Re: [Openstack] [Keystone] API Question

On 07/17/2012 06:06 PM, Matt Joyce wrote: Anyone by any chance know how to read out the auth_token or raw_token that is acquired in keystoneclient when it performs a client.Client() Authenticate? The token is just a UUID, randomly generated. In the PKI proposal, it is a base64 encoding of a

Re: [Openstack] [Keystone] API Question

Not sure if it's documented outside of tests, but: * client.Client().auth_token* >>> from keystoneclient.v2_0 import client >>> c = client.Client(auth_url='http://localhost:5000/v2.0/', username='joe', password='secrete', tenant_name='project-x') >>> print c.auth_token ec04fe9e554a43d1a853e6c665f3

Re: [Openstack] [Keystone] API Question

Anyone by any chance know how to read out the auth_token or raw_token that is acquired in keystoneclient when it performs a client.Client() Authenticate? I'd love to be able to read that. And it's totally not documented anywhere if it exists. -Matt On Tue, Jul 17, 2012 at 2:19 PM, Matt Joyce wr

Re: [Openstack] [Keystone] API Question

Works for me. =D On Tue, Jul 17, 2012 at 1:51 PM, Dolph Mathews wrote: > Adam speaks lies ;) > > Here's a regular user requesting a list of tenants on port 5000 (notice > they only get back 1 tenant): > > GET http://localhost:5000/v2.0/tenants > == > > X-Auth-

Re: [Openstack] [Keystone] API Question

Adam speaks lies ;) Here's a regular user requesting a list of tenants on port 5000 (notice they only get back 1 tenant): GET http://localhost:5000/v2.0/tenants == X-Auth-Token: a6094f62e38c4fafa57e6edf7bd04961 200 OK == Status: 200 Content-Length: 133

Re: [Openstack] [Keystone] API Question

On 07/17/2012 04:05 PM, Matt Joyce wrote: curl -H "X-Auth-Token:123456789001234"http://localhost:5000/v2.0/tenants that seems to do the trick for me for now. Ah, I see that is hooked up to: get_tenants_for_token, I was looking for the wrong API. That then calls: tenant_ids = self.identity_

Re: [Openstack] [Keystone] API Question

curl -H "X-Auth-Token:123456789001234" http://localhost:5000/v2.0/tenants that seems to do the trick for me for now. On Tue, Jul 17, 2012 at 1:03 PM, Adam Young wrote: > On 07/17/2012 03:55 PM, Matt Joyce wrote: > > On Tue, Jul 17, 2012 at 12:55 PM, Adam Young wrote: > >> On 07/17/2012 03:47

Re: [Openstack] [Keystone] API Question

On 07/17/2012 03:55 PM, Matt Joyce wrote: On Tue, Jul 17, 2012 at 12:55 PM, Adam Young > wrote: On 07/17/2012 03:47 PM, Matt Joyce wrote: As a non admin user. Querying the keystone v2 API is there a way for me to get a list of the tenants that I am

Re: [Openstack] [Keystone] API Question

On Tue, Jul 17, 2012 at 12:55 PM, Adam Young wrote: > On 07/17/2012 03:47 PM, Matt Joyce wrote: > >> As a non admin user. Querying the keystone v2 API is there a way for me >> to get a list of the tenants that I am a member of? Or is that only a v3 >> thing? >> >> -Matt >> > > I was just looki

Re: [Openstack] [Keystone] API Question

On 07/17/2012 03:47 PM, Matt Joyce wrote: As a non admin user. Querying the keystone v2 API is there a way for me to get a list of the tenants that I am a member of? Or is that only a v3 thing? -Matt I was just looking into it, and there is no such API yet. The underlying Identity provi

Re: [Openstack] [Keystone] API Question

As a non admin user. Querying the keystone v2 API is there a way for me to get a list of the tenants that I am a member of? Or is that only a v3 thing? -Matt ___ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net

Re: [Openstack] Keystone API question

t;> openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net[mailto: >>> openstack-bounces+gabriel.hurley=nebula@lists.launchpad.net] *On >>> Behalf Of *Luis Gervaso >>> *Sent:* Thursday, May 03, 2012 1:24 PM >>> *To:* Everett Toews >>> *Cc:*

Re: [Openstack] Keystone API question

On >> Behalf Of *Luis Gervaso >> *Sent:* Thursday, May 03, 2012 1:24 PM >> *To:* Everett Toews >> *Cc:* openstack@lists.launchpad.net >> *Subject:* Re: [Openstack] Keystone API question >> >> ** ** >> >> Yes, this is the real issue. >&g

Re: [Openstack] Keystone API question

Replied inline. On Thu, May 3, 2012 at 3:23 PM, Luis Gervaso wrote: > Yes, this is the real issue. > > Since /tenants is only valid for the current user (that's X-Auth-Token > dependant) > Correct. > > How can an administrator user list all the tenants a user belongs to? > > In the current AP

Re: [Openstack] Keystone API question

y, May 03, 2012 1:24 PM > *To:* Everett Toews > *Cc:* openstack@lists.launchpad.net > *Subject:* Re: [Openstack] Keystone API question > > ** ** > > Yes, this is the real issue. > > ** ** > > Since /tenants is only valid for the current user (that's X-A

Re: [Openstack] Keystone API question

@lists.launchpad.net] On Behalf Of Luis Gervaso Sent: Thursday, May 03, 2012 1:24 PM To: Everett Toews Cc: openstack@lists.launchpad.net Subject: Re: [Openstack] Keystone API question Yes, this is the real issue. Since /tenants is only valid for the current user (that's X-Auth-Token dependant) How c

Re: [Openstack] Keystone API question

Yes, this is the real issue. Since /tenants is only valid for the current user (that's X-Auth-Token dependant) How can an administrator user list all the tenants a user belongs to? Another issue i've detected is that endpoints are always dependant on a service, may be i'm wrong but for me: /ser

Re: [Openstack] Keystone API question

I get the same as Luis when trying GET /users/{user_id}/roles on stable/essex (using devstack). Keystone spits back an AttributeError: 'UserController' object has no attribute 'get_user_roles' message instead of a nice 501. GET /tenants/{tenant_id}/users/{user_id}/roles works fine. For a bit mor

Re: [Openstack] Keystone API question

Hey Luis, Through the admin API - there is: /tenants/{tenant_id}/users/{user_id}/roles and /users/{user_id}/roles - these are coded in keystone/identity/core.py in the stable/essex release and the diablo compatibility API /users/{user_id}/roleRefs which is also there

Re: [Openstack] Keystone API question

The philosophy in essex is that it's meaningless for a user to have a role without that role being applied to a tenant, so the call that's implemented is: GET /tenants/{tenant_id}/users/{user_id}/roles Calling this instead should get you an HTTP 501 stating "User roles not supported: tenant I

Re: [Openstack] Keystone API question

On 05/03/2012 12:06 AM, Luis Gervaso wrote: This is what i get. 1 > GET http://192.168.1.41:35357/v2.0/users/ef1e63df85b641d7bf3c575bb8670cef/roles 1 > X-Auth-Token: secret0 2012-05-03 00:03:55,337 [http-bio-8080-exec-10] INFO api.identity - 2 * LoggingFilter - Response received on thread

Re: [Openstack] Keystone API question

This is what i get. 1 > GET http://192.168.1.41:35357/v2.0/users/ef1e63df85b641d7bf3c575bb8670cef/roles 1 > X-Auth-Token: secret0 2012-05-03 00:03:55,337 [http-bio-8080-exec-10] INFO api.identity - 2 * LoggingFilter - Response received on thread http-bio-8080-exec-10 2 < 500 2 < Connection: clo

[Openstack] Keystone API question

Hi, In Diablo was: GET /users/{user_id}/roleRefs In Essex it is maintained for compatibility reasons. I understand that this is the obsolete now. I can find: PUT & DELETE /users/{user_id}/roles/OS-KSADM/{role_id} How can get all the roles having a user_id? GET /users/{user_id}/roles (i can't