openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #20758
Re: How to generate an API key
My understanding is that API keys are a provider's term. They are specially
generated per user by the provider.
There are no API keys in a generic OpenStack Identity (keystone folsom)
installation. There are just calls you can make to get a token. Depending
on the provider you may need just username and password, or username,
password, and tenant id.
API keys just give users a way to get a token other than username/password.
Users still have to get a token. Depending on the provider's configuration,
tokens can be either UUID or PKI. In fact, default for the latest daily
code (grizzly) is PKI. This has tripped more than a few people up in the
last few months.
Lots of Identity configuration info here if you're interested:
http://docs.openstack.org/developer/keystone/configuration.html
Identity experts, please assist in my (probably over-simplified)
explanations. :)
Anne
On Fri, Feb 8, 2013 at 8:55 AM, Emilio García <
emilio.garcia@xxxxxxxxxxxxxxxx> wrote:
> Hello again,
>
> Basically I am using Openstack itself, keystone folsom in particular. I
> understand then the API keys are just user's passwords?
>
> Kind regards.
>
>
> On Fri, Feb 8, 2013 at 2:47 PM, Anne Gentle <anne@xxxxxxxxxxxxx> wrote:
>
>>
>>
>>
>> On Fri, Feb 8, 2013 at 8:43 AM, Emilio García <
>> emilio.garcia@xxxxxxxxxxxxxxxx> wrote:
>>
>>> Thank your for taking your time answering.
>>>
>>> I am aware about this not being a Zenoss list, so this was just to give
>>> a little bit of background. I can only find this sentence concerning API
>>> keys:
>>>
>>> *Note: An API key — provided by some cloud providers auth systems. You
>>> or your OpenStack provider's administrator/support staff can revoke it and
>>> generate a new one. While an authentication token can have a short
>>> lifespan, an API key lasts until it is regenerated.*
>>>
>>> However I cannot see anywhere any reference on how to generate API keys
>>> (not tokens). It is just like some kind of holy grail which is mentioned
>>> but anyone really knows where exactly is. Am I overlooking something very
>>> obvious? Closest reference I found suggested that the API key could be just
>>> a user's password. Is that so? or is a dead end?
>>>
>>>
>> API keys are specific to the provider. For example, Rackspace lets their
>> users authenticate with either a username and password or a username and
>> API key. See:
>>
>>
>> http://docs.rackspace.com/servers/api/v2/cs-devguide/content/curl_auth.html
>>
>>
>>> In a nutshell I am very confused about what is a API key exactly and how
>>> can they be generated (not a token).
>>>
>>>
>> I think it really depends on your provider. Perhaps some others can chime
>> in.
>>
>> Anne
>>
>>
>>> Kind regards.
>>>
>>>
>>> On Fri, Feb 8, 2013 at 2:34 PM, Anne Gentle <anne@xxxxxxxxxxxxx> wrote:
>>>
>>>> Hi Emilio,
>>>>
>>>> This isn't exactly a Zenoss list, but look under Usage on this page:
>>>> https://github.com/zenoss/ZenPacks.zenoss.OpenStack
>>>>
>>>> The above page doesn't clearly explain the versions of different APIs
>>>> from different services. From OpenStack's release perspective for Folsom,
>>>> the Identity API is currently v2 and the Compute API is currently v2 (which
>>>> is identical to v1.1). So I'm not sure from the Zenoss perspective what API
>>>> they are providing support for.
>>>>
>>>> In the OpenStack docs, this page explains more about tokens and API
>>>> keys. API keys are typically given by a particular provider. Tokens are
>>>> handed out by Keystone, the Identity service under the OpenStack umbrella.
>>>>
>>>> http://docs.openstack.org/api/openstack-compute/programmer/content/getting-the-keys-to-the-kingdom.html
>>>>
>>>> This page describes the process of obtaining a token.
>>>> http://docs.openstack.org/api/quick-start/content/index.html#Getting-Credentials-a00665
>>>>
>>>> Hope this helps.
>>>> Anne
>>>>
>>>>
>>>> On Fri, Feb 8, 2013 at 7:53 AM, Emilio García <
>>>> emilio.garcia@xxxxxxxxxxxxxxxx> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I am trying to generate an API key for a Zenpack (Zenoss) to use the
>>>>> OpenStack API to gather stats. However I cannot see how to generate a API
>>>>> key in the documentation anywhere. How can I do that? Also is it possible
>>>>> to use the v1 of the API protocol in Folsom or only v2?
>>>>>
>>>>> Kind regards.
>>>>>
>>>>>
>>>>> Cloudreach Limited is a limited company registered in England with registered number 06975407
>>>>>
>>>>> The above terms reflect a potential business arrangement, are provided solely as a basis for further discussion,
>>>>> and are not intended to be and do not constitute a legally binding obligation. No legally binding obligations
>>>>> will be created, implied, or inferred until an agreement in final form is executed in writing by all parties involved.
>>>>>
>>>>> This email may be confidential or privileged. If you received this communication by mistake, please don't forward
>>>>> it to anyone else, please erase all copies and attachments, and please let us know that it has gone to the wrong person.
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list: https://launchpad.net/~openstack
>>>>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>>>>> Unsubscribe : https://launchpad.net/~openstack
>>>>> More help : https://help.launchpad.net/ListHelp
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> *Emilio Garcia*
>>> Systems Developer, Cloudreach Limited
>>> [t] +44 20 7183 3893 (ext. 403)
>>> [m] +44 7958 036 743
>>>
>>> Cloudreach Limited is a limited company registered in England with registered number 06975407
>>>
>>> The above terms reflect a potential business arrangement, are provided solely as a basis for further discussion,
>>> and are not intended to be and do not constitute a legally binding obligation. No legally binding obligations
>>> will be created, implied, or inferred until an agreement in final form is executed in writing by all parties involved.
>>>
>>> This email may be confidential or privileged. If you received this communication by mistake, please don't forward
>>> it to anyone else, please erase all copies and attachments, and please let us know that it has gone to the wrong person.
>>>
>>>
>>>
>>
>
>
>
> Cloudreach Limited is a limited company registered in England with registered number 06975407
>
> The above terms reflect a potential business arrangement, are provided solely as a basis for further discussion,
> and are not intended to be and do not constitute a legally binding obligation. No legally binding obligations
> will be created, implied, or inferred until an agreement in final form is executed in writing by all parties involved.
>
> This email may be confidential or privileged. If you received this communication by mistake, please don't forward
> it to anyone else, please erase all copies and attachments, and please let us know that it has gone to the wrong person.
>
>
>
Follow ups
References