[openstack-dev] [keystone] Using 'admin_token' option as token to create keystone client.

Lei Zhang zhang.lei.fly at gmail.com
Fri Oct 10 01:52:11 UTC 2014


Yes. That will be more safer.

On Fri, Oct 10, 2014 at 12:00 AM, Nader Lahouti <nader.lahouti at gmail.com> wrote:
> Thanks Lei for the reply and clarification.
> So, instead of that we can use the following:
>
>
> from keystone client.v2_0 import Client
>
> keystone = Client(username=user, password=password, tenant_name=tenant,
> auth_url=url)
>
>
> with user, password, tenant and url can be obtained from cfg.CONF.
>
>
> Thanks,
>
> Nader.
>
>
> On Wed, Oct 8, 2014 at 11:54 PM, Lei Zhang <zhang.lei.fly at gmail.com> wrote:
>>
>> it should works but it is not safe to use admin_token. Because
>> * It is a admin token which has the full privilege for the keystone
>> service
>> * The token will be always valid till the admin_token in the conf file
>> is changed.
>>   It is dangerous when the token leak.
>>
>> Suggest that the admin_token is only used for the initial of admin
>> account.
>>
>> On Thu, Oct 9, 2014 at 2:29 PM, Nader Lahouti <nader.lahouti at gmail.com>
>> wrote:
>> > Hi,
>> >
>> > Is it acceptable to use 'admin_token' option from keystone.conf,  when
>> > creating a keystone client? something like this:
>> >
>> > kc = client.Client(token=cfg.CONF.admin_token,
>> >
>> >                    endpoint='http://localhost:35357/v2.0/')
>> >
>> >
>> >
>> >
>> > Thanks,
>> >
>> > Nader.
>> >
>> >
>> >
>> > _______________________________________________
>> > OpenStack-dev mailing list
>> > OpenStack-dev at lists.openstack.org
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> >
>>
>>
>>
>> --
>> Lei Zhang
>> Blog: http://xcodest.me
>> twitter/weibo: @jeffrey4l
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Lei Zhang
Blog: http://xcodest.me
twitter/weibo: @jeffrey4l



More information about the OpenStack-dev mailing list