【openStack】Libcloud 如何支持 keystone V3？

Examples

This section includes some examples which show how to use the newly available functionality. For more information, please refer to the docstrings in theopenstack_identity module.

Authenticating against Keystone API v3 using the OpenStack compute driver

This example shows how to authenticate against Keystone API v3 using the OpenStack compute driver (for the time being, default auth version used by the compute driver is 2.0).

from pprint import pprint

from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver

cls = get_driver(Provider.OPENSTACK)
driver = cls('<username>', '<password>',
	ex_force_auth_version='3.x_password',
	ex_force_auth_url='http://192.168.1.100:5000',
	ex_force_service_type='compute',
	ex_force_service_region='regionOne',
	ex_tenant_name='<my tenant>')

pprint(driver.list_nodes())

Obtaining auth token scoped to the domain

This example show how to obtain a token which is scoped to a domain and not to a project / tenant which is a default.

Keep in mind that most of the OpenStack services don’t yet support tokens which are scoped to a domain, so such tokens are of a limited use right now.

from pprint import pprint

from libcloud.common.openstack_identity import OpenStackIdentity_3_0_Connection
from libcloud.common.openstack_identity import OpenStackIdentityTokenScope

driver = OpenStackIdentity_3_0_Connection(auth_url='http://<host>:<port>',
	user_id='admin',
	key='<key>',
	token_scope=OpenStackIdentityTokenScope.DOMAIN,
	domain_name='Default',
	tenant_name='admin')

driver.authenticate()
pprint(driver.auth_token)

Talking directly to the OpenStack Keystone API v3

This example shows how to talk directly to OpenStack Keystone API v3 and perform administrative tasks such as listing users and roles.

from pprint import pprint

from libcloud.common.openstack_identity import OpenStackIdentity_3_0_Connection
from libcloud.common.openstack_identity import OpenStackIdentityTokenScope

driver = OpenStackIdentity_3_0_Connection(auth_url='http://<host>:<port>',
	user_id='admin',
	key='<key>',
	token_scope=OpenStackIdentityTokenScope.PROJECT,
	tenant_name='admin')

# This call doesn't require authentication
pprint(driver.list_supported_versions())

# The calls bellow require authentication and admin access
# (depends on the ACL configuration)
driver.authenticate()

users = driver.list_users()
roles = driver.list_roles()

pprint(users)
pprint(roles)

A quick note on backward compatibility

If you only use OpenStack compute driver, those changes are fully backward compatible and you aren’t affected.

If you use OpenStackAuthConnection class to talk directly to the Keystone installation, you need to update your code to either use the newOpenStackIdentityConnection class or a version specific class sinceOpenStackAuthConnection class has been removed.

参考资料：

http://libcloud.apache.org/getting-started.html

http://www.tuicool.com/articles/NvYvaa

https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&rsv_idx=1&tn=baidu&wd=libcloud%20keystone%20ex_force_auth_version&oq=libcloud%20keystone%20%26lt%3B.0&rsv_pq=a51b518200044b8a&rsv_t=4eb0lAF%2BhC59R3Z7fs%2BvDC3%2B%2BQ2dxF2mXLegEqfVeU%2BrK88FClYH5tlcjWQ&rqlang=cn&rsv_enter=1&rsv_sug3=2&rsv_sug1=1&rsv_sug7=000&rsv_n=2&rsv_sug2=0&inputT=697&rsv_sug4=764&rsv_sug=1

https://libcloud.readthedocs.io/en/latest/apidocs/libcloud.common.html#module-libcloud.common.openstack

https://libcloud.readthedocs.io/en/latest/apidocs/libcloud.common.html#module-libcloud.common.openstack_identity

https://libcloud.readthedocs.io/en/latest/apidocs/modules.html

https://libcloud.readthedocs.io/en/latest/supported_providers.html#compute