<div dir="ltr">Thanks Lei.</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 9, 2014 at 6:52 PM, Lei Zhang <span dir="ltr"><<a href="mailto:zhang.lei.fly@gmail.com" target="_blank">zhang.lei.fly@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Yes. That will be more safer.<br>
<div class="HOEnZb"><div class="h5"><br>
On Fri, Oct 10, 2014 at 12:00 AM, Nader Lahouti <<a href="mailto:nader.lahouti@gmail.com">nader.lahouti@gmail.com</a>> wrote:<br>
> Thanks Lei for the reply and clarification.<br>
> So, instead of that we can use the following:<br>
><br>
><br>
> from keystone client.v2_0 import Client<br>
><br>
> keystone = Client(username=user, password=password, tenant_name=tenant,<br>
> auth_url=url)<br>
><br>
><br>
> with user, password, tenant and url can be obtained from cfg.CONF.<br>
><br>
><br>
> Thanks,<br>
><br>
> Nader.<br>
><br>
><br>
> On Wed, Oct 8, 2014 at 11:54 PM, Lei Zhang <<a href="mailto:zhang.lei.fly@gmail.com">zhang.lei.fly@gmail.com</a>> wrote:<br>
>><br>
>> it should works but it is not safe to use admin_token. Because<br>
>> * It is a admin token which has the full privilege for the keystone<br>
>> service<br>
>> * The token will be always valid till the admin_token in the conf file<br>
>> is changed.<br>
>>   It is dangerous when the token leak.<br>
>><br>
>> Suggest that the admin_token is only used for the initial of admin<br>
>> account.<br>
>><br>
>> On Thu, Oct 9, 2014 at 2:29 PM, Nader Lahouti <<a href="mailto:nader.lahouti@gmail.com">nader.lahouti@gmail.com</a>><br>
>> wrote:<br>
>> > Hi,<br>
>> ><br>
>> > Is it acceptable to use 'admin_token' option from keystone.conf,  when<br>
>> > creating a keystone client? something like this:<br>
>> ><br>
>> > kc = client.Client(token=cfg.CONF.admin_token,<br>
>> ><br>
>> >                    endpoint='<a href="http://localhost:35357/v2.0/" target="_blank">http://localhost:35357/v2.0/</a>')<br>
>> ><br>
>> ><br>
>> ><br>
>> ><br>
>> > Thanks,<br>
>> ><br>
>> > Nader.<br>
>> ><br>
>> ><br>
>> ><br>
>> > _______________________________________________<br>
>> > OpenStack-dev mailing list<br>
>> > <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
>> > <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
>> ><br>
>><br>
>><br>
>><br>
>> --<br>
>> Lei Zhang<br>
>> Blog: <a href="http://xcodest.me" target="_blank">http://xcodest.me</a><br>
>> twitter/weibo: @jeffrey4l<br>
>><br>
>> _______________________________________________<br>
>> OpenStack-dev mailing list<br>
>> <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> OpenStack-dev mailing list<br>
> <a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
><br>
<br>
<br>
<br>
--<br>
Lei Zhang<br>
Blog: <a href="http://xcodest.me" target="_blank">http://xcodest.me</a><br>
twitter/weibo: @jeffrey4l<br>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div></div></blockquote></div><br></div>