[openstack-dev] [keystone] keystoneclient.client.v3.Client: extract identity endpoint
Johannes Grassler
jgrassler at suse.de
Thu Oct 13 12:19:49 UTC 2016
Hello,
I've got an existing keystoneclient.client.v3.Client object with an
authenticated session. Now I'd like to get the identity URL this
object uses for requesting things from Keystone. I want to use that
URL in a trust's endpoint list in order to allow the user the client
is authenticated as to talk to Keystone on the trustor's behalf.
The client is authenticated as a service user and issues a GET to
GET http://192.168.123.20/identity_admin/v3/OS-TRUST/trusts
when the following code snippet is executed:
client.trusts.list()
(`client` is my keystoneclient.client.v3.Client instance).
Initially I thought I could use the auth_url from the client's
session object, i.e.
client.session.auth.auth_url
but that turned out to be a dead end because it's the internal
endpoint:
http://192.168.123.20/identity/v3
This will be useless for a trust's endpoint URL list if the
trustee (my service user) ends up using
http://192.168.123.20/identity_admin/v3
to talk to Keystone. I could look up the admin URL from the catalog
like this...
keystone_service=client.services.list(type='identity')[0]
client.endpoints.list(service=keystone_service,
interface='admin',
region=client.region_name)
...but that feels rather dirty since it independently looks up the
admin endpoint rather than plucking the identity endpoint from the
keystone client instance. Is there a cleaner way to get that
information directly from the keystoneclient.client.v3.Client
instance?
Cheers,
Johannes
--
Johannes Grassler, Cloud Developer
SUSE Linux GmbH, HRB 21284 (AG Nürnberg)
GF: Felix Imendörffer, Jane Smithard, Graham Norton
Maxfeldstr. 5, 90409 Nürnberg, Germany
More information about the OpenStack-dev
mailing list