Examples
This section includes some examples which show how to use the newly available functionality. For more information, please refer to the docstrings in theopenstack_identity module.
Authenticating against Keystone API v3 using the OpenStack compute driver
This example shows how to authenticate against Keystone API v3 using the OpenStack compute driver (for the time being, default auth version used by the compute driver is 2.0).
from pprint import pprint
from libcloud.compute.types import Provider
from libcloud.compute.providers import get_driver
cls = get_driver(Provider.OPENSTACK)
driver = cls('<username>', '<password>',
ex_force_auth_version='3.x_password',
ex_force_auth_url='http://192.168.1.100:5000',
ex_force_service_type='compute',
ex_force_service_region='regionOne',
ex_tenant_name='<my tenant>')
pprint(driver.list_nodes())
Obtaining auth token scoped to the domain
This example show how to obtain a token which is scoped to a domain and not to a project / tenant which is a default.
Keep in mind that most of the OpenStack services don’t yet support tokens which are scoped to a domain, so such tokens are of a limited use right now.
from pprint import pprint
from libcloud.common.openstack_identity import OpenStackIdentity_3_0_Connection
from libcloud.common.openstack_identity import OpenStackIdentityTokenScope
driver = OpenStackIdentity_3_0_Connection(auth_url='http://<host>:<port>',
user_id='admin',
key='<key>',
token_scope=OpenStackIdentityTokenScope.DOMAIN,
domain_name='Default',
tenant_name='admin')
driver.authenticate()
pprint(driver.auth_token)
Talking directly to the OpenStack Keystone API v3
This example shows how to talk directly to OpenStack Keystone API v3 and perform administrative tasks such as listing users and roles.
from pprint import pprint
from libcloud.common.openstack_identity import OpenStackIdentity_3_0_Connection
from libcloud.common.openstack_identity import OpenStackIdentityTokenScope
driver = OpenStackIdentity_3_0_Connection(auth_url='http://<host>:<port>',
user_id='admin',
key='<key>',
token_scope=OpenStackIdentityTokenScope.PROJECT,
tenant_name='admin')
# This call doesn't require authentication
pprint(driver.list_supported_versions())
# The calls bellow require authentication and admin access
# (depends on the ACL configuration)
driver.authenticate()
users = driver.list_users()
roles = driver.list_roles()
pprint(users)
pprint(roles)
A quick note on backward compatibility
If you only use OpenStack compute driver, those changes are fully backward compatible and you aren’t affected.
If you use OpenStackAuthConnection class to talk directly to the Keystone installation, you need to update your code to either use the newOpenStackIdentityConnection class or a version specific class sinceOpenStackAuthConnection class has been removed.
参考资料:
http://libcloud.apache.org/getting-started.html
http://www.tuicool.com/articles/NvYvaa
https://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=1&rsv_idx=1&tn=baidu&wd=libcloud%20keystone%20ex_force_auth_version&oq=libcloud%20keystone%20%26lt%3B.0&rsv_pq=a51b518200044b8a&rsv_t=4eb0lAF%2BhC59R3Z7fs%2BvDC3%2B%2BQ2dxF2mXLegEqfVeU%2BrK88FClYH5tlcjWQ&rqlang=cn&rsv_enter=1&rsv_sug3=2&rsv_sug1=1&rsv_sug7=000&rsv_n=2&rsv_sug2=0&inputT=697&rsv_sug4=764&rsv_sug=1
https://libcloud.readthedocs.io/en/latest/apidocs/libcloud.common.html#module-libcloud.common.openstack
https://libcloud.readthedocs.io/en/latest/apidocs/libcloud.common.html#module-libcloud.common.openstack_identity
https://libcloud.readthedocs.io/en/latest/apidocs/modules.html
https://libcloud.readthedocs.io/en/latest/supported_providers.html#compute