keystone.assignment.backends.base.
AssignmentDriverBase
[source]¶Bases: object
add_role_to_user_and_project
(user_id, project_id, role_id)[source]¶Add a role to a user within given project.
keystone.exception.Conflict – If a duplicate role assignment exists.
check_grant_role_id
(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶Check an assignment/grant role id.
keystone.exception.RoleAssignmentNotFound – If the role assignment doesn’t exist.
None or raises an exception if grant not found
check_system_grant
(role_id, actor_id, target_id, inherited)[source]¶Check if a user or group has a specific role on the system.
role_id – the unique ID of the role to grant to the user
actor_id – the unique ID of the user or group
target_id – the unique ID or string representing the target
inherited – a boolean denoting if the assignment is inherited or not
create_grant
(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶Create a new assignment/grant.
If the assignment is to a domain, then optionally it may be specified as inherited to owned projects (this requires the OS-INHERIT extension to be enabled).
create_system_grant
(role_id, actor_id, target_id, assignment_type, inherited)[source]¶Grant a user or group a role on the system.
role_id – the unique ID of the role to grant to the user
actor_id – the unique ID of the user or group
target_id – the unique ID or string representing the target
assignment_type – a string describing the relationship of the assignment
inherited – a boolean denoting if the assignment is inherited or not
delete_grant
(role_id, user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶Delete assignments/grants.
keystone.exception.RoleAssignmentNotFound – If the role assignment doesn’t exist.
delete_group_assignments
(group_id)[source]¶Delete all assignments for a group.
keystone.exception.RoleNotFound – If the role doesn’t exist.
delete_project_assignments
(project_id)[source]¶Delete all assignments for a project.
keystone.exception.ProjectNotFound – If the project doesn’t exist.
delete_system_grant
(role_id, actor_id, target_id, inherited)[source]¶Remove a system assignment from a user or group.
role_id – the unique ID of the role to grant to the user
actor_id – the unique ID of the user or group
target_id – the unique ID or string representing the target
inherited – a boolean denoting if the assignment is inherited or not
delete_user_assignments
(user_id)[source]¶Delete all assignments for a user.
keystone.exception.RoleNotFound – If the role doesn’t exist.
list_grant_role_ids
(user_id=None, group_id=None, domain_id=None, project_id=None, inherited_to_projects=False)[source]¶List role ids for assignments/grants.
list_role_assignments
(role_id=None, user_id=None, group_ids=None, domain_id=None, project_ids=None, inherited_to_projects=None)[source]¶Return a list of role assignments for actors on targets.
Available parameters represent values in which the returned role assignments attributes need to be filtered on.
list_system_grants
(actor_id, target_id, assignment_type)[source]¶Return a list of all system assignments for a specific entity.
actor_id – the unique ID of the actor
target_id – the unique ID of the target
assignment_type – the type of assignment to return
list_system_grants_by_role
(role_id)[source]¶Return a list of system assignments associated to a role.
role_id – the unique ID of the role to grant to the user
remove_role_from_user_and_project
(user_id, project_id, role_id)[source]¶Remove a role from a user within given project.
keystone.exception.RoleNotFound – If the role doesn’t exist.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.