[openstack-dev] [keystone] Using 'admin_token' option as token to create keystone client.

Nader Lahouti nader.lahouti at gmail.com
Fri Oct 10 16:51:18 UTC 2014 

Thanks Lei.

On Thu, Oct 9, 2014 at 6:52 PM, Lei Zhang <zhang.lei.fly at gmail.com> wrote:

> Yes. That will be more safer.
>
> On Fri, Oct 10, 2014 at 12:00 AM, Nader Lahouti <nader.lahouti at gmail.com>
> wrote:
> > Thanks Lei for the reply and clarification.
> > So, instead of that we can use the following:
> >
> >
> > from keystone client.v2_0 import Client
> >
> > keystone = Client(username=user, password=password, tenant_name=tenant,
> > auth_url=url)
> >
> >
> > with user, password, tenant and url can be obtained from cfg.CONF.
> >
> >
> > Thanks,
> >
> > Nader.
> >
> >
> > On Wed, Oct 8, 2014 at 11:54 PM, Lei Zhang <zhang.lei.fly at gmail.com>
> wrote:
> >>
> >> it should works but it is not safe to use admin_token. Because
> >> * It is a admin token which has the full privilege for the keystone
> >> service
> >> * The token will be always valid till the admin_token in the conf file
> >> is changed.
> >>   It is dangerous when the token leak.
> >>
> >> Suggest that the admin_token is only used for the initial of admin
> >> account.
> >>
> >> On Thu, Oct 9, 2014 at 2:29 PM, Nader Lahouti <nader.lahouti at gmail.com>
> >> wrote:
> >> > Hi,
> >> >
> >> > Is it acceptable to use 'admin_token' option from keystone.conf,  when
> >> > creating a keystone client? something like this:
> >> >
> >> > kc = client.Client(token=cfg.CONF.admin_token,
> >> >
> >> >                    endpoint='http://localhost:35357/v2.0/')
> >> >
> >> >
> >> >
> >> >
> >> > Thanks,
> >> >
> >> > Nader.
> >> >
> >> >
> >> >
> >> > _______________________________________________
> >> > OpenStack-dev mailing list
> >> > OpenStack-dev at lists.openstack.org
> >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >> >
> >>
> >>
> >>
> >> --
> >> Lei Zhang
> >> Blog: http://xcodest.me
> >> twitter/weibo: @jeffrey4l
> >>
> >> _______________________________________________
> >> OpenStack-dev mailing list
> >> OpenStack-dev at lists.openstack.org
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
>
>
> --
> Lei Zhang
> Blog: http://xcodest.me
> twitter/weibo: @jeffrey4l
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141010/017b8dda/attachment.html>

More information about the OpenStack-dev mailing list