openstack team mailing list archive

[Dolph Mathews <dolph.mathews@xxxxxxxxx>]

Nicolas,

It looks like that guide was written for the diablo (or perhaps pre-diablo)
keystone API. The corrections you're suggesting are accurate to bring the
guide forward to essex.

However, you might find the following a bit easier, as we now have a real
auth client <https://github.com/openstack/python-keystoneclient>!

Start by using the keystoneclient to create an initial tenant and user to
work with <http://paste.openstack.org/raw/12219/>. I'm using the default
admin_token defined in keystone.conf and the default management endpoint
(on port 35357).

Then, import the client in python:

>>> from keystoneclient.v2_0 import client


Initialize an instance with your credentials and the URL to your keystone
endpoint:

>>> c = client.Client(username='my-user', password='my-pass',
tenant_name='my-tenant', auth_url='http://localhost:5000/v2.0/')


That's it! You now have an token (i.e. X-Auth-Token) you can use to make
requests to other OpenStack services:

>>> print c.auth_token
3f52de2c8bcf46a8917bde1209a0448a


There are also additional operations the client can perform, such as:

>>> c.tenants.list()
[<Tenant {u'id': u'61133986e465492cb7214778432608cd', u'enabled': True,
u'description': None, u'name': u'my-tenant'}>]


... as well as full CRUD on tenants, users, roles, services, endpoints, etc
(assuming you're using the keystone management endpoint & appropriate admin
credentials).

Hope this is useful,

-Dolph

On Wed, Mar 28, 2012 at 2:10 AM, Nicolas Odermatt <odermattn@xxxxxxxxx>wrote:

> Hello Anne
>
> I am playing with the OpenStack API on my StackOps environment to get an
> idea of how to use it for scripts to programm some little scripts.
> I read the documentation "Programming OpenStack Compute API - 1.1" and
> tried the code examples but at one specific script the machine threw me an
> error. The mentioned script is found in Chapter "2. The Basics" in the
> section "Using Python to Obtain the Authentication Token". If you
> copy-paste the script in a file, adjust the variables like username,
> password, etc. and then execute the file, you will receive a parse error
> from python:
>
> "root@nova-controller:~# ./gettoken.py
> {"badRequest": {"message": "Cannot parse auth", "code": "400", "details":
> "Expecting object: line 1 column 43 (char 43)"}}
> Traceback (most recent call last):
>   File "./gettoken.py", line 41, in <module>
>     apitoken = dd['auth']['token']['id']
> KeyError: 'auth'"
>
> This is due to the fact that line 39 tries to extract the api token from
> the response ['auth']['token']['id'], which rather ought to be
> ['access']['token']['id']
>
> old: apitoken = dd['auth']['token']['id']
> new: apitoken = dd['access']['token']['id']
>
> As you might have noticed you receive an answer, which states
> "badRequest". From former experience with the API, I remembered that this
> means that there is something wrong with the credentials provided to
> keystone. I checked the params variable and realized that there was no
> information about the tenantid. Therefore I edited the line like this:
>
> old:params = '{"passwordCredentials":{"username":osuser,
> "password":ospassword}}'
> new: params = '{"auth":{"passwordCredentials":{"username": osuser,
> "password":"ospassword"}, "tenantId":ostenant}}'
>
> After that the script worked like a charm. Could it be that this error
> only occurs on StackOps environments or is it a spelling error?
>
> PS: I learned a lot from the "Programming OpenStack Compute API"
> documentation. Thank you very much for this superb how to!
>
> Best regards,
> Nicolas
>
> --
> Freundliche Grüsse,
> Nicolas Odermatt
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>