doc/source/using-api-v2.rst


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

=======================
Using the V2 client API
=======================

Introduction
============

The main concepts in the Identity v2 API are:

 * tenants
 * users
 * roles
 * services
 * endpoints

The V2 client API lets you query and make changes through
managers. For example, to manipulate tenants, you interact with a
``keystoneclient.v2_0.tenants.TenantManager`` object.

You obtain access to managers via attributes of the
``keystoneclient.v2_0.client.Client`` object. For example, the ``tenants``
attribute of the ``Client`` class is a tenant manager::

    >>> from keystoneclient.v2_0 import client
    >>> keystone = client.Client(...)
    >>> keystone.tenants.list() # List tenants

You create a valid ``keystoneclient.v2_0.client.Client`` object by passing
a :class:`~keystoneauth1.session.Session` to the constructor. Authentication
and examples of common tasks are provided below.

You can generally expect that when the client needs to propagate an exception
it will raise an instance of subclass of
``keystoneclient.exceptions.ClientException``

Authenticating
==============

There are two ways to authenticate against keystone:
 * against the admin endpoint with the admin token
 * against the public endpoint with a username and password

If you are an administrator, you can authenticate by connecting to the admin
endpoint and using the admin token (sometimes referred to as the service
token). The token is specified as the ``admin_token`` configuration option in
your keystone.conf config file, which is typically in /etc/keystone::

    >>> from keystoneauth1.identity import v2
    >>> from keystoneauth1 import session
    >>> from keystoneclient.v2_0 import client
    >>> token = '012345SECRET99TOKEN012345'
    >>> endpoint = 'http://192.168.206.130:35357/v2.0'
    >>> auth = v2.Token(auth_url=endpoint, token=token)
    >>> sess = session.Session(auth=auth)
    >>> keystone = client.Client(session=sess)

If you have a username and password, authentication is done against the
public endpoint. You must also specify a tenant that is associated with the
user::

    >>> from keystoneauth1.identity import v2
    >>> from keystoneauth1 import session
    >>> from keystoneclient.v2_0 import client
    >>> username='adminUser'
    >>> password='secretword'
    >>> tenant_name='openstackDemo'
    >>> auth_url='http://192.168.206.130:5000/v2.0'
    >>> auth = v2.Password(username=username, password=password,
    ...                    tenant_name=tenant_name, auth_url=auth_url)
    >>> sess = session.Session(auth=auth)
    >>> keystone = client.Client(session=sess)

Creating tenants
================

This example will create a tenant named *openstackDemo*::

    >>> from keystoneclient.v2_0 import client
    >>> keystone = client.Client(...)
    >>> keystone.tenants.create(tenant_name="openstackDemo",
    ...                         description="Default Tenant", enabled=True)
    <Tenant {u'id': u'9b7962da6eb04745b477ae920ad55939', u'enabled': True, u'description': u'Default Tenant', u'name': u'openstackDemo'}>

Creating users
==============

This example will create a user named *adminUser* with a password *secretword*
in the openstackDemo tenant. We first need to retrieve the tenant::

    >>> from keystoneclient.v2_0 import client
    >>> keystone = client.Client(...)
    >>> tenants = keystone.tenants.list()
    >>> my_tenant = [x for x in tenants if x.name=='openstackDemo'][0]
    >>> my_user = keystone.users.create(name="adminUser",
    ...                                 password="secretword",
    ...                                 tenant_id=my_tenant.id)

Creating roles and adding users
===============================

This example will create an admin role and add the *my_user* user to that
role, but only for the *my_tenant* tenant:

    >>> from keystoneclient.v2_0 import client
    >>> keystone = client.Client(...)
    >>> role = keystone.roles.create('admin')
    >>> my_tenant = ...
    >>> my_user = ...
    >>> keystone.roles.add_user_role(my_user, role, my_tenant)

Creating services and endpoints
===============================

This example will create the service and corresponding endpoint for the
Compute service::

    >>> from keystoneclient.v2_0 import client
    >>> keystone = client.Client(...)
    >>> service = keystone.services.create(name="nova", service_type="compute",
    ...                                    description="Nova Compute Service")
    >>> keystone.endpoints.create(
    ...     region="RegionOne", service_id=service.id,
    ...     publicurl="http://192.168.206.130:8774/v2/%(tenant_id)s",
    ...     adminurl="http://192.168.206.130:8774/v2/%(tenant_id)s",
    ...     internalurl="http://192.168.206.130:8774/v2/%(tenant_id)s")