"What the the openstackclient is trying to do, is authenticate using the token to fetch another token. This appears to break for tokens that have been fetched using application credentials (and would be of limited usability anyway)
You can avoid the reathentication step of the openstackclient by specifying --os-endpoint to directly provide the url of the service you're trying to issue commands to.
For example:
unset OS_AUTH_TYPE
openstack --os-token $TOKEN --os-endpoint http://localhost/identity/v3 project list --verbose"
Maybe I've misunderstood-- if I generate a token using application credentials and then re-use that token, does the openstack client use that token to generate *another* token in the background? If this is the case, then our use case described above isn't doing anything productive and we need to re-work.
Ah, sorry, I just read Kristi's reply in my (duplicate) bug report after posting the above: /bugs.launchpad .net/keystone/ +bug/1886607
https:/
"What the the openstackclient is trying to do, is authenticate using the token to fetch another token. This appears to break for tokens that have been fetched using application credentials (and would be of limited usability anyway)
You can avoid the reathentication step of the openstackclient by specifying --os-endpoint to directly provide the url of the service you're trying to issue commands to.
For example: localhost/ identity/ v3 project list --verbose"
unset OS_AUTH_TYPE
openstack --os-token $TOKEN --os-endpoint http://
Maybe I've misunderstood-- if I generate a token using application credentials and then re-use that token, does the openstack client use that token to generate *another* token in the background? If this is the case, then our use case described above isn't doing anything productive and we need to re-work.