← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1805817] Re: provide a 'whoami' service for authenticated users

 

Linked Horizon to this bug for historical context. The maintainers for
python-openstackclient no longer use launchpad, so we'll have to track
this separately with Storyboard [0].

[0] https://storyboard.openstack.org/#!/project_group/80

** Also affects: horizon
   Importance: Undecided
       Status: New

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1805817

Title:
  provide a 'whoami' service for authenticated users

Status in OpenStack Dashboard (Horizon):
  New
Status in OpenStack Identity (keystone):
  Invalid

Bug description:
  It would be very helpful if keystone could provide a 'whoami' service
  to users and other projects, for example for building clouds.yaml and
  openstackrc files to horizon interface / openstack client and API
  users

  openstack user show admin
  +---------------------+----------------------------------+
  | Field               | Value                            |
  +---------------------+----------------------------------+
  | domain_id           | default                          |
  | enabled             | True                             |
  | id                  | 22b8b60e6***************b |
  | name                | admin                            |
  | options             | {}                               |
  | password_expires_at | None                             |
  +---------------------+----------------------------------+

  This is not very useful. - and I need a working RC file to get this far!
  Federated users have to build their own clouds.yaml and need to find out fairly low level details from multiple systems for example with a SAML user:

  -os-auth-type v3samlpassword
  --os-identity-provider <name of ido in keystone>
  --os-identity-provider-url <ECP endpoint>
  --os-protocol saml2
  --os-username <federated username>
  --os-password
  --os-auth-url http://sp.keystone:5000/v3
  --os-project-name demo
  --os-project-domain-name Default
  --os-identity-api-versione 3

  I logged this with the horizon team, who suggested I log it here.
  Currently Horizon builds environment variables for users in a static way, it's quite messy and will only ever work for manual users

  export OS_AUTH_URL=
  # With the addition of Keystone we have standardized on the term **project**
  # as the entity that owns the resources.
  export OS_PROJECT_ID=
  export OS_PROJECT_NAME=
  export OS_USER_DOMAIN_NAME=
  if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi
  export OS_PROJECT_DOMAIN_ID="default"
  if [ -z "$OS_PROJECT_DOMAIN_ID" ]; then unset OS_PROJECT_DOMAIN_ID; fi
  # unset v2.0 items in case set
  unset OS_TENANT_ID
  unset OS_TENANT_NAME
  # In addition to the owning entity (tenant), OpenStack stores the entity
  # performing the action as the **user**.
  export OS_USERNAME=
  # With Keystone you pass the keystone password.
  echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "
  read -sr OS_PASSWORD_INPUT
  export OS_PASSWORD=$OS_PASSWORD_INPUT
  # If your configuration has multiple regions, we set that information here.
  # OS_REGION_NAME is optional and only valid in certain environments.
  export OS_REGION_NAME="RegionOne"
  # Don't leave a blank variable, unset it if it was empty
  if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi
  export OS_INTERFACE=
  export OS_IDENTITY_API_VERSION=

  It's quite ironic given that keystone is a discovery service too ;-)

  
  here's the original bug on Horizon
  https://bugs.launchpad.net/horizon/+bug/1795851

  and this is an abomination :-/
  https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/api_access/templates/api_access/openrc.sh.template

  thanks!

  
  .....I love keystone

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1805817/+subscriptions


References