Re: [openstack-dev] [keystone] keystoneclient.client.v3.Client: extract identity endpoint

2016-10-14 Thread Johannes Grassler 

Hello,

On 10/14/2016 02:27 AM, Jamie Lennox wrote:

On 13 October 2016 at 23:19, Johannes Grassler  wrote:

[Is there a canonical way to extract the identity URL being used by 
python-keystoneclient?]
[...]

  keystone_service=client.services.list(type='identity')[0]
  client.endpoints.list(service=keystone_service,
interface='admin',
region=client.region_name)

...but that feels rather dirty since it independently looks up the
admin endpoint rather than plucking the identity endpoint from the
keystone client instance.

[...]

From the session you can do:

session.get_endpoint(service_type='identity', interface='admin',
region='region')

to get the URL from the catalog.


Ok, that is at least a little more elegant. Thank you!

Cheers,

Johannes

--
Johannes Grassler, Cloud Developer
SUSE Linux GmbH, HRB 21284 (AG Nürnberg)
GF: Felix Imendörffer, Jane Smithard, Graham Norton
Maxfeldstr. 5, 90409 Nürnberg, Germany

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [keystone] keystoneclient.client.v3.Client: extract identity endpoint

2016-10-13 Thread Jamie Lennox 
On 13 October 2016 at 23:19, Johannes Grassler  wrote:

> Hello,
>
> I've got an existing keystoneclient.client.v3.Client object with an
> authenticated session. Now I'd like to get the identity URL this
> object uses for requesting things from Keystone. I want to use that
> URL in a trust's endpoint list in order to allow the user the client
> is authenticated as to talk to Keystone on the trustor's behalf.
>
> The client is authenticated as a service user and issues a GET to
>
>GET http://192.168.123.20/identity_admin/v3/OS-TRUST/trusts
>
> when the following code snippet is executed:
>
>   client.trusts.list()
>
> (`client` is my keystoneclient.client.v3.Client instance).
>
> Initially I thought I could use the auth_url from the client's
> session object, i.e.
>
>   client.session.auth.auth_url
>
> but that turned out to be a dead end because it's the internal
> endpoint:
>
>   http://192.168.123.20/identity/v3
>
> This will be useless for a trust's endpoint URL list if the
> trustee (my service user) ends up using
>
>   http://192.168.123.20/identity_admin/v3
>
> to talk to Keystone. I could look up the admin URL from the catalog
> like this...
>
>   keystone_service=client.services.list(type='identity')[0]
>   client.endpoints.list(service=keystone_service,
> interface='admin',
> region=client.region_name)
>
> ...but that feels rather dirty since it independently looks up the
> admin endpoint rather than plucking the identity endpoint from the
> keystone client instance. Is there a cleaner way to get that
> information directly from the keystoneclient.client.v3.Client
> instance?
>
> Cheers,
>
> Johannes
>

So this is one of those times where keystoneclient is really jno different
from the other clients and is just using the session you gave it to do the
right thing.

>From the session you can do:

session.get_endpoint(service_type='identity', interface='admin',
region='region')

to get the URL from the catalog.



> --
> Johannes Grassler, Cloud Developer
> SUSE Linux GmbH, HRB 21284 (AG Nürnberg)
> GF: Felix Imendörffer, Jane Smithard, Graham Norton
> Maxfeldstr. 5, 90409 Nürnberg, Germany
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [keystone] keystoneclient.client.v3.Client: extract identity endpoint

2016-10-13 Thread Johannes Grassler 

Hello,

I've got an existing keystoneclient.client.v3.Client object with an
authenticated session. Now I'd like to get the identity URL this
object uses for requesting things from Keystone. I want to use that
URL in a trust's endpoint list in order to allow the user the client
is authenticated as to talk to Keystone on the trustor's behalf.

The client is authenticated as a service user and issues a GET to

   GET http://192.168.123.20/identity_admin/v3/OS-TRUST/trusts

when the following code snippet is executed:

  client.trusts.list()

(`client` is my keystoneclient.client.v3.Client instance).

Initially I thought I could use the auth_url from the client's
session object, i.e.

  client.session.auth.auth_url

but that turned out to be a dead end because it's the internal
endpoint:

  http://192.168.123.20/identity/v3

This will be useless for a trust's endpoint URL list if the
trustee (my service user) ends up using

  http://192.168.123.20/identity_admin/v3

to talk to Keystone. I could look up the admin URL from the catalog
like this...

  keystone_service=client.services.list(type='identity')[0]
  client.endpoints.list(service=keystone_service,
interface='admin',
region=client.region_name)

...but that feels rather dirty since it independently looks up the
admin endpoint rather than plucking the identity endpoint from the
keystone client instance. Is there a cleaner way to get that
information directly from the keystoneclient.client.v3.Client
instance?

Cheers,

Johannes

--
Johannes Grassler, Cloud Developer
SUSE Linux GmbH, HRB 21284 (AG Nürnberg)
GF: Felix Imendörffer, Jane Smithard, Graham Norton
Maxfeldstr. 5, 90409 Nürnberg, Germany

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev