An example of how to create a system-scoped token via keystone API (openstack client support seems to be missing at the time of writing) with a notably different scope section in the request:
openstack user list --domain admin_domain
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 24c00642cc954b108a612a60c190e80a | test |
| c35ddbaea658492baa16c7e15a14320f | admin |
+----------------------------------+-------+
openstack user list --domain a
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 0009487964b148c5aa8f1f004109fc93 | usera |
| 300be329708e40d6a2266d738233e96e | adma |
+----------------------------------+-------+
openstack role list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 2c998c11b22d40cd98e617060447579e | Admin |
| ceaeb81722d74385ab82c9a38ff54e2a | Member |
| cecb51748dec4348b3028616dfbf711c | service |
+----------------------------------+---------+
An example of how to create a system-scoped token via keystone API (openstack client support seems to be missing at the time of writing) with a notably different scope section in the request:
openstack user list --domain admin_domain ------- ------- ------- ------- +------ -+ ------- ------- ------- ------- +------ -+ 08a612a60c190e8 0a | test | baa16c7e15a1432 0f | admin | ------- ------- ------- ------- +------ -+ ------- ------- ------- ------- +------ -+ ------- ------- ------- ------- +------ -+ 5aa8f1f004109fc 93 | usera | 6a2266d738233e9 6e | adma | ------- ------- ------- ------- +------ -+
+------
| ID | Name |
+------
| 24c00642cc954b1
| c35ddbaea658492
+------
openstack user list --domain a
+------
| ID | Name |
+------
| 0009487964b148c
| 300be329708e40d
+------
openstack role list ------- ------- ------- ------- +------ ---+ ------- ------- ------- ------- +------ ---+ d98e61706044757 9e | Admin | 5ab82c9a38ff54e 2a | Member | 8b3028616dfbf71 1c | service | ------- ------- ------- ------- +------ ---+
+------
| ID | Name |
+------
| 2c998c11b22d40c
| ceaeb81722d7438
| cecb51748dec434
+------
openstack role assignment list ------- ------- ------- ------- +------ ------- ------- ------- ------- +------ -+----- ------- ------- ------- ------- -+----- ------- ------- ------- ------- -+----- ------+ ------- ------- ------- ------- +------ ------- ------- ------- ------- +------ -+----- ------- ------- ------- ------- -+----- ------- ------- ------- ------- -+----- ------+ d98e61706044757 9e | 0009487964b148c 5aa8f1f004109fc 93 | | 55d11414559d400 796c0a96b2b6f98 62 | | False | d98e61706044757 9e | 0009487964b148c 5aa8f1f004109fc 93 | | 92bb8ef45f3c490 c9b0588b1bf6b0c 1b | | False | d98e61706044757 9e | 0009487964b148c 5aa8f1f004109fc 93 | | | 2c0d6ccea9c9401 7a613cdb1958771 76 | False | 5ab82c9a38ff54e 2a | 0009487964b148c 5aa8f1f004109fc 93 | | | 40635a04cf954b5 f9d7f717e8da23b 26 | False | d98e61706044757 9e | 0009487964b148c 5aa8f1f004109fc 93 | | | 6c2a44b399f14ec 5899696526d3c2c c9 | False | d98e61706044757 9e | 1279d1c3e7444dd 799915948ab166c c6 | | 8ed89949272545a 68a36e5fd30f062 ab | | False | d98e61706044757 9e | 2091908c458d4c2 9b80da77cbbb343 18 | | c15d9ac702b84f1 2a622536a9aeaa3 99 | | False | d98e61706044757 9e | 300be329708e40d 6a2266d738233e9 6e | | | 40635a04cf954b5 f9d7f717e8da23b 26 | False | d98e61706044757 9e | 36b8d20cb3ca480 5a0e68f3f17d7ea 39 | | c15d9ac702b84f1 2a622536a9aeaa3 99 | | False | d98e61706044757 9e | 411eb24f18274a4 ead12d40b32dd95 e0 | | 8ed89949272545a 68a36e5fd30f062 ab | | False | 5ab82c9a38ff54e 2a | 411eb24f18274a4 ead12d40b32dd95 e0 | | 8ed89949272545a 68a36e5fd30f062 ab | | False | d98e61706044757 9e | 6be7bab72e38462 793e4d802333208 27 | | c15d9ac702b84f1 2a622536a9aeaa3 99 | | False | d98e61706044757 9e | 7471f05e03f04cc fbe7615e356e686 52 | | c15d9ac702b84f1 2a622536a9aeaa3 99 | | False | d98e61706044757 9e | 8f4a45071af24e2 ea60858f5174c19 28 | | 8ed89949272545a 68a36e5fd30f062 ab | | False | d98e61706044757 9e | 93fabfb70c9b43d 6a35c9f8fd95148 e2 | | 8ed89949272545a 68a36e5fd30f062 ab | | False | d98e61706044757 9e | ae4584606bad4c7 8af5a033f33a999 ef | | | 2c0d6ccea9c9401 7a613cdb1958771 76 | False | d98e61706044757 9e | c35ddbaea658492 baa16c7e15a1432 0f | | 55d11414559d400 796c0a96b2b6f98 62 | | False | 5ab82c9a38ff54e 2a | c35ddbaea658492 baa16c7e15a1432 0f | | 55d11414559d400 796c0a96b2b6f98 62 | | False | d98e61706044757 9e | c35ddbaea658492 baa16c7e15a1432 0f | | | 6c2a44b399f14ec 5899696526d3c2c c9 | False | 5ab82c9a38ff54e 2a | d202a4ce0c05415 f9488b06f7a4287 84 | | | 2c0d6ccea9c9401 7a613cdb1958771 76 | False | d98e61706044757 9e | d9a542e49d22434 e8ccaa381a72723 34 | | c15d9ac702b84f1 2a622536a9aeaa3 99 | | False | d98e61706044757 9e | ec056bf2298444a bb6a9dd90b4b680 e0 | | 8ed89949272545a 68a36e5fd30f062 ab | | False | d98e61706044757 9e | ee164a94cda74e5 598ce81a1a2f970 68 | | c15d9ac702b84f1 2a622536a9aeaa3 99 | | False | 5ab82c9a38ff54e 2a | ee164a94cda74e5 598ce81a1a2f970 68 | | c15d9ac702b84f1 2a622536a9aeaa3 99 | | False | d98e61706044757 9e | ff85182039d7482 8ba401e8033874a 13 | | 8ed89949272545a 68a36e5fd30f062 ab | | False | d98e61706044757 9e | 0009487964b148c 5aa8f1f004109fc 93 | | | | False | d98e61706044757 9e | c35ddbaea658492 baa16c7e15a1432 0f | | | | False | ------- ------- ------- ------- +------ ------- ------- ------- ------- +------ -+----- ------- ------- ------- ------- -+----- ------- ------- ------- ------- -+----- ------+
+------
| Role | User | Group | Project | Domain | Inherited |
+------
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
| ceaeb81722d7438
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
| ceaeb81722d7438
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
| ceaeb81722d7438
| 2c998c11b22d40c
| ceaeb81722d7438
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
| ceaeb81722d7438
| 2c998c11b22d40c
| 2c998c11b22d40c
| 2c998c11b22d40c
+------
cat > token-request.json
"methods" : [
"password"
"password" : {
"user" : {
" domain" : {
"name" : "admin_domain"
} ,
" name": "admin",
" password" : "t0ughpasswd"
"project" : {
"domain" : {
" name": "admin_domain"
"name" : "admin"
{
"auth": {
"identity": {
],
}
}
},
"scope": {
},
}
}
}
}
curl -si -d @token-request.json -H "Content-type: application/json" http:// 10.232. 6.4:5000/ v3/auth/ tokens | awk '/X-Subject-Token/ {print $2}' 9bcd888af7c3a75 68
1374d65b4bd04f2
curl -s -H"X-Auth- Token:1374d65b4 bd04f29bcd888af 7c3a7568" http:// 10.232. 6.4:5000/ v3/auth/ system | jq 10.232. 45.175: 5000/v3/ auth/system"
{
"system": [],
"links": {
"self": "http://
}
}
curl -X PUT -s -H"X-Auth- Token:1374d65b4 bd04f29bcd888af 7c3a7568" http:// 10.232. 6.4:5000/ v3/system/ users/c35ddbaea 658492baa16c7e1 5a14320f/ roles/2c998c11b 22d40cd98e61706 0447579e | jq
curl -s -H"X-Auth- Token:1374d65b4 bd04f29bcd888af 7c3a7568" http:// 10.232. 6.4:5000/ v3/auth/ system | jq 10.232. 45.175: 5000/v3/ auth/system"
{
"system": [
{
"all": true
}
],
"links": {
"self": "http://
}
}
cat > usera-token- request. json
"methods" : [
"password"
"password" : {
"user" : {
" domain" : {
"name" : "a"
} ,
" name": "usera",
" password" : "test"
{
"auth": {
"identity": {
],
}
}
},
"scope": {
"system": {
"all": true
}
}
}
}
curl -si -d @usera- token-request. json -H "Content-type: application/json" http:// 10.232. 6.4:5000/ v3/auth/ tokens | awk '/X-Subject-Token/ {print $2}' e9c6e0ad3b12ea2 c1
365aa5b8c9b4417
curl -s -H"X-Auth- Token:365aa5b8c 9b4417e9c6e0ad3 b12ea2c1" http:// 10.232. 6.4:5000/ v3/auth/ system | jq 10.232. 45.175: 5000/v3/ auth/system"
{
"system": [
{
"all": true
}
],
"links": {
"self": "http://
}
}