Monday, November 18, 2013

How to use Keystone API Version 3

http://adam.younglogic.com/2013/09/keystone-v3-api-examples/
https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3.md

a)
Export the IP of OpenStack host
OPSENSTACK_HOST="192.168.56.101"

b)
#### Get token ####

#export TOKEN=`curl -si -d @keystone_auth_admin_cred.json -H "Content-type: application/json" http://$OPSENSTACK_HOST:35357/v3/auth/tokens | awk '/X-Subject-Token/ {print $2}'`

#### keystone_auth_admin_cred.json ####
{
            "auth": {
                "identity": {
                    "methods": [
                "password"
                    ],
                    "password": {
                        "user": {
                            "domain": {
                                "name": "Default"
                            },
                            "name": "admin",
                            "password": "password"
                        }
                    }
                },
                "scope": {
                    "project": {
                        "domain": {
                            "name": "Default"
                        },
                        "name": "demo"
                    }
                }
            }
        }

b)
#### Check token ####

#echo $TOKEN

c)
#### List all users ####
##Port 35357

#curl -si -H"X-Auth-Token:$TOKEN" -H "Content-type: application/json" http://$OPSENSTACK_HOST:35357/v3/users
or
##Port 5000

#curl -si -H"X-Auth-Token:$TOKEN" -H "Content-type: application/json" http://$OPSENSTACK_HOST:5000/v3/users

d)
##Get all projects

#curl -si -H"X-Auth-Token:$TOKEN" -H "Content-type: application/json" http://$OPSENSTACK_HOST:5000/v3/projects
e)
##Get all domains

#curl -si -H"X-Auth-Token:$TOKEN" -H "Content-type: application/json" http://$OPSENSTACK_HOST:5000/v3/domains

f)
##Get all roles

#curl -si -H"X-Auth-Token:$TOKEN" -H "Content-type: application/json" http://$OPSENSTACK_HOST:5000/v3/roles

g)
Create User

#curl -si -H"X-Auth-Token:$TOKEN" -H "Content-type: application/json" http://$OPSENSTACK_HOST:35357/v3/users -d @keystone_create_user_cred.json

h)
Grant role to user on domain

#curl -si -X "PUT" -H"X-Auth-Token:$TOKEN" -H "Content-type: application/json" http://$OPSENSTACK_HOST:35357/v3/domains/default/users/a007766b3e1747f89548bf5bf517f05c/roles/b4a1700504ef4250af9feed3d892aba1

i)
Grant role to user on project.

* After this we will not get the error "You are not authorized for any projects" while login.
#curl -si -X "PUT"  -H"X-Auth-Token:$TOKEN" -H "Content-type: application/json" http://$OPSENSTACK_HOST:35357/v3/projects/18dc2ae781034460a683eb9ca68a7b9c/users/a007766b3e1747f89548bf5bf517f05c/roles/b4a1700504ef4250af9feed3d892aba1

j)

mysql> use keystone
mysql> select id, name from project;
mysql> select id, name from domain;
mysql> select id, name from role;
mysql> select id, name from group;




No comments:

Post a Comment