 eb70a26a60
			
		
	
	eb70a26a60
	
	
	
		
			
			The developer docs should tell developers to use keystoneauth1 sessions rather than keystoneclient sessions or passing arguments to the Client constructors. keystoneclient sessions and constructing Clients using non-sessions is deprecated. Change-Id: Ica19b8d6fb2f5d1a9d0d22d4fe08abb266fd6a86
		
			
				
	
	
		
			126 lines
		
	
	
		
			4.6 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			126 lines
		
	
	
		
			4.6 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| =======================
 | |
| Using the V2 client API
 | |
| =======================
 | |
| 
 | |
| Introduction
 | |
| ============
 | |
| 
 | |
| The main concepts in the Identity v2 API are:
 | |
| 
 | |
|  * tenants
 | |
|  * users
 | |
|  * roles
 | |
|  * services
 | |
|  * endpoints
 | |
| 
 | |
| The V2 client API lets you query and make changes through
 | |
| managers. For example, to manipulate tenants, you interact with a
 | |
| ``keystoneclient.v2_0.tenants.TenantManager`` object.
 | |
| 
 | |
| You obtain access to managers via attributes of the
 | |
| ``keystoneclient.v2_0.client.Client`` object. For example, the ``tenants``
 | |
| attribute of the ``Client`` class is a tenant manager::
 | |
| 
 | |
|     >>> from keystoneclient.v2_0 import client
 | |
|     >>> keystone = client.Client(...)
 | |
|     >>> keystone.tenants.list() # List tenants
 | |
| 
 | |
| You create a valid ``keystoneclient.v2_0.client.Client`` object by passing
 | |
| a :class:`~keystoneauth1.session.Session` to the constructor. Authentication
 | |
| and examples of common tasks are provided below.
 | |
| 
 | |
| You can generally expect that when the client needs to propagate an exception
 | |
| it will raise an instance of subclass of
 | |
| ``keystoneclient.exceptions.ClientException``
 | |
| 
 | |
| Authenticating
 | |
| ==============
 | |
| 
 | |
| There are two ways to authenticate against keystone:
 | |
|  * against the admin endpoint with the admin token
 | |
|  * against the public endpoint with a username and password
 | |
| 
 | |
| If you are an administrator, you can authenticate by connecting to the admin
 | |
| endpoint and using the admin token (sometimes referred to as the service
 | |
| token). The token is specified as the ``admin_token`` configuration option in
 | |
| your keystone.conf config file, which is typically in /etc/keystone::
 | |
| 
 | |
|     >>> from keystoneauth1.identity import v2
 | |
|     >>> from keystoneauth1 import session
 | |
|     >>> from keystoneclient.v2_0 import client
 | |
|     >>> token = '012345SECRET99TOKEN012345'
 | |
|     >>> endpoint = 'http://192.168.206.130:35357/v2.0'
 | |
|     >>> auth = v2.Token(auth_url=endpoint, token=token)
 | |
|     >>> sess = session.Session(auth=auth)
 | |
|     >>> keystone = client.Client(session=sess)
 | |
| 
 | |
| If you have a username and password, authentication is done against the
 | |
| public endpoint. You must also specify a tenant that is associated with the
 | |
| user::
 | |
| 
 | |
|     >>> from keystoneauth1.identity import v2
 | |
|     >>> from keystoneauth1 import session
 | |
|     >>> from keystoneclient.v2_0 import client
 | |
|     >>> username='adminUser'
 | |
|     >>> password='secretword'
 | |
|     >>> tenant_name='openstackDemo'
 | |
|     >>> auth_url='http://192.168.206.130:5000/v2.0'
 | |
|     >>> auth = v2.Password(username=username, password=password,
 | |
|     ...                    tenant_name=tenant_name, auth_url=auth_url)
 | |
|     >>> sess = session.Session(auth=auth)
 | |
|     >>> keystone = client.Client(session=sess)
 | |
| 
 | |
| Creating tenants
 | |
| ================
 | |
| 
 | |
| This example will create a tenant named *openstackDemo*::
 | |
| 
 | |
|     >>> from keystoneclient.v2_0 import client
 | |
|     >>> keystone = client.Client(...)
 | |
|     >>> keystone.tenants.create(tenant_name="openstackDemo",
 | |
|     ...                         description="Default Tenant", enabled=True)
 | |
|     <Tenant {u'id': u'9b7962da6eb04745b477ae920ad55939', u'enabled': True, u'description': u'Default Tenant', u'name': u'openstackDemo'}>
 | |
| 
 | |
| Creating users
 | |
| ==============
 | |
| 
 | |
| This example will create a user named *adminUser* with a password *secretword*
 | |
| in the openstackDemo tenant. We first need to retrieve the tenant::
 | |
| 
 | |
|     >>> from keystoneclient.v2_0 import client
 | |
|     >>> keystone = client.Client(...)
 | |
|     >>> tenants = keystone.tenants.list()
 | |
|     >>> my_tenant = [x for x in tenants if x.name=='openstackDemo'][0]
 | |
|     >>> my_user = keystone.users.create(name="adminUser",
 | |
|     ...                                 password="secretword",
 | |
|     ...                                 tenant_id=my_tenant.id)
 | |
| 
 | |
| Creating roles and adding users
 | |
| ===============================
 | |
| 
 | |
| This example will create an admin role and add the *my_user* user to that
 | |
| role, but only for the *my_tenant* tenant:
 | |
| 
 | |
|     >>> from keystoneclient.v2_0 import client
 | |
|     >>> keystone = client.Client(...)
 | |
|     >>> role = keystone.roles.create('admin')
 | |
|     >>> my_tenant = ...
 | |
|     >>> my_user = ...
 | |
|     >>> keystone.roles.add_user_role(my_user, role, my_tenant)
 | |
| 
 | |
| Creating services and endpoints
 | |
| ===============================
 | |
| 
 | |
| This example will create the service and corresponding endpoint for the
 | |
| Compute service::
 | |
| 
 | |
|     >>> from keystoneclient.v2_0 import client
 | |
|     >>> keystone = client.Client(...)
 | |
|     >>> service = keystone.services.create(name="nova", service_type="compute",
 | |
|     ...                                    description="Nova Compute Service")
 | |
|     >>> keystone.endpoints.create(
 | |
|     ...     region="RegionOne", service_id=service.id,
 | |
|     ...     publicurl="http://192.168.206.130:8774/v2/%(tenant_id)s",
 | |
|     ...     adminurl="http://192.168.206.130:8774/v2/%(tenant_id)s",
 | |
|     ...     internalurl="http://192.168.206.130:8774/v2/%(tenant_id)s")
 |