Adding Users, Tenants, and Roles with python-keystoneclient Token Auth Method Password Auth Method

慕冠宇
2023-12-01

 Adding Users, Tenants, and Roles with python-keystoneclient

Only users with admin credentials can administer users, tenants and roles. You can configure the python-keystoneclient with admin credentials through either the authentication token, or the username and password method.

 Token Auth Method

To use keystone client using token auth, set the following flags:

  • --endpoint SERVICE_ENDPOINT. The keystone endpoint to communicate with. The default endpoint is http://localhost:35357/v2.0'.

  • --token SERVICE_TOKEN. The administrator service token.

 Password Auth Method

  • --username OS_USERNAME. The administrator username.

  • --password OS_PASSWORD. The administrator password

  • --tenant_name OS_TENANT_NAME. The tenant name.

  • --auth_url OS_AUTH_URL. The URL of the keystone auth server, for example http://localhost:5000/v2.0'.

 Using API v3 instead of API v2.0

Use the following keystone parameters, in combination, to specify the version of the API to use:

  • --os-endpoint. The keystone client detects the version of the API from this parameter.

  • --os-url. Specifies the service URL from the service catalog lookup.

  • --os-identity-api-version. Specifies the Identity Service API version.

For example, the following parameters indicate the use of API v3:

--os-url "http://15.253.57.115:35357/v3" --os-identity-api-version 3

The following parameters indicate the use of API v2.0:

--os-url "http://15.253.57.115:35357/v2.0" --os-identity-api-version 2.0

 Example usage

The keystone client is set up to expect commands in the general form of keystone command argument, followed by flag-like keyword arguments to provide additional (often optional) information. For example, the command user-list and tenant-create can be invoked as follows:

# Using token auth env variables
export SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/
export SERVICE_TOKEN=secrete_token
keystone user-list
keystone tenant-create --name=demo

# Using token auth flags
keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ user-list
keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ tenant-create --name=demo

# Using user + password + tenant_name env variables
export OS_USERNAME=admin
export OS_PASSWORD=secrete
export OS_TENANT_NAME=admin
keystone user-list
keystone tenant-create --name=demo

# Using user + password + tenant_name flags
keystone --username=admin --password=secrete --tenant_name=admin user-list
keystone --username=admin --password=secrete --tenant_name=admin tenant-create --name=demo

 Tenants

A tenant is a group of zero or more users. In nova, a tenant owns virtual machines. In swift, a tenant owns containers. Users can be associated with more than one tenant. Each tenant and user pairing can have a role associated with it.

 tenant-create

keyword arguments

  • name

  • description (optional, defaults to None)

  • enabled (optional, defaults to True)

The following command creates a tenant named demo:

keystone tenant-create --name=demo

 tenant-delete

arguments

  • tenant_id

example:

keystone tenant-delete f2b7b39c860840dfa47d9ee4adffa0b3

 tenant-enable

arguments

  • tenant_id

example:

keystone tenant-enable f2b7b39c860840dfa47d9ee4adffa0b3

 tenant-disable

arguments

  • tenant_id

example:

keystone tenant-disable f2b7b39c860840dfa47d9ee4adffa0b3

 Users

 user-create

keyword arguments:

  • name

  • pass

  • email

  • default_tenant (optional, defaults to None)

  • enabled (optional, defaults to True)

example:

keystone user-create
--name=admin \
--pass=secrete \
--email=admin@example.com

 user-delete

keyword arguments:

  • user

example:

keystone user-delete f2b7b39c860840dfa47d9ee4adffa0b3

 user-list

list users in the system, optionally by a specific tenant (identified by tenant_id)

arguments

  • tenant_id (optional, defaults to None)

example:

keystone user-list

 user-update --email

arguments

  • user_id

  • email

example:

keystone user-update --email 03c84b51574841ba9a0d8db7882ac645 "someone@somewhere.com"

 user-enable

arguments

  • user_id

example:

keystone user-enable 03c84b51574841ba9a0d8db7882ac645

 user-disable

arguments

  • user_id

example:

keystone user-disable 03c84b51574841ba9a0d8db7882ac645

 user-update --password

arguments

  • user_id

  • password

example:

keystone user-update --password 03c84b51574841ba9a0d8db7882ac645 foo

 Roles

 role-create

arguments

  • name

example:

keystone role-create --name=demo

 role-delete

arguments

  • role_id

example:

keystone role-delete 19d1d3344873464d819c45f521ff9890

 role-list

example:

keystone role-list

 role-get

arguments

  • role_id

example:

keystone role-get role=19d1d3344873464d819c45f521ff9890

 add-user-role

arguments

  • role_id

  • user_id

  • tenant_id

example:

keystone add-user-role \
3a751f78ef4c412b827540b829e2d7dd \
03c84b51574841ba9a0d8db7882ac645 \
20601a7f1d94447daa4dff438cb1c209

 remove-user-role

arguments

  • role_id

  • user_id

  • tenant_id

example:

keystone remove-user-role \
19d1d3344873464d819c45f521ff9890 \
08741d8ed88242ca88d1f61484a0fe3b \
20601a7f1d94447daa4dff438cb1c209

 Services

 service-create

keyword arguments

  • name

  • type

  • description

example:

keystone service create \
--name=nova \
--type=compute \
--description="Nova Compute Service"

 service-list

arguments

  • service_id

example:

keystone service-list

 service-get

arguments

  • service_id

example:

keystone service-get 08741d8ed88242ca88d1f61484a0fe3b

 service-delete

arguments

  • service_id

example:

keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b
 类似资料:

相关阅读

相关文章

相关问答