The keystoneclient.v2_0.client Module

class keystoneclient.v2_0.client.Client(**kwargs)

Bases: keystoneclient.client.HTTPClient

Client for the OpenStack Keystone v2.0 API.

Parameters:
  • username (string) – Username for authentication. (optional)
  • password (string) – Password for authentication. (optional)
  • token (string) – Token for authentication. (optional)
  • tenant_id (string) – Tenant id. (optional)
  • tenant_name (string) – Tenant name. (optional)
  • auth_url (string) – Keystone service endpoint for authorization.
  • region_name (string) – Name of a region to select when choosing an endpoint from the service catalog.
  • endpoint (string) – A user-supplied endpoint URL for the keystone service. Lazy-authentication is possible for API service calls if endpoint is set at instantiation.(optional)
  • timeout (integer) – Allows customization of the timeout for client http requests. (optional)
  • original_ip (string) – The original IP of the requesting user which will be sent to Keystone in a ‘Forwarded’ header. (optional)
  • cert (string) – If provided, used as a local certificate to communicate with the keystone endpoint. If provided, requires the additional parameter key. (optional)
  • key (string) – The key associated with the certificate for secure keystone communication. (optional)
  • cacert (string) – the ca-certs to verify the secure communications with keystone. (optional)
  • insecure (boolean) – If using an SSL endpoint, allows for the certicate to be unsigned - does not verify the certificate chain. default: False (optional)
  • auth_ref (dict) – To allow for consumers of the client to manage their own caching strategy, you may initialize a client with a previously captured auth_reference (token)
  • debug (boolean) – Enables debug logging of all request and responses to keystone. default False (option)

If debug is enabled, it may show passwords in plain text as a part of its output.

The client can be created and used like a user or in a strictly bootstrap mode. Normal operation expects a username, password, auth_url, and tenant_name or id to be provided. Other values will be lazily loaded as needed from the service catalog.

Example:

>>> from keystoneclient.v2_0 import client
>>> keystone = client.Client(username=USER,
                             password=PASS,
                             tenant_name=TENANT_NAME,
                             auth_url=KEYSTONE_URL)
>>> keystone.tenants.list()
...
>>> user = keystone.users.get(USER_ID)
>>> user.delete()

Once authenticated, you can store and attempt to re-use the authenticated token. the auth_ref property on the client returns as a dictionary-like-object so that you can export and cache it, re-using it when initiating another client:

>>> from keystoneclient.v2_0 import client
>>> keystone = client.Client(username=USER,
                             password=PASS,
                             tenant_name=TENANT_NAME,
                             auth_url=KEYSTONE_URL)
>>> auth_ref = keystone.auth_ref
>>> # pickle or whatever you like here
>>> new_client = client.Client(auth_ref=auth_ref)

Alternatively, you can provide the administrative token configured in keystone and an endpoint to communicate with directly. See (admin_token in keystone.conf) In this case, authenticate() is not needed, and no service catalog will be loaded.

Example:

>>> from keystoneclient.v2_0 import client
>>> admin_client = client.Client(
        token='12345secret7890',
        endpoint='http://localhost:35357/v2.0')
>>> keystone.tenants.list()
get_raw_token_from_identity_service(auth_url, username=None, password=None, tenant_name=None, tenant_id=None, token=None)

Authenticate against the Keystone API.

Returns:raw token if authentication was successful.
Raises :AuthorizationFailure if unable to authenticate or validate the existing authorization token
Raises :ValueError if insufficient parameters are used.
has_service_catalog()

Returns True if this client provides a service catalog.

process_token()

Extract and process information from the new auth_ref.

And set the relevant authentication information.

Previous topic

The keystoneclient.utils Module

Next topic

The keystoneclient.v2_0.ec2 Module

This Page