From 137a8935615ab1230aa812590a948a047f7e127c Mon Sep 17 00:00:00 2001 From: Chellygel Date: Wed, 15 Apr 2015 11:54:44 -0500 Subject: [PATCH] Fix the clientrc file to match defaults and add docs Ported over documentation about usage of clientrc file as well as ported over the No Auth Mode section. Change-Id: Idfaeae4f4360b5aa95494119926fd67592c0d2d8 --- clientrc | 25 +++++++++--- doc/source/authentication.rst | 71 +++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 6 deletions(-) diff --git a/clientrc b/clientrc index 2fd67215..1d6be263 100644 --- a/clientrc +++ b/clientrc @@ -1,6 +1,19 @@ -export OS_TENANT_NAME=demo -export OS_USERNAME=demo -export OS_PASSWORD=password -export OS_AUTH_URL="http://keystone-int.cloudkeep.io:5000/v2.0/" -export BARBICAN_ENDPOINT="http://localhost:9311/v1/" -export AUTH_TOKEN='' +export OS_PROJECT_NAME= + +# Either Project ID or Project Name is required +export OS_PROJECT_DOMAIN_ID= +export OS_PROJECT_DOMAIN_NAME= + +# Either Domain User ID or Domain User Name is required +export OS_USER_DOMAIN_ID= +export OS_USER_DOMAIN_NAME= + +# Either User ID or Username can be used +export OS_USER_ID = +export OS_USERNAME= +export OS_PASSWORD= + +# OS_AUTH_URL should be your location of Keystone +# Barbican Client defaults to Keystone V3 +export OS_AUTH_URL=":5000/v3/" +export BARBICAN_ENDPOINT=":9311" diff --git a/doc/source/authentication.rst b/doc/source/authentication.rst index bf0c561d..f5a47dd5 100644 --- a/doc/source/authentication.rst +++ b/doc/source/authentication.rst @@ -66,3 +66,74 @@ Example:: barbican = client.Client(endpoint='http://localhost:9311', project_id='123456') + + +CLI Authentication +================== + +Keystone V3 Authentication +-------------------------- + +Barbican can be configured to use Keystone for authentication. The user's +credentials can be passed to Barbican via arguments. + +.. code-block:: bash + + $ barbican --os-auth-url --os-project-domain-id \ + --os-user-domain-id --os-username \ + --os-password --os-project-name --endpoint \ + secret list + +This can become annoying and tedious, so authentication via Keystone can +also be configured by setting environment variables. Barbican uses the same env +variables as python-keystoneclient so if you already have keystone client +configured you can skip this section. + +An example clientrc file is provided in the main python-barbicanclient +directory. + +.. code-block:: bash + + export OS_PROJECT_NAME=admin + + # Either Project ID or Project Name is required + export OS_PROJECT_DOMAIN_ID= + export OS_PROJECT_DOMAIN_NAME= + + # Either User ID or User Name is required + export OS_USER_DOMAIN_ID= + export OS_USER_DOMAIN_NAME= + export OS_USERNAME=admin + export OS_PASSWORD=password + + # OS_AUTH_URL should be your location of Keystone + # Barbican Client defaults to Keystone V3 + export OS_AUTH_URL="http://localhost:5000/v3/" + export BARBICAN_ENDPOINT="http://localhost:9311" + + +Make any appropriate changes to this file. + +You will need to source it into your environment on each load: + +.. code-block:: bash + + source ~/clientrc + +If you would like, you can configure your bash to load the variables on +each login: + +.. code-block:: bash + + echo "source ~/clientrc" >> ~/.bashrc + + +No Auth Mode +------------ + +When working with a Barbican instance that does not use Keystone authentication +(e.g. during development) you can use the :code:`--no-auth` option. If you do +this, you'll have to specify the Barbican endpoint and project ID +:code:`--os-project-id`. This is because Barbican normally gets the endpoint +and tenant ID from Keystone. +