[Openstack] specifying identity endpoint in Keystone v3 python API?
Jonathan Proulx
jon at jonproulx.com
Tue Mar 17 19:14:16 UTC 2015
I should note that sourcing the same example code below I can get a
user listing with:
>>> resp = sess.get('/users', endpoint_filter={'service_type': 'identityv3',
... 'interface': 'public',
... 'region_name': 'RegionOne'})
resp.content then has the userlist object, even though
keystone.users.list() continues to fail with EndpointNotFound (even
specifying the endpoint_filter, which id doesn't complain about yet
doesn't help either)
in response to some question that appear not to have gone to the wider list:
I only have the one region 'RegionOne'.
This is the endpoint I'm trying to hit:
root at server-1:~# openstack endpoint show 468d9e28152c44afb70295f8bed95899
+--------------+------------------------------------------------------------------------------------------------+
| Field | Value
|
+--------------+------------------------------------------------------------------------------------------------+
| enabled | True
|
| id | 468d9e28152c44afb70295f8bed95899
|
| interface | public
|
| links | {u'self':
u'https://SERVER-1:35358/v3/endpoints/468d9e28152c44afb70295f8bed95899'}
|
| region | RegionOne
|
| region_id | RegionOne
|
| service_id | 0cf95c25575a45c7b1d267833cb866a5
|
| service_name | keystonev3
|
| service_type | identityv3
|
| url | https://SERVER-1:5001/v3
|
+--------------+------------------------------------------------------------------------------------------------+
On Tue, Mar 17, 2015 at 10:20 AM, Jonathan Proulx <jon at jonproulx.com> wrote:
> Hi All,
>
> Using Juno...
>
> I'm an operator trying to replace the crufty Essex era bash scripts we
> use for account registration with something saner. Using keystone v3
> python api seems the right thing.
>
> Keystone is serving v2 and v3. My 'identity' endoint points to v2 but
> Horizion uses v3 and I can access v3 vi the 'openstack' cli by
> specifying the right OS_AUTH_URL and OS_IDENTITY_API_VERSION=3
>
> But...I cannot get my python script to do the right thing, it keeps
> failing with:keystoneclient.openstack.common.apiclient.exceptions.EndpointNotFound
>
> I maybe be casing things ion entirely the wrong direction, but I'm
> thinking this is because catalog endpoint is v2 (the failure is
> similar to passing the v3 OS_AUTH_URL but leaving out
> OS_IDENTITY_API_VERSION=3 in the CLI). If that's wrong you can
> probably stop reading and correct me right here :)
>
> I'm following the example at
> http://docs.openstack.org/developer/python-keystoneclient/using-api-v3.html#authenticating-using-sessions
>
> os_auth = source(os_auth_file)
> auth = v3.Password(auth_url=os_auth['OS_AUTH_URL'],
> username=os_auth['OS_USERNAME'],
> password=os_auth['OS_PASSWORD'],
> project_domain_name='default',user_domain_name='default',
> project_name=os_auth['OS_TENANT_NAME'])
> sess = session.Session(auth=auth)
> keystone = client.Client(session=sess)
>
>
> that 'source' call parses the same shell script fragment I source to
> use v3 with python-openstackclient cli into the 'os_auth' list. these
> are admin credentials as I'm trying to manipulate users,projects, and
> quotas here. My stest case is:
>
> keystone.users.list()
>
> I expect a list of users, I get EndpointNotFound.
>
> Trying to force my way through I created an 'identityv3' service and
> endpoint then specified
>
> endpoint_filter={'service_type': 'identityv3', 'interface': 'public',
> 'region_name': 'RegionOne'}
>
> in the session.Session call, which (mis)reading
> keystoneclient/session.py and
> http://docs.openstack.org/developer/python-keystoneclient/using-sessions.html#service-discovery
> I though t I could put there, but apparently can't ( unexpected
> keyword argument).
>
> Grasping at straws I moved the endpoint filter to the client.Client
> call and did not get and unexpected argument error but did still get
> the EndpointNotFound.
>
> Can any one tell me where I went off the rails and how to get back on?
>
> Thanks,
> -Jon
More information about the Openstack
mailing list