Keystone/BP-keystoneclient-api

(https://blueprints.launchpad.net/python-keystoneclient/+spec/solidify-python-api)

= KeystoneClient python API =

The client as written is focused entirely on the CLI interface and providing commands to interact with Keystone. It should also provide a consistent python API and documented properties that can be used by any other OpenStack python client so that they can get the benefits of a single, well defined code path that tracks and deals with authentication and authorization.


 * initiate the client with username, password, and auth_url at a minimum
 * by default, the client should attempt to lazy load a project, token, and the mgmt URL for keystone
 * if provided in the client initialization, those values should override
 * if a token is provided, authentication is not tried automatically, and no lazy loading takes place
 * if a tenant isn't defined in initialization, the client should attempt to see if a default tenant is defined for that user and authenticate a token to that client

#!highlight python c = client(username=..., password=..., auth_url=...)


 * project optional
 * support optional token_id=..., mgmt_url= for administrative bootstrapping
 * support optional token_ref=... to initialize client with a cached/stored token

c.auth_ref
 * define properties on the client that preserve and cache the token, username, user id, tenant name, tenant id, and relevant service catalog endpoints for easy use by other clients

#!highlight python c = client c.auth_ref.user_name c.auth_ref.user_id c.auth_ref.tenant_name c.auth_ref.tenant_id c.auth_ref.auth_url c.auth_ref.???.(public url for service?) c.url_for('compute') # default to endpoint='public' c.url_for('compute', endpoint='private')


 * the client should cache the token retrieved during authentication for the lifetime of the token, optionally caching it on disk, so that we don't need to make repeated authentication calls.
 * the authenticate method should provide clear failures and strings (to the limits of reasonable security) on the reasons for authentication failure through documented exceptions
 * the client should have a representation of the user, the tenant, and possible tenants available that are lazily loaded and available for external clients to utilize

#!highlight python c = client c.user c.tenant