Làm việc với Keystone thông qua Curl

Cài đặt các công cụ cần thiết:

yum install -y epel-release
yum install -y curl

Tokens

Unscope token

Lấy token với scope mặc định(hoặc unscoped)

Project-scoped.

Lấy token với project scoped

curl \
  -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "adminpwd"
        }
      }
    },
    "scope": {
      "project": {
        "name": "admin",
        "domain": { "id": "default" }
      }
    }
  }
}' \
  "http://localhost:5000/v3/auth/tokens" ; echo

Output ví dụ như sau

HTTP/1.1 201 CREATED
Date: Fri, 29 May 2020 09:11:31 GMT
Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5
X-Subject-Token: gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk
Vary: X-Auth-Token
x-openstack-request-id: req-eff00224-ff88-46cb-9c63-1c2dfa7d715a
Content-Length: 4807
Content-Type: application/json

{
  "token": {
    "is_domain": false,
    "methods": [
      "password"
    ],
    "roles": [
      {
        "id": "f234937e59434033aff17acd55059b94",
        "name": "admin"
      }
    ],
    "expires_at": "2020-05-29T09:25:20.000000Z",
    "project": {
      "domain": {
        "id": "default",
        "name": "Default"
      },
      "id": "270488fd0772481d9fdd824a9c7c6490",
      "name": "admin"
    },
    "catalog": [
      {
        "endpoints": [
          {
            "region_id": "RegionOne",
            "url": "http://controller:5000/v3/",
            "region": "RegionOne",
            "interface": "admin",
            "id": "b64a6c35b70540d8956266e7ff7aaa09"
          },
          {
            "region_id": "RegionOne",
            "url": "http://controller:5000/v3/",
            "region": "RegionOne",
            "interface": "public",
            "id": "c3cf4353951c44c4bdadfac059dc7148"
          },
          {
            "region_id": "RegionOne",
            "url": "http://controller:5000/v3/",
            "region": "RegionOne",
            "interface": "internal",
            "id": "e64632f871444e0197c9f3ce545ae493"
          }
        ],
        "type": "identity",
        "id": "2fc1045ed039475599422a73f35d5d93",
        "name": "keystone"
      }
    ],
    "user": {
      "password_expires_at": null,
      "domain": {
        "id": "default",
        "name": "Default"
      },
      "id": "c49ed0d3dfb144dfb41bf1fa9b619f73",
      "name": "admin"
    },
    "audit_ids": [
      "eRY15PHsTAK9MlnpIfuBzA"
    ],
    "issued_at": "2020-05-29T08:25:20.000000Z"
  }
}

Token được trả về trong key X-Subject-Token của HTTP header. ở đây Token là gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk

Qua giá trị "issued_ad" và "expires_at" có thể thấy thời gian tạo và thời gian hết hạn của token.

Sau khi có token, gán token này vào một biến môi trường để có thể sử dụng lại trong các request khác:

export OS_TOKEN=gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk

Lấy token từ token

Từ token vừa tạo, chúng ta có thể tạo một request để tạo một token mới.

Ví dụ:

curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["token"],
      "token": {
        "id": "'$OS_TOKEN'"
      }
    }
  }
}' \
  "http://localhost:5000/v3/auth/tokens" ; echo

Kết quả:

HTTP/1.1 201 CREATED
Date: Fri, 29 May 2020 09:26:50 GMT
Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5
X-Subject-Token: gAAAAABe0NVa8nXBiRrBlmlv1FVytYINCDTGeaEV-nMvUWplGifnR5klF22cPvGOkq5EO9rRds0nDyAlaF2OLkym_qd8Sg0iH0ZpP3oGb9eht9DzRzlMWT41UL8JRqX_H1hQ2uP2pJJsfSNl-VesMep1GtUoNKExpCQhnLwZtPXPQnypGfDowWw
Vary: X-Auth-Token
x-openstack-request-id: req-7041d9c4-1845-4353-b544-7f21ff9d14ea
Content-Length: 347
Content-Type: application/json

{
  "token": {
    "issued_at": "2020-05-29T09:26:50.000000Z", 
    "audit_ids": [
      "kbP2VLbORfaspMiVRKWtpg", 
      "QqJSvzIfQwarvM7dj-kewA"
    ],
    "methods": ["token", "password"],
    "expires_at": "2020-05-29T10:11:31.000000Z",
    "user": {
      "password_expires_at": null,
      "domain": {
        "id": "default",
        "name": "Default"
      },
      "id": "c49ed0d3dfb144dfb41bf1fa9b619f73", 
      "name": "admin"
    }
  }
}

Domain-scoped token

curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "osadmin"
        }
      }
    },
    "scope": {
      "domain": {
        "id": "default"
      }
    }
  }
}' \
  "http://localhost:5000/v3/auth/tokens" ; echo

Thu hồi Token

curl -i -X DELETE \
  -H "X-Auth-Token: $OS_TOKEN" \
  -H "X-Subject-Token: $OS_TOKEN" \
  "http://localhost:5000/v3/auth/tokens"

Sử dụng Access token

Project

GET /v3/projects

Liệt kê project:

curl -s \
 -H "X-Auth-Token: $OS_TOKEN" \
 "http://localhost:5000/v3/projects" | python -mjson.tool

{
    "links": {
        "next": null,
        "previous": null,
        "self": "http://localhost:5000/v3/projects"
    },
    "projects": [
        {
            "description": "Bootstrap project for initializing the cloud.",
            "domain_id": "default",
            "enabled": true,
            "id": "270488fd0772481d9fdd824a9c7c6490",
            "is_domain": false,
            "links": {
                "self": "http://localhost:5000/v3/projects/270488fd0772481d9fdd824a9c7c6490"
            },
            "name": "admin",
            "options": {},
            "parent_id": "default",
            "tags": []
        },
        {
            "description": "Service Project",
            "domain_id": "default",
            "enabled": true,
            "id": "dd4b154a24ce49c786bf482b546792b8",
            "is_domain": false,
            "links": {
                "self": "http://localhost:5000/v3/projects/dd4b154a24ce49c786bf482b546792b8"
            },
            "name": "service",
            "options": {},
            "parent_id": "default",
            "tags": []
        }
    ]
}

PATCH /v3/projects/{id}

Disable một project(thay $PROJECT_ID bằng id của project muốn disable):

curl -s -X PATCH \
  -H "X-Auth-Token: $OS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '
{
  "project": {
      "enabled": false
    }
}'\
  "http://localhost:5000/v3/projects/$PROJECT_ID"  | python -mjson.tool

Services

GET /v3/services

Liệt kê các services:

curl -s \
  -H "X-Auth-Token: $OS_TOKEN" \
  "http://localhost:5000/v3/services" | python -mjson.tool

Output:

{
    "links": {
        "next": null,
        "previous": null,
        "self": "http://localhost:5000/v3/services"
    },
    "services": [
        {
            "description": "Keystone Identity Service",
            "enabled": true,
            "id": "bd7397d2c0e14fb69bae8ff76e112a90",
            "links": {
                "self": "http://localhost:5000/v3/services/bd7397d2c0e14fb69bae8ff76e112a90"
            },
            "name": "keystone",
            "type": "identity"
        }
    ]
}

Endpoint

Get /v3/endpoint

Liệt kê các endpoint:

curl -s \
 -H "X-Auth-Token: $OS_TOKEN" \
 "http://localhost:5000/v3/endpoints" | python -mjson.tool

Output:

{
    "endpoints": [
        {
            "enabled": true,
            "id": "29beb2f1567642eb810b042b6719ea88",
            "interface": "admin",
            "links": {
                "self": "http://localhost:5000/v3/endpoints/29beb2f1567642eb810b042b6719ea88"
            },
            "region": "RegionOne",
            "service_id": "bd7397d2c0e14fb69bae8ff76e112a90",
            "url": "http://localhost:5000/v3"
        }
    ],
    "links": {
        "next": null,
        "previous": null,
        "self": "http://localhost:5000/v3/endpoints"
    }
}

User

GET /v3/users

Liệt kê các user:

curl -s \
 -H "X-Auth-Token: $OS_TOKEN" \
 "http://localhost:5000/v3/users" | python -mjson.tool

GET /v3/users/{user_id}

Hiển thị thông tin chi tiết về user

curl -s \
 -H "X-Auth-Token: $OS_TOKEN" \
 "http://localhost:5000/v3/users/$USER_ID" | python -mjson.tool

Nguồn tài liệu:

https://docs.openstack.org/keystone/pike/api_curl_examples.html

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

06.Keystone-API-with-Curl.md

06.Keystone-API-with-Curl.md

Làm việc với Keystone thông qua Curl

Tokens

Unscope token

Project-scoped.

Lấy token từ token

Domain-scoped token

Thu hồi Token

Sử dụng Access token

Project

GET /v3/projects

PATCH /v3/projects/{id}

Services

GET /v3/services

Endpoint

Get /v3/endpoint

User

GET /v3/users

GET /v3/users/{user_id}

Files

06.Keystone-API-with-Curl.md

Latest commit

History

06.Keystone-API-with-Curl.md

File metadata and controls

Làm việc với Keystone thông qua Curl

Tokens

Unscope token

Project-scoped.

Lấy token từ token

Domain-scoped token

Thu hồi Token

Sử dụng Access token

Project

GET /v3/projects

PATCH /v3/projects/{id}

Services

GET /v3/services

Endpoint

Get /v3/endpoint

User

GET /v3/users

GET /v3/users/{user_id}