7920899af1
This step in the process duplicates the auth-token code to keystoneclient but, for the moment, leaves a copy in its origional location in keystone. Testing for auth-token is also copied across, as is the cms support file. Although no other project will yet pick up the code here in the client, since the paste.ini files haev not yet been updated, it would work if anyone did reference it. Once the client code is in, the next step is to update all the other project paste files, and then finally retire the code from keystone. Change-Id: I88853a373d406020d54b61cba5a5e887380e3b3e
Python bindings to the OpenStack Identity API (Keystone)
This is a client for the OpenStack Identity API, implemented by
Keystone. There's a Python API (the keystoneclient module),
and a command-line script (keystone).
Development takes place via the usual OpenStack processes as outlined in the OpenStack wiki. The master repository is on GitHub.
This code a fork of Rackspace's python-novaclient which is in turn a fork of Jacobian's python-cloudservers. The python-keystoneclient is licensed under the Apache License like the rest of OpenStack.
Contents:
Python API
By way of a quick-start:
# use v2.0 auth with http://example.com:5000/v2.0
>>> from keystoneclient.v2_0 import client
>>> keystone = client.Client(username=USERNAME, password=PASSWORD, tenant_name=TENANT, auth_url=AUTH_URL)
>>> keystone.tenants.list()
>>> tenant = keystone.tenants.create(tenant_name="test", description="My new tenant!", enabled=True)
>>> tenant.delete()Command-line API
Installing this package gets you a shell command,
keystone, that you can use to interact with OpenStack's
Identity API.
You'll need to provide your OpenStack tenant, username and password.
You can do this with the --os-tenant-name,
--os-username and --os-password params, but
it's easier to just set them as environment variables:
export OS_TENANT_NAME=project
export OS_USERNAME=user
export OS_PASSWORD=passYou will also need to define the authentication url with
--os-auth-url and the version of the API with
--os-identity-api-version. Or set them as an environment
variables as well:
export OS_AUTH_URL=http://example.com:5000/v2.0
export OS_IDENTITY_API_VERSION=2.0Alternatively, to authenticate to Keystone without a
username/password, such as when there are no users in the database yet,
use the service token and endpoint arguemnts. The service token is set
in keystone.conf as admin_token; set it with
service_token. Note: keep the service token secret as it
allows total access to Keystone's database. The admin endpoint is set
with --endpoint or SERVICE_ENDPOINT:
export SERVICE_TOKEN=thequickbrownfox-jumpsover-thelazydog
export SERVICE_ENDPOINT=http://example.com:35357/v2.0Since Keystone can return multiple regions in the Service Catalog,
you can specify the one you want with --region_name (or
export OS_REGION_NAME). It defaults to the first in the
list returned.
You'll find complete documentation on the shell by running
keystone help:
usage: keystone [--os-username <auth-user-name>]
[--os-password <auth-password>]
[--os-tenant-name <auth-tenant-name>]
[--os-tenant-id <tenant-id>] [--os-auth-url <auth-url>]
[--os-region-name <region-name>]
[--os-identity-api-version <identity-api-version>]
[--os-token <service-token>]
[--os-endpoint <service-endpoint>]
[--os-cacert <ca-certificate>] [--os-cert <certificate>]
[--os-key <key>] [--insecure] [--token <service-token>]
[--endpoint <service-endpoint>]
<subcommand> ...
Command-line interface to the OpenStack Identity API.
Positional arguments:
<subcommand>
catalog
ec2-credentials-create
Create EC2-compatibile credentials for user per tenant
ec2-credentials-delete
Delete EC2-compatibile credentials
ec2-credentials-get
Display EC2-compatibile credentials
ec2-credentials-list
List EC2-compatibile credentials for a user
endpoint-create Create a new endpoint associated with a service
endpoint-delete Delete a service endpoint
endpoint-get
endpoint-list List configured service endpoints
role-create Create new role
role-delete Delete role
role-get Display role details
role-list List all roles
service-create Add service to Service Catalog
service-delete Delete service from Service Catalog
service-get Display service from Service Catalog
service-list List all services in Service Catalog
tenant-create Create new tenant
tenant-delete Delete tenant
tenant-get Display tenant details
tenant-list List all tenants
tenant-update Update tenant name, description, enabled status
token-get
user-create Create new user
user-delete Delete user
user-get Display user details.
user-list List users
user-password-update
Update user password
user-role-add Add role to user
user-role-list List roles granted to a user
user-role-remove Remove role from user
user-update Update user's name, email, and enabled status
discover Discover Keystone servers and show authentication
protocols and
bootstrap Grants a new role to a new user on a new tenant, after
creating each.
bash-completion Prints all of the commands and options to stdout.
help Display help about this program or one of its
subcommands.
Optional arguments:
--os-username <auth-user-name>
Defaults to env[OS_USERNAME]
--os-password <auth-password>
Defaults to env[OS_PASSWORD]
--os-tenant-name <auth-tenant-name>
Defaults to env[OS_TENANT_NAME]
--os-tenant-id <tenant-id>
Defaults to env[OS_TENANT_ID]
--os-auth-url <auth-url>
Defaults to env[OS_AUTH_URL]
--os-region-name <region-name>
Defaults to env[OS_REGION_NAME]
--os-identity-api-version <identity-api-version>
Defaults to env[OS_IDENTITY_API_VERSION] or 2.0
--os-token <service-token>
Defaults to env[OS_SERVICE_TOKEN]
--os-endpoint <service-endpoint>
Defaults to env[OS_SERVICE_ENDPOINT]
--os-cacert <ca-certificate>
Defaults to env[OS_CACERT]
--os-cert <certificate>
Defaults to env[OS_CERT]
--os-key <key> Defaults to env[OS_KEY]
--insecure Explicitly allow keystoneclient to perform "insecure"
SSL (https) requests. The server's certificate will
not be verified against any certificate authorities.
This option should be used with caution.
--token <service-token>
Deprecated. use --os-token
--endpoint <service-endpoint>
Deprecated. use --os-endpoint
See "keystone help COMMAND" for help on a specific command.