我想在openstack keystone用户上执行CRUD操作。根据keystone api docs,我们必须使用GET请求和x-auth-token信息。我已经为此编写了一个代码,但我无法获得任何用户列表,但我得到了#34; 404 Not Found,无法找到资源。"我的代码在
之下#!/usr/bin/python
import httplib
import urllib
import os
import json
from urlparse import urlparse
#Define openstack url
url = "x.x.x.x:5000"
osuser = "osuser"
ospassword = "whatever"
params ='{"auth":{"tenantName":"openstackDemo", "passwordCredentials":{"username":"osuser", "password": "ospassword"}}}'
headers = {"Content-Type": "application/json"}
#make http request
conn = httplib.HTTPConnection(url)
conn.request("POST", "/v2.0/tokens", params,headers)
#get http response
response = conn.getresponse()
data = response.read()
verify_services = json.loads(data)
conn.close()
#print "The service verificetion is:%s\n\t" % verify_services
#Get keystone token
keystone_token = verify_services ['access']['token']['id']
print "Printing api token :\n"
print keystone_token
user_id = verify_services['access']['user']['id']
print "Printing user id : \n"
print user_id
# Get keystone URL
keystone_url = verify_services ['access']['serviceCatalog'][5]
print "Printing keystone end points url: \n"
print keystone_url
#Now take the keystone public url and uid
for publicurl in keystone_url['endpoints']:
key_admin_url = publicurl['adminURL']
key_pub_url = publicurl['publicURL']
keystone_user_id = publicurl['id']
print "printing keystone public url:\n"
print key_pub_url
print "Printing keystone user id:\n"
print keystone_user_id
##################
# Get the user list
#################
apiurlt = urlparse(key_pub_url)
print apiurlt
url2 = apiurlt[1]
print url2
#params1 = '{"username":"samit", "email":"sanjaya@kth.se","enabled":true,"password":"secret", "roles":"member"}'
p = urllib.urlencode({})
headers1 = {"X-Auth-Token":"keystone_token", "Content-type":"application/json"}
conn2 = httplib.HTTPConnection(url2)
conn2.request("GET", "%s/users" %apiurlt[2] , p,headers1)
response2 = conn2.getresponse()
data2 = response2.read()
user_list = json.dumps(data2)
conn.close()
print "getting users:\n"
print response.status
print response.reason
print user_list
答案 0 :(得分:4)
@sanjaya,如果您正在寻找通过Python快速与Keystone交互的方法,我建议您直接使用keystoneclient库,其中包含所有相关工作。您可以在https://github.com/openstack/python-keystoneclient/获取源代码,或从PyPi(http://pypi.python.org/pypi/python-keystoneclient/0.1.3)下载相对较新的源代码(源代码更新)。
使用该客户端,您可以轻松地与Keystone进行交互:
from keystoneclient.v2_0 import client
kc = client.Client(username=osuser, password=ospassword, auth_url=url)
请注意,只需使用用户名和密码,您就可以获得非常有限的访问权限(所谓的“无范围访问授权令牌”),并且您需要进一步请求执行任何有用的操作。
对于Keystone来说更是如此,它与API的V2一起,需要“admin”角色与keystone上的任何CRUD操作进行交互。如果您只是想与Keystone进行交互(例如在设置许多其他部分之前引导帐户),则可以更容易地从“管理令牌”开始并直接从客户端使用管理URL界面。要做到这一点:
from keystoneclient.v2_0 import client
kc = client.Client(token='123secret456', endpoint='http://x.x.x.x:35350/v2.0')
kc.users.list()
令牌是您已经在“admin_token”下的[DEFAULT]部分中的Keystone中配置的。请注意,端点URL是与授权URL不同的端口(35350)。无论好坏,V2 API具有明确分离的那些,并且要对Keystone中的元素执行CRUD操作,您需要将该管理URL用于API端点。
如果您使用上面提供的Everett示例进行身份验证,那么管理员网址将由keystoneclient自动加载,因此您通常不必担心该库的内容。
为了完整起见,要使用Python中的keystoneclient库来完成Everett所建议的内容:
from keystoneclient.v2_0 import client
kc = client.Client(username='admin', password='devstack', tenant_name='admin', auth_url='http://172.16.0.1:5000/v2.0')
kc = client.users.list()
答案 1 :(得分:1)
使用bash这就是我的工作
TOKEN=`curl -s -X POST http://172.16.0.1:35357/v2.0/tokens -d '{"auth": {"passwordCredentials": {"username":"admin", "password":"devstack"}, "tenantName":"admin"}}' -H "Content-type: application/json" | python -c 'import json,sys; response=json.loads(sys.stdin.read()); print response["access"]["token"]["id"]'`;
curl -s http://172.16.0.1:35357/v2.0/users -H "X-Auth-Token: "$TOKEN""
请注意,我正在以管理员身份进行身份验证。也许那里的东西会帮助你。