[openstack-dev] [keystone] Using 'admin_token' option as token to create keystone client.
Nader Lahouti
nader.lahouti at gmail.com
Thu Oct 9 16:00:12 UTC 2014
Thanks Lei for the reply and clarification.
So, instead of that we can use the following:
from keystone client.v2_0 import Client
keystone = Client(username=user, password=password, tenant_name=tenant,
auth_url=url)
with user, password, tenant and url can be obtained from cfg.CONF.
Thanks,
Nader.
On Wed, Oct 8, 2014 at 11:54 PM, Lei Zhang <zhang.lei.fly at gmail.com> wrote:
> it should works but it is not safe to use admin_token. Because
> * It is a admin token which has the full privilege for the keystone service
> * The token will be always valid till the admin_token in the conf file
> is changed.
> It is dangerous when the token leak.
>
> Suggest that the admin_token is only used for the initial of admin account.
>
> On Thu, Oct 9, 2014 at 2:29 PM, Nader Lahouti <nader.lahouti at gmail.com>
> wrote:
> > Hi,
> >
> > Is it acceptable to use 'admin_token' option from keystone.conf, when
> > creating a keystone client? something like this:
> >
> > kc = client.Client(token=cfg.CONF.admin_token,
> >
> > endpoint='http://localhost:35357/v2.0/')
> >
> >
> >
> >
> > Thanks,
> >
> > Nader.
> >
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
>
>
> --
> Lei Zhang
> Blog: http://xcodest.me
> twitter/weibo: @jeffrey4l
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141009/2b52dcf9/attachment.html>
More information about the OpenStack-dev
mailing list