[openstack-dev] [keystone]how to get service_catalog
Jamie Lennox
jamielennox at redhat.com
Mon Sep 7 04:54:26 UTC 2015
----- Original Message -----
> From: "王华" <wanghua.humble at gmail.com>
> To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org>
> Sent: Monday, 7 September, 2015 12:00:43 PM
> Subject: [openstack-dev] [keystone]how to get service_catalog
>
> Hi all,
>
> When I use a token to init a keystoneclient and try to get service_catalog by
> it, error occurs. I find that keystone doesn't return service_catalog when
> we use a token. Is there a way to get service_catalog by token? In magnum,
> we now make a trick. We init a keystoneclient with service_catalog which is
> contained in the token_info returned by keystonemiddleware in auth_ref
> parameter.
>
> I want a way to get service_catalog by token. Or can we init a keystoneclient
> by the token_info return by keystonemiddleware directly?
>
> Regards,
> Wanghua
Sort of.
The problem you are hitting is that a token is just a string, an identifier for some information stored in keystone. Given a token at __init__ time the client doesn't try to validate this in anyway it just assumes you know what you are doing. You can do a variation of this though in which you use an existing token to fetch a new token with the same rights (the expiry etc will be the same) and then you will get a fresh service catalog. Using auth plugins that's the Token family of plugins.
However i don't _think_ that's exactly what you're looking for in magnum. What token are you trying to reuse?
If it's the users token then auth_token passes down an auth plugin in the ENV['keystone.token_auth'] variable[1] and you can pass that to a client to reuse the token and service catalog. If you are loading up magnum specific auth then again have a look at using keystoneclient's auth plugins and reusing it across multiple requests.
Trying to pass around a bundle of token id and service catalog is pretty much exactly what an auth plugin does and you should be able to do something there.
Jamie
[1] https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/__init__.py#L164
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list