Keystone/BP-keystoneclient-api
< Keystone
(https://blueprints.launchpad.net/python-keystoneclient/+spec/solidify-python-api)
KeystoneClient python API
The client as written is focused entirely on the CLI interface and providing commands to interact with Keystone. It should also provide a consistent python API and documented properties that can be used by any other OpenStack python client so that they can get the benefits of a single, well defined code path that tracks and deals with authentication and authorization.
- initiate the client with username, password, and auth_url at a minimum
- by default, the client should attempt to lazy load a project, token, and the mgmt URL for keystone
- if provided in the client initialization, those values should override
- if a token is provided, authentication is not tried automatically, and no lazy loading takes place
- if a tenant isn't defined in initialization, the client should attempt to see if a default tenant is defined for that user and authenticate a token to that client
#!highlight python c = client(username=..., password=..., auth_url=...)
- project optional
- support optional token_id=..., mgmt_url= for administrative bootstrapping
- support optional token_ref=... to initialize client with a cached/stored token
c.auth_ref
- define properties on the client that preserve and cache the token, username, user id, tenant name, tenant id, and relevant service catalog endpoints for easy use by other clients
#!highlight python c = client() c.auth_ref.user_name c.auth_ref.user_id c.auth_ref.tenant_name c.auth_ref.tenant_id c.auth_ref.auth_url c.auth_ref.???.(public url for service?) c.url_for('compute') # default to endpoint='public' c.url_for('compute', endpoint='private')
- the client should cache the token retrieved during authentication for the lifetime of the token, optionally caching it on disk, so that we don't need to make repeated authentication calls.
- the authenticate() method should provide clear failures and strings (to the limits of reasonable security) on the reasons for authentication failure through documented exceptions
- the client should have a representation of the user, the tenant, and possible tenants available that are lazily loaded and available for external clients to utilize
#!highlight python c = client() c.user c.tenant