【openStack】Libcloud 如何支持 keystone V3？

Examples

This section includes some examples which show how to use the newly available functionality. For more information, please refer to the docstrings in theopenstack_identity module.

Authenticating against Keystone API v3 using the OpenStack compute driver

This example shows how to authenticate against Keystone API v3 using the OpenStack compute driver (for the time being, default auth version used by the compute driver is 2.0).

from pprint import pprint

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

cls = get_driver(Provider.OPENSTACK)
driver = cls('<username>', '<password>',
ex_force_auth_version='3.x_password',
ex_force_auth_url='http://192.168.1.100:5000',
ex_force_service_type='compute',
ex_force_service_region='regionOne',
ex_tenant_name='<my tenant>')

pprint(driver.list_nodes())

Obtaining auth token scoped to the domain

This example show how to obtain a token which is scoped to a domain and not to a project / tenant which is a default.

Keep in mind that most of the OpenStack services don’t yet support tokens which are scoped to a domain, so such tokens are of a limited use right now.

from pprint import pprint

from libcloud.common.openstack_identity import OpenStackIdentity_3_0_Connection
from libcloud.common.openstack_identity import OpenStackIdentityTokenScope

driver = OpenStackIdentity_3_0_Connection(auth_url='http://<host>:<port>',
user_id='admin',
key='<key>',
token_scope=OpenStackIdentityTokenScope.DOMAIN,
domain_name='Default',
tenant_name='admin')

driver.authenticate()
pprint(driver.auth_token)

Talking directly to the OpenStack Keystone API v3

This example shows how to talk directly to OpenStack Keystone API v3 and perform administrative tasks such as listing users and roles.

from pprint import pprint

from libcloud.common.openstack_identity import OpenStackIdentity_3_0_Connection
from libcloud.common.openstack_identity import OpenStackIdentityTokenScope

driver = OpenStackIdentity_3_0_Connection(auth_url='http://<host>:<port>',
user_id='admin',
key='<key>',
token_scope=OpenStackIdentityTokenScope.PROJECT,
tenant_name='admin')

# This call doesn't require authentication
pprint(driver.list_supported_versions())

# The calls bellow require authentication and admin access
# (depends on the ACL configuration)
driver.authenticate()

users = driver.list_users()
roles = driver.list_roles()

pprint(users)
pprint(roles)

A quick note on backward compatibility

If you only use OpenStack compute driver, those changes are fully backward compatible and you aren’t affected.

If you use

OpenStackAuthConnection

class to talk directly to the Keystone installation, you need to update your code to either use the new

OpenStackIdentityConnection

class or a version specific class since

OpenStackAuthConnection

class has been removed.

参考资料：
http://libcloud.apache.org/getting-started.html http://www.tuicool.com/articles/NvYvaa https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&rsv_idx=1&tn=baidu&wd=libcloud%20keystone%20ex_force_auth_version&oq=libcloud%20keystone%20%26lt%3B.0&rsv_pq=a51b518200044b8a&rsv_t=4eb0lAF%2BhC59R3Z7fs%2BvDC3%2B%2BQ2dxF2mXLegEqfVeU%2BrK88FClYH5tlcjWQ&rqlang=cn&rsv_enter=1&rsv_sug3=2&rsv_sug1=1&rsv_sug7=000&rsv_n=2&rsv_sug2=0&inputT=697&rsv_sug4=764&rsv_sug=1 https://libcloud.readthedocs.io/en/latest/apidocs/libcloud.common.html#module-libcloud.common.openstack https://libcloud.readthedocs.io/en/latest/apidocs/libcloud.common.html#module-libcloud.common.openstack_identity https://libcloud.readthedocs.io/en/latest/apidocs/modules.html https://libcloud.readthedocs.io/en/latest/supported_providers.html#compute