keystone.endpoint_policy.backends.base module

class keystone.endpoint_policy.backends.base.EndpointPolicyDriverBase[source]

Bases: object

Interface description for an Endpoint Policy driver.

abstract check_policy_association(policy_id, endpoint_id=None, service_id=None, region_id=None)[source]

Check existence of a policy association.

Parameters:

  • policy_id (string) – identity of policy that is being associated

  • endpoint_id (string) – identity of endpoint to associate

  • service_id (string) – identity of the service to associate

  • region_id (string) – identity of the region to associate

Raises:

keystone.exception.PolicyAssociationNotFound – If there is no match for the specified association.

Returns:

None

abstract create_policy_association(policy_id, endpoint_id=None, service_id=None, region_id=None)[source]

Create a policy association.

Parameters:

  • policy_id (string) – identity of policy that is being associated

  • endpoint_id (string) – identity of endpoint to associate

  • service_id (string) – identity of the service to associate

  • region_id (string) – identity of the region to associate

Returns:

None

There are three types of association permitted:

  • Endpoint (in which case service and region must be None)

  • Service and region (in which endpoint must be None)

  • Service (in which case endpoint and region must be None)

abstract delete_association_by_endpoint(endpoint_id)[source]

Remove all the policy associations with the specific endpoint.

Parameters:

endpoint_id (string) – identity of endpoint to check

Returns:

None

abstract delete_association_by_policy(policy_id)[source]

Remove all the policy associations with the specific policy.

Parameters:

policy_id (string) – identity of endpoint to check

Returns:

None

abstract delete_association_by_region(region_id)[source]

Remove all the policy associations with the specific region.

Parameters:

region_id (string) – identity of endpoint to check

Returns:

None

abstract delete_association_by_service(service_id)[source]

Remove all the policy associations with the specific service.

Parameters:

service_id (string) – identity of endpoint to check

Returns:

None

abstract delete_policy_association(policy_id, endpoint_id=None, service_id=None, region_id=None)[source]

Delete a policy association.

Parameters:

  • policy_id (string) – identity of policy that is being associated

  • endpoint_id (string) – identity of endpoint to associate

  • service_id (string) – identity of the service to associate

  • region_id (string) – identity of the region to associate

Returns:

None

abstract get_policy_association(endpoint_id=None, service_id=None, region_id=None)[source]

Get the policy for an explicit association.

This method is not exposed as a public API, but is used by get_policy_for_endpoint().

Parameters:

  • endpoint_id (string) – identity of endpoint

  • service_id (string) – identity of the service

  • region_id (string) – identity of the region

Raises:

keystone.exception.PolicyAssociationNotFound – If there is no match for the specified association.

Returns:

dict containing policy_id (value is a tuple containing only the policy_id)

abstract list_associations_for_policy(policy_id)[source]

List the associations for a policy.

This method is not exposed as a public API, but is used by list_endpoints_for_policy().

Parameters:

policy_id (string) – identity of policy

Returns:

List of association dicts