Thursday, January 16, 2014

How to test user authentication with openstack_auth and keystoneclient modules

##Activate virtual environment and goto the horizon directory

##Goto django console
python manage.py shell

##import django settings
from django.conf import settings
dir(settings)
vars(settings)
getattr(settings, 'OPENSTACK_API_VERSIONS', {})

##Imports
from openstack_auth import utils as auth_utils
from openstack_auth.user import Token
from openstack_auth.utils import check_token_expiration
dir(auth_utils)

##site-packages/openstack_auth/backend.py
##client
auth_utils.get_keystone_version()
keystone_client = auth_utils.get_keystone_client()
region_or_auth_url = "http://192.168.56.101:5000/v3"
##User authentication on a domain (Default domain) with username and password
client = keystone_client.Client(
                user_domain_name="Default",
                username="admin",
                password="password",
                auth_url=region_or_auth_url,
                insecure=False,
                debug=True)

##Token
unscoped_auth_ref = client.auth_ref
unscoped_auth_ref.auth_token
##Get token object
unscoped_token = Token(auth_ref=unscoped_auth_ref)
check_token_expiration(unscoped_auth_ref)##False means expired

##Get all projects, keystone version 3
client.management_url = region_or_auth_url
projects = client.projects.list(user=unscoped_auth_ref.user_id)

#### Working Example ####
##Create new project and user , then grant permission ###

a)
OpenStack How to Configure Horizon to use keystone API v3
http://fosshelp.blogspot.com/2014/01/openstack-configure-horizon-keystone-v3.html

b)
Activate virtual environment and goto the horizon directory

c)
Goto django console
python manage.py shell

d)
from openstack_auth import utils as auth_utils
 

keystone_client = auth_utils.get_keystone_client()
 

region_or_auth_url = "http://192.168.56.101:5000/v3"

client = keystone_client.Client(
                user_domain_name="Default",
                username="manu",
                password="manu",
                auth_url=region_or_auth_url,
                insecure=False,
                debug=True)

client.management_url = region_or_auth_url


##worked
#Create new project under the default domain
p = client.projects.create("ppp1", "Default")
#Create new user
u = client.users.create("uppp1", password="uppp1", project=p.id)

#Get member role object
r = [x for x in client.roles.list() if x.name in ["Member"]]

#Grant member role for user on project
client.roles.grant(r[0], user=u.id, project=p.id)



No comments:

Post a Comment