Difference between revisions of "QuantumCliAuth"
Line 32: | Line 32: | ||
|- | |- | ||
| --os_region_name | | --os_region_name | ||
− | |||
|- | |- | ||
| --os_auth_token | | --os_auth_token |
Revision as of 08:27, 25 March 2012
Deepak: WORK IN PROGRESS
Quantum CLI and Keystone integration
Summary:
Enable Auth in Quantum CLI via either the Username credentials or Token credentials (obtained from Keystone endpoint by supplying those Username credentials).
Info
Auth credentials can be divided in two types and are henceforth referred by those type names: Username credentials includes: username, password, tenant-name, auth-url Token credentials includes: token-id, service endpoint url
Use Cases:
- Allow a user to authenticate with Username credentials
- Allow a user to authenticate with Token credentials
- Allow a user to pass these values via either the cli parameters or env parameters
New variables to be defined
The user can supply these values via either the cli arguments or setting the environment variable. When both cli and env value is specified for any of these parameters, the cli one takes preference. The following new variables will be introduced in the cli:
Cli parameter |
--os_username |
--os_password |
--os_tenant_name |
--os_auth_url |
--os_region_name |
--os_auth_token |
--endpoint_url |
CLI Behaviour
Token Credentials or Username Credentials are completely specified when all the parameters involved (mentioned above) are defined.
If the user provides both Username credentials and Token credentials then the latter takes preference.
In this case if Token credentials are completely specified then Username credentials will be ignored. Hence if the cmd fails for any reason (e.g. unauthorization ) then it doesn't make any attempt to use the Username credentials. However, if the Token credentials are not completely specified then the api call is not initiated and client will try to use the Username credentials.
While using the Username/Token credentials, if it is not completely specified then no API call is made and user is asked to provide the missing params.
API call behaviour
Auth API call: The Username credentials are used to obtain the token and service endpoint url and then the service api call is made using these.
Service API call:
Proper Message in case of 401: Either the token provided is wrong or expired. Keystone versions supported: v2.0
Username Credentials: