Difference between revisions of "Keystone/BP-keystoneclient-api"
< Keystone
m (Text replace - "__NOTOC__" to "") |
|||
| (One intermediate revision by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | ||
(https://blueprints.launchpad.net/python-keystoneclient/+spec/solidify-python-api) | (https://blueprints.launchpad.net/python-keystoneclient/+spec/solidify-python-api) | ||
| Line 18: | Line 18: | ||
* project optional | * project optional | ||
| − | * | + | * support optional token_id=..., mgmt_url= for administrative bootstrapping |
| − | * | + | * support optional token_ref=... to initialize client with a cached/stored token |
| + | |||
| + | c.auth_ref | ||
* define properties on the client that preserve and cache the token, username, user id, tenant name, tenant id, and relevant service catalog endpoints for easy use by other clients | * define properties on the client that preserve and cache the token, username, user id, tenant name, tenant id, and relevant service catalog endpoints for easy use by other clients | ||
| Line 25: | Line 27: | ||
<pre><nowiki>#!highlight python | <pre><nowiki>#!highlight python | ||
c = client() | c = client() | ||
| − | c.user_name | + | c.auth_ref.user_name |
| − | c.user_id | + | c.auth_ref.user_id |
| − | c.tenant_name | + | c.auth_ref.tenant_name |
| − | c.tenant_id | + | c.auth_ref.tenant_id |
| − | c.auth_url | + | c.auth_ref.auth_url |
| − | c. | + | c.auth_ref.???.(public url for service?) |
c.url_for('compute') # default to endpoint='public' | c.url_for('compute') # default to endpoint='public' | ||
c.url_for('compute', endpoint='private') | c.url_for('compute', endpoint='private') | ||
Latest revision as of 23:29, 17 February 2013
(https://blueprints.launchpad.net/python-keystoneclient/+spec/solidify-python-api)
KeystoneClient python API
The client as written is focused entirely on the CLI interface and providing commands to interact with Keystone. It should also provide a consistent python API and documented properties that can be used by any other OpenStack python client so that they can get the benefits of a single, well defined code path that tracks and deals with authentication and authorization.
- initiate the client with username, password, and auth_url at a minimum
- by default, the client should attempt to lazy load a project, token, and the mgmt URL for keystone
- if provided in the client initialization, those values should override
- if a token is provided, authentication is not tried automatically, and no lazy loading takes place
- if a tenant isn't defined in initialization, the client should attempt to see if a default tenant is defined for that user and authenticate a token to that client
#!highlight python c = client(username=..., password=..., auth_url=...)
- project optional
- support optional token_id=..., mgmt_url= for administrative bootstrapping
- support optional token_ref=... to initialize client with a cached/stored token
c.auth_ref
- define properties on the client that preserve and cache the token, username, user id, tenant name, tenant id, and relevant service catalog endpoints for easy use by other clients
#!highlight python
c = client()
c.auth_ref.user_name
c.auth_ref.user_id
c.auth_ref.tenant_name
c.auth_ref.tenant_id
c.auth_ref.auth_url
c.auth_ref.???.(public url for service?)
c.url_for('compute') # default to endpoint='public'
c.url_for('compute', endpoint='private')
- the client should cache the token retrieved during authentication for the lifetime of the token, optionally caching it on disk, so that we don't need to make repeated authentication calls.
- the authenticate() method should provide clear failures and strings (to the limits of reasonable security) on the reasons for authentication failure through documented exceptions
- the client should have a representation of the user, the tenant, and possible tenants available that are lazily loaded and available for external clients to utilize
#!highlight python c = client() c.user c.tenant
