Hi Jamie, We want to reuse the user token in magnum. But there is no convenient way to reuse it. It is better that we can use ENV['keystone.token_auth'] to init keystoneclient directly. Now we need to construct a auth_ref which is a parameter in keystoneclient init function according to ENV['keystone.token_auth']. I think it is a common case which service wants to reuse user token to do something like getting service_catalog. Can keystoneclient provide this feature?
Regards, Wanghua On Mon, Sep 7, 2015 at 12:54 PM, Jamie Lennox <jamielen...@redhat.com> wrote: > > > ----- Original Message ----- > > From: "王华" <wanghua.hum...@gmail.com> > > To: "OpenStack Development Mailing List (not for usage questions)" < > openstack-dev@lists.openstack.org> > > Sent: Monday, 7 September, 2015 12:00:43 PM > > Subject: [openstack-dev] [keystone]how to get service_catalog > > > > Hi all, > > > > When I use a token to init a keystoneclient and try to get > service_catalog by > > it, error occurs. I find that keystone doesn't return service_catalog > when > > we use a token. Is there a way to get service_catalog by token? In > magnum, > > we now make a trick. We init a keystoneclient with service_catalog which > is > > contained in the token_info returned by keystonemiddleware in auth_ref > > parameter. > > > > I want a way to get service_catalog by token. Or can we init a > keystoneclient > > by the token_info return by keystonemiddleware directly? > > > > Regards, > > Wanghua > > Sort of. > > The problem you are hitting is that a token is just a string, an > identifier for some information stored in keystone. Given a token at > __init__ time the client doesn't try to validate this in anyway it just > assumes you know what you are doing. You can do a variation of this though > in which you use an existing token to fetch a new token with the same > rights (the expiry etc will be the same) and then you will get a fresh > service catalog. Using auth plugins that's the Token family of plugins. > > However i don't _think_ that's exactly what you're looking for in magnum. > What token are you trying to reuse? > > If it's the users token then auth_token passes down an auth plugin in the > ENV['keystone.token_auth'] variable[1] and you can pass that to a client to > reuse the token and service catalog. If you are loading up magnum specific > auth then again have a look at using keystoneclient's auth plugins and > reusing it across multiple requests. > > Trying to pass around a bundle of token id and service catalog is pretty > much exactly what an auth plugin does and you should be able to do > something there. > > > Jamie > > [1] > https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/__init__.py#L164 > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev