7
The main concepts in the Keystone API are:
15
The Keystone API lets you query and make changes through managers. For example,
16
to maipulate tenants, you interact with a
17
``keystoneclient.v2_0.tenants.TenantManger`` object.
19
You obtain access to managers through via atributes of the ``keystoneclient.v2_0.client.Client`` object. For example, the ``tenants`` attribute of the ``Client``
20
class is a tenant manager::
22
>>> from keystoneclient.v2_0 import client
23
>>> keystone = client.Client(...)
24
>>> keystone.tenants.list() # List tenants
26
You create a valid ``keystoneclient.v2_0.client.Client`` object by passing
27
authentication data to the constructor. Authentication and examples of common
28
tasks are provided below.
33
There are two ways to authenticate against Keystone:
34
* against the admin endpoint with the admin token
35
* against the public endpoint with a username and password
37
If you are an administrator, you can authenticate by connecting to the admin
38
endpoint and using the admin token (sometimes referred to as the service
39
token). The token is specified as the ``admin_token`` configuration option in your
40
keystone.conf config file, which is typically in /etc/keystone::
42
>>> from keystoneclient.v2_0 import client
43
>>> token = '012345SECRET99TOKEN012345'
44
>>> endpoint = 'http://192.168.206.130:35357/v2.0'
45
>>> keystone = client.Client(token=token, endpoint=endpoint)
47
If you have a username and password, authentication is done against the
48
public endpoint. You must also specify a tenant that is associated with the
51
>>> from keystoneclient.v2_0 import client
52
>>> username='adminUser'
53
>>> password='secreetword'
54
>>> tenant_name='openstackDemo'
55
>>> auth_url='http://192.168.206.130:5000/v2.0'
56
>>> keystone = client.Client(username=username, password=password,
57
... tenant_name, auth_url=auth_url)
62
This example will create a tenant named *openStackDemo*::
64
>>> from keystoneclient.v2_0 import client
65
>>> keystone = client.Client(...)
66
>>> keystone.tenants.create(tenant_name="openstackDemo",
67
... description="Default Tenant", enabled=True)
68
<Tenant {u'id': u'9b7962da6eb04745b477ae920ad55939', u'enabled': True, u'description': u'Default Tenant', u'name': u'openstackDemo'}>
73
This example will create a user named *adminUser* with a password *secretword*
74
in the opoenstackDemo tenant. We first need to retrieve the tenant::
76
>>> from keystoneclient.v2_0 import client
77
>>> keystone = client.Client(...)
78
>>> tenants = keystone.tenants.list()
79
>>> my_tenant = [x for x in tenants if x.name=='openstackDemo'][0]
80
>>> my_user = keystone.users.create(name="adminUser", password="secretword",
81
... tenant_id=my_tenant.id)
83
Creating roles and adding users
84
===============================
86
This example will create an admin role and add the *my_user* user to that
87
role, but only for the *my_tenant* tenant:
89
>>> from keystoneclient.v2_0 import client
90
>>> keystone = client.Client(...)
91
>>> role = keystone.roles.create('admin')
94
>>> keystone.roles.add_user_role(my_user, role, my_tenant)
96
Creating services and endpoints
97
===============================
99
This example will create the service and corresponding endpoint for the
102
>>> from keystoneclient.v2_0 import client
103
>>> keystone = client.Client(...)
104
>>> service = keystone.services.create(name="nova", service_type="compute",
105
... description="Nova Compute Service")
106
>>> keystone.endpoints.create(region="RegionOne", service_id=service.id,
107
... publicurl="http://192.168.206.130:8774/v2/%(tenant_id)s",
108
... adminurl="http://192.168.206.130:8774/v2/%(tenant_id)s",
109
... internalurl="http://192.168.206.130:8774/v2/%(tenant_id)s")