OpenStack Keystone Charm

  1. Bug #1774733
  2. Comment #1

Comment 1 for bug 1774733

Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :

An example of how to create a system-scoped token via keystone API (openstack client support seems to be missing at the time of writing) with a notably different scope section in the request:

openstack user list --domain admin_domain
+----------------------------------+-------+
| ID | Name |
 +----------------------------------+-------+
| 24c00642cc954b108a612a60c190e80a | test |
| c35ddbaea658492baa16c7e15a14320f | admin |
 +----------------------------------+-------+
openstack user list --domain a
+----------------------------------+-------+
| ID | Name |
 +----------------------------------+-------+
| 0009487964b148c5aa8f1f004109fc93 | usera |
| 300be329708e40d6a2266d738233e96e | adma |
 +----------------------------------+-------+

openstack role list
+----------------------------------+---------+
| ID | Name |
 +----------------------------------+---------+
| 2c998c11b22d40cd98e617060447579e | Admin |
| ceaeb81722d74385ab82c9a38ff54e2a | Member |
| cecb51748dec4348b3028616dfbf711c | service |
 +----------------------------------+---------+

openstack role assignment list
+----------------------------------+----------------------------------+-------+----------------------------------+----------------------------------+-----------+
| Role | User | Group | Project | Domain | Inherited |
 +----------------------------------+----------------------------------+-------+----------------------------------+----------------------------------+-----------+
| 2c998c11b22d40cd98e617060447579e | 0009487964b148c5aa8f1f004109fc93 | | 55d11414559d400796c0a96b2b6f9862 | | False |
| 2c998c11b22d40cd98e617060447579e | 0009487964b148c5aa8f1f004109fc93 | | 92bb8ef45f3c490c9b0588b1bf6b0c1b | | False |
| 2c998c11b22d40cd98e617060447579e | 0009487964b148c5aa8f1f004109fc93 | | | 2c0d6ccea9c94017a613cdb195877176 | False |
| ceaeb81722d74385ab82c9a38ff54e2a | 0009487964b148c5aa8f1f004109fc93 | | | 40635a04cf954b5f9d7f717e8da23b26 | False |
| 2c998c11b22d40cd98e617060447579e | 0009487964b148c5aa8f1f004109fc93 | | | 6c2a44b399f14ec5899696526d3c2cc9 | False |
| 2c998c11b22d40cd98e617060447579e | 1279d1c3e7444dd799915948ab166cc6 | | 8ed89949272545a68a36e5fd30f062ab | | False |
| 2c998c11b22d40cd98e617060447579e | 2091908c458d4c29b80da77cbbb34318 | | c15d9ac702b84f12a622536a9aeaa399 | | False |
| 2c998c11b22d40cd98e617060447579e | 300be329708e40d6a2266d738233e96e | | | 40635a04cf954b5f9d7f717e8da23b26 | False |
| 2c998c11b22d40cd98e617060447579e | 36b8d20cb3ca4805a0e68f3f17d7ea39 | | c15d9ac702b84f12a622536a9aeaa399 | | False |
| 2c998c11b22d40cd98e617060447579e | 411eb24f18274a4ead12d40b32dd95e0 | | 8ed89949272545a68a36e5fd30f062ab | | False |
| ceaeb81722d74385ab82c9a38ff54e2a | 411eb24f18274a4ead12d40b32dd95e0 | | 8ed89949272545a68a36e5fd30f062ab | | False |
| 2c998c11b22d40cd98e617060447579e | 6be7bab72e38462793e4d80233320827 | | c15d9ac702b84f12a622536a9aeaa399 | | False |
| 2c998c11b22d40cd98e617060447579e | 7471f05e03f04ccfbe7615e356e68652 | | c15d9ac702b84f12a622536a9aeaa399 | | False |
| 2c998c11b22d40cd98e617060447579e | 8f4a45071af24e2ea60858f5174c1928 | | 8ed89949272545a68a36e5fd30f062ab | | False |
| 2c998c11b22d40cd98e617060447579e | 93fabfb70c9b43d6a35c9f8fd95148e2 | | 8ed89949272545a68a36e5fd30f062ab | | False |
| 2c998c11b22d40cd98e617060447579e | ae4584606bad4c78af5a033f33a999ef | | | 2c0d6ccea9c94017a613cdb195877176 | False |
| 2c998c11b22d40cd98e617060447579e | c35ddbaea658492baa16c7e15a14320f | | 55d11414559d400796c0a96b2b6f9862 | | False |
| ceaeb81722d74385ab82c9a38ff54e2a | c35ddbaea658492baa16c7e15a14320f | | 55d11414559d400796c0a96b2b6f9862 | | False |
| 2c998c11b22d40cd98e617060447579e | c35ddbaea658492baa16c7e15a14320f | | | 6c2a44b399f14ec5899696526d3c2cc9 | False |
| ceaeb81722d74385ab82c9a38ff54e2a | d202a4ce0c05415f9488b06f7a428784 | | | 2c0d6ccea9c94017a613cdb195877176 | False |
| 2c998c11b22d40cd98e617060447579e | d9a542e49d22434e8ccaa381a7272334 | | c15d9ac702b84f12a622536a9aeaa399 | | False |
| 2c998c11b22d40cd98e617060447579e | ec056bf2298444abb6a9dd90b4b680e0 | | 8ed89949272545a68a36e5fd30f062ab | | False |
| 2c998c11b22d40cd98e617060447579e | ee164a94cda74e5598ce81a1a2f97068 | | c15d9ac702b84f12a622536a9aeaa399 | | False |
| ceaeb81722d74385ab82c9a38ff54e2a | ee164a94cda74e5598ce81a1a2f97068 | | c15d9ac702b84f12a622536a9aeaa399 | | False |
| 2c998c11b22d40cd98e617060447579e | ff85182039d74828ba401e8033874a13 | | 8ed89949272545a68a36e5fd30f062ab | | False |
| 2c998c11b22d40cd98e617060447579e | 0009487964b148c5aa8f1f004109fc93 | | | | False |
| 2c998c11b22d40cd98e617060447579e | c35ddbaea658492baa16c7e15a14320f | | | | False |
 +----------------------------------+----------------------------------+-------+----------------------------------+----------------------------------+-----------+

cat > token-request.json
{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "domain": {
                        "name": "admin_domain"
                    },
                    "name": "admin",
                    "password": "t0ughpasswd"
                }
            }
        },
        "scope": {
            "project": {
                "domain": {
                    "name": "admin_domain"
                },
                "name": "admin"
            }
        }
    }
}

curl -si -d @token-request.json -H "Content-type: application/json" http://10.232.6.4:5000/v3/auth/tokens | awk '/X-Subject-Token/ {print $2}'
1374d65b4bd04f29bcd888af7c3a7568

curl -s -H"X-Auth-Token:1374d65b4bd04f29bcd888af7c3a7568" http://10.232.6.4:5000/v3/auth/system | jq
{
  "system": [],
  "links": {
    "self": "http://10.232.45.175:5000/v3/auth/system"
  }
}

curl -X PUT -s -H"X-Auth-Token:1374d65b4bd04f29bcd888af7c3a7568" http://10.232.6.4:5000/v3/system/users/c35ddbaea658492baa16c7e15a14320f/roles/2c998c11b22d40cd98e617060447579e | jq

curl -s -H"X-Auth-Token:1374d65b4bd04f29bcd888af7c3a7568" http://10.232.6.4:5000/v3/auth/system | jq
{
  "system": [
    {
      "all": true
    }
  ],
  "links": {
    "self": "http://10.232.45.175:5000/v3/auth/system"
  }
}

cat > usera-token-request.json
{
    "auth": {
        "identity": {
            "methods": [
                "password"
            ],
            "password": {
                "user": {
                    "domain": {
                        "name": "a"
                    },
                    "name": "usera",
                    "password": "test"
                }
            }
        },
        "scope": {
  "system": {
        "all": true
  }
        }
    }
}

curl -si -d @usera-token-request.json -H "Content-type: application/json" http://10.232.6.4:5000/v3/auth/tokens | awk '/X-Subject-Token/ {print $2}'
365aa5b8c9b4417e9c6e0ad3b12ea2c1

curl -s -H"X-Auth-Token:365aa5b8c9b4417e9c6e0ad3b12ea2c1" http://10.232.6.4:5000/v3/auth/system | jq
{
  "system": [
    {
      "all": true
    }
  ],
  "links": {
    "self": "http://10.232.45.175:5000/v3/auth/system"
  }
}