type:

dict

delete_idp(idp_id)

Delete an identity provider.

Parameters:idp_id (string) – ID of IdP object Raises:keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.

delete_mapping(mapping_id)

Delete a mapping.

Parameters:mapping_id – id of mapping to delete Returns:None

delete_protocol(idp_id, protocol_id)

Delete an IdP-Protocol configuration.

Parameters:

• idp_id (string) – ID of IdP object
• protocol_id (string) – ID of protocol object

Raises:

• keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
• keystone.exception.FederatedProtocolNotFound – If the federated protocol cannot be found.

delete_sp(sp_id)

Delete a service provider.

Parameters:sp_id (string) – id of the service provider Raises:keystone.exception.ServiceProviderNotFound – If the service provider doesn’t exist.

get_enabled_service_providers()

List enabled service providers for Service Catalog.

Service Provider in a catalog contains three attributes: id, auth_url, sp_url, where:

• id is a unique, user defined identifier for service provider object
• auth_url is an authentication URL of remote Keystone
• sp_url a URL accessible at the remote service provider where SAML assertion is transmitted.

Returns:list of dictionaries with enabled service providers Return type:list of dicts

get_idp(idp_id)

Get an identity provider by ID.

Parameters:idp_id (string) – ID of IdP object Raises:keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist. Returns:idp ref Return type:dict

get_idp_from_remote_id(remote_id)

Get an identity provider by remote ID.

Parameters:remote_id – ID of remote IdP Raises:keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist. Returns:idp ref Return type:dict

get_mapping(mapping_id)

Get a mapping, returns the mapping based on mapping_id.

Parameters:mapping_id – id of mapping to get Raises:keystone.exception.MappingNotFound – If the mapping cannot be found. Returns:mapping ref Return type:dict

get_mapping_from_idp_and_protocol(idp_id, protocol_id)

Get mapping based on idp_id and protocol_id.

Parameters:

• idp_id (string) – id of the identity provider
• protocol_id (string) – id of the protocol

Raises:

• keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
• keystone.exception.FederatedProtocolNotFound – If the federated protocol cannot be found.

Returns:

mapping ref

Return type:

dict

get_protocol(idp_id, protocol_id)

Get an IdP-Protocol configuration.

Parameters:

• idp_id (string) – ID of IdP object
• protocol_id (string) – ID of protocol object

Raises:

• keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
• keystone.exception.FederatedProtocolNotFound – If the federated protocol cannot be found.

Returns:

protocol ref

Return type:

dict

get_sp(sp_id)

Get a service provider.

Parameters:sp_id (string) – id of the service provider Returns:service provider ref Return type:dict Raises:keystone.exception.ServiceProviderNotFound – If the service provider doesn’t exist.

list_mappings()

List all mappings.

Returns:list of mapping refs Return type:list of dicts

list_protocols(idp_id)

List an IdP’s supported protocols.

Parameters:idp_id (string) – ID of IdP object Raises:keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist. Returns:list of protocol ref Return type:list of dict

update_idp(idp_id, idp)

Update an identity provider by ID.

Parameters:

• idp_id (string) – ID of IdP object
• idp (dict) – idp object

Raises:

keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.

Returns:

idp ref

Return type:

dict

update_mapping(mapping_id, mapping_ref)

Update a mapping.

Parameters:

• mapping_id (string) – id of mapping to update
• mapping_ref (dict) – new mapping ref

Returns:

mapping ref

Return type:

dict

update_protocol(idp_id, protocol_id, protocol)

Change an IdP-Protocol configuration.

Parameters:

• idp_id (string) – ID of IdP object
• protocol_id (string) – ID of protocol object
• protocol (dict) – protocol object

Raises:

• keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.
• keystone.exception.FederatedProtocolNotFound – If the federated protocol cannot be found.

Returns:

protocol ref

Return type:

dict

update_sp(sp_id, sp)

Update a service provider.

Parameters:

• sp_id (string) – id of the service provider
• sp (dict) – service prvider object

Returns:

service provider ref

Return type:

dict

Raises:

keystone.exception.ServiceProviderNotFound – If the service provider doesn’t exist.

class keystone.federation.backends.base.FederationDriverV8

Bases: keystone.federation.backends.base.FederationDriverBase

Removed or redefined methods from V8.

Move the abstract methods of any methods removed or modified in later versions of the driver from FederationDriverBase to here. We maintain this so that legacy drivers, which will be a subclass of FederationDriverV8, can still reference them.

list_idps()

List all identity providers.

Returns:list of idp refs Return type:list of dicts Raises:keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.

list_sps()

List all service providers.

Returns:List of service provider ref objects Return type:list of dicts

class keystone.federation.backends.base.FederationDriverV9

Bases: keystone.federation.backends.base.FederationDriverBase

New or redefined methods from V8.

Add any new V9 abstract methods (or those with modified signatures) to this class.

list_idps(hints)

List all identity providers.

Parameters:hints – filter hints which the driver should implement if at all possible. Returns:list of idp refs Return type:list of dicts Raises:keystone.exception.IdentityProviderNotFound – If the IdP doesn’t exist.

list_sps(hints)

List all service providers.

Parameters:hints – filter hints which the driver should implement if at all possible. Returns:List of service provider ref objects Return type:list of dicts Raises:keystone.exception.ServiceProviderNotFound – If the SP doesn’t exist.

class keystone.federation.backends.base.V9FederationWrapperForV8Driver(*args, **kwargs)

Bases: keystone.federation.backends.base.FederationDriverV9

Wrapper class to supported a V8 legacy driver.

In order to support legacy drivers without having to make the manager code driver-version aware, we wrap legacy drivers so that they look like the latest version. For the various changes made in a new driver, here are the actions needed in this wrapper:

Method removed from new driver - remove the call-through method from this

class, since the manager will no longer be calling it.

Method signature (or meaning) changed - wrap the old method in a new

signature here, and munge the input and output parameters accordingly.

New method added to new driver - add a method to implement the new

functionality here if possible. If that is not possible, then return NotImplemented, since we do not guarantee to support new functionality with legacy drivers.

create_idp(idp_id, idp)

create_mapping(mapping_id, mapping)

create_protocol(idp_id, protocol_id, protocol)

create_sp(sp_id, sp)

delete_idp(idp_id)

delete_mapping(mapping_id)

delete_protocol(idp_id, protocol_id)

delete_sp(sp_id)

get_enabled_service_providers()

get_idp(idp_id)

get_idp_from_remote_id(remote_id)

get_mapping(mapping_id)

get_mapping_from_idp_and_protocol(idp_id, protocol_id)

get_protocol(idp_id, protocol_id)

get_sp(sp_id)

list_idps(hints)

list_mappings()

list_protocols(idp_id)

list_sps(hints)

update_idp(idp_id, idp)

update_mapping(mapping_id, mapping_ref)

update_protocol(idp_id, protocol_id, protocol)

update_sp(sp_id, sp)

keystone.federation.backends.sql module

class keystone.federation.backends.sql.Federation

Bases: keystone.federation.backends.base.FederationDriverV9

create_idp(idp_id, idp)

create_mapping(*args, **kwargs)

create_protocol(*args, **kwargs)

create_sp(*args, **kwargs)

delete_idp(idp_id)

delete_mapping(mapping_id)

delete_protocol(idp_id, protocol_id)

delete_sp(sp_id)

get_enabled_service_providers()

get_idp(idp_id)

get_idp_from_remote_id(remote_id)

get_mapping(mapping_id)

get_mapping_from_idp_and_protocol(idp_id, protocol_id)

get_protocol(idp_id, protocol_id)

get_sp(sp_id)

list_idps(hints=None)

list_mappings()

list_protocols(idp_id)

list_sps(hints=None)

update_idp(idp_id, idp)

update_mapping(*args, **kwargs)

update_protocol(idp_id, protocol_id, protocol)

update_sp(sp_id, sp)

class keystone.federation.backends.sql.FederationProtocolModel(*args, **kwargs)

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

attributes = ['id', 'idp_id', 'mapping_id']

classmethod from_dict(dictionary)

id

idp_id

mapping_id

mutable_attributes = frozenset(['mapping_id'])

to_dict()

Return a dictionary with model’s attributes.

class keystone.federation.backends.sql.IdPRemoteIdsModel(*args, **kwargs)

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

attributes = ['idp_id', 'remote_id']

classmethod from_dict(dictionary)

idp_id

mutable_attributes = frozenset(['idp_id', 'remote_id'])

remote_id

to_dict()

Return a dictionary with model’s attributes.

class keystone.federation.backends.sql.IdentityProviderModel(*args, **kwargs)

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

attributes = ['id', 'enabled', 'description', 'remote_ids']

description

enabled

classmethod from_dict(dictionary)

id

mutable_attributes = frozenset(['enabled', 'description', 'remote_ids'])

remote_ids

to_dict()

Return a dictionary with model’s attributes.

class keystone.federation.backends.sql.MappingModel(*args, **kwargs)

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

attributes = ['id', 'rules']

classmethod from_dict(dictionary)

id

rules

to_dict()

Return a dictionary with model’s attributes.

class keystone.federation.backends.sql.ServiceProviderModel(*args, **kwargs)

Bases: sqlalchemy.ext.declarative.api.Base, keystone.common.sql.core.DictBase

attributes = ['auth_url', 'id', 'enabled', 'description', 'relay_state_prefix', 'sp_url']

auth_url

description

enabled

classmethod from_dict(dictionary)

id

mutable_attributes = frozenset(['enabled', 'auth_url', 'description', 'relay_state_prefix', 'sp_url'])

relay_state_prefix

sp_url

to_dict()

Return a dictionary with model’s attributes.

Module contents