Re: [openstack-dev] [keystone] keystoneclient.client.v3.Client: extract identity endpoint
Hello, On 10/14/2016 02:27 AM, Jamie Lennox wrote: On 13 October 2016 at 23:19, Johannes Grasslerwrote: [Is there a canonical way to extract the identity URL being used by python-keystoneclient?] [...] keystone_service=client.services.list(type='identity')[0] client.endpoints.list(service=keystone_service, interface='admin', region=client.region_name) ...but that feels rather dirty since it independently looks up the admin endpoint rather than plucking the identity endpoint from the keystone client instance. [...] From the session you can do: session.get_endpoint(service_type='identity', interface='admin', region='region') to get the URL from the catalog. Ok, that is at least a little more elegant. Thank you! Cheers, Johannes -- Johannes Grassler, Cloud Developer SUSE Linux GmbH, HRB 21284 (AG Nürnberg) GF: Felix Imendörffer, Jane Smithard, Graham Norton Maxfeldstr. 5, 90409 Nürnberg, Germany __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [keystone] keystoneclient.client.v3.Client: extract identity endpoint
On 13 October 2016 at 23:19, Johannes Grasslerwrote: > Hello, > > I've got an existing keystoneclient.client.v3.Client object with an > authenticated session. Now I'd like to get the identity URL this > object uses for requesting things from Keystone. I want to use that > URL in a trust's endpoint list in order to allow the user the client > is authenticated as to talk to Keystone on the trustor's behalf. > > The client is authenticated as a service user and issues a GET to > >GET http://192.168.123.20/identity_admin/v3/OS-TRUST/trusts > > when the following code snippet is executed: > > client.trusts.list() > > (`client` is my keystoneclient.client.v3.Client instance). > > Initially I thought I could use the auth_url from the client's > session object, i.e. > > client.session.auth.auth_url > > but that turned out to be a dead end because it's the internal > endpoint: > > http://192.168.123.20/identity/v3 > > This will be useless for a trust's endpoint URL list if the > trustee (my service user) ends up using > > http://192.168.123.20/identity_admin/v3 > > to talk to Keystone. I could look up the admin URL from the catalog > like this... > > keystone_service=client.services.list(type='identity')[0] > client.endpoints.list(service=keystone_service, > interface='admin', > region=client.region_name) > > ...but that feels rather dirty since it independently looks up the > admin endpoint rather than plucking the identity endpoint from the > keystone client instance. Is there a cleaner way to get that > information directly from the keystoneclient.client.v3.Client > instance? > > Cheers, > > Johannes > So this is one of those times where keystoneclient is really jno different from the other clients and is just using the session you gave it to do the right thing. >From the session you can do: session.get_endpoint(service_type='identity', interface='admin', region='region') to get the URL from the catalog. > -- > Johannes Grassler, Cloud Developer > SUSE Linux GmbH, HRB 21284 (AG Nürnberg) > GF: Felix Imendörffer, Jane Smithard, Graham Norton > Maxfeldstr. 5, 90409 Nürnberg, Germany > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [keystone] keystoneclient.client.v3.Client: extract identity endpoint
Hello, I've got an existing keystoneclient.client.v3.Client object with an authenticated session. Now I'd like to get the identity URL this object uses for requesting things from Keystone. I want to use that URL in a trust's endpoint list in order to allow the user the client is authenticated as to talk to Keystone on the trustor's behalf. The client is authenticated as a service user and issues a GET to GET http://192.168.123.20/identity_admin/v3/OS-TRUST/trusts when the following code snippet is executed: client.trusts.list() (`client` is my keystoneclient.client.v3.Client instance). Initially I thought I could use the auth_url from the client's session object, i.e. client.session.auth.auth_url but that turned out to be a dead end because it's the internal endpoint: http://192.168.123.20/identity/v3 This will be useless for a trust's endpoint URL list if the trustee (my service user) ends up using http://192.168.123.20/identity_admin/v3 to talk to Keystone. I could look up the admin URL from the catalog like this... keystone_service=client.services.list(type='identity')[0] client.endpoints.list(service=keystone_service, interface='admin', region=client.region_name) ...but that feels rather dirty since it independently looks up the admin endpoint rather than plucking the identity endpoint from the keystone client instance. Is there a cleaner way to get that information directly from the keystoneclient.client.v3.Client instance? Cheers, Johannes -- Johannes Grassler, Cloud Developer SUSE Linux GmbH, HRB 21284 (AG Nürnberg) GF: Felix Imendörffer, Jane Smithard, Graham Norton Maxfeldstr. 5, 90409 Nürnberg, Germany __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev