Làm việc với Keystone thông qua Curl

Cài đặt các công cụ cần thiết:

yum install -y epel-release
yum install -y curl

Tokens

Unscope token

• Lấy token với scope mặc định(hoặc unscoped)

Project-scoped.

• Lấy token với project scoped

  curl \
  -i \
  -H "Content-Type: application/json" \
  -d '
  { "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "adminpwd"
        }
      }
    },
    "scope": {
      "project": {
        "name": "admin",
        "domain": { "id": "default" }
      }
    }
  }
  }' \
  "http://localhost:5000/v3/auth/tokens" ; echo
  

• Output ví dụ như sau ``` HTTP/1.1 201 CREATED Date: Fri, 29 May 2020 09:11:31 GMT Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5 X-Subject-Token: gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk Vary: X-Auth-Token x-openstack-request-id: req-eff00224-ff88-46cb-9c63-1c2dfa7d715a Content-Length: 4807 Content-Type: application/json

{ “token”: { “is_domain”: false, “methods”: [ “password” ], “roles”: [ { “id”: “f234937e59434033aff17acd55059b94”, “name”: “admin” } ], “expires_at”: “2020-05-29T09:25:20.000000Z”, “project”: { “domain”: { “id”: “default”, “name”: “Default” }, “id”: “270488fd0772481d9fdd824a9c7c6490”, “name”: “admin” }, “catalog”: [ { “endpoints”: [ { “region_id”: “RegionOne”, “url”: “http://controller:5000/v3/”, “region”: “RegionOne”, “interface”: “admin”, “id”: “b64a6c35b70540d8956266e7ff7aaa09” }, { “region_id”: “RegionOne”, “url”: “http://controller:5000/v3/”, “region”: “RegionOne”, “interface”: “public”, “id”: “c3cf4353951c44c4bdadfac059dc7148” }, { “region_id”: “RegionOne”, “url”: “http://controller:5000/v3/”, “region”: “RegionOne”, “interface”: “internal”, “id”: “e64632f871444e0197c9f3ce545ae493” } ], “type”: “identity”, “id”: “2fc1045ed039475599422a73f35d5d93”, “name”: “keystone” } ], “user”: { “password_expires_at”: null, “domain”: { “id”: “default”, “name”: “Default” }, “id”: “c49ed0d3dfb144dfb41bf1fa9b619f73”, “name”: “admin” }, “audit_ids”: [ “eRY15PHsTAK9MlnpIfuBzA” ], “issued_at”: “2020-05-29T08:25:20.000000Z” } }

Token được trả về trong key `X-Subject-Token` của HTTP header.
ở đây Token là `gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk`

Qua giá trị "issued_ad" và "expires_at" có thể thấy thời gian tạo và thời gian hết hạn của token.

Sau khi có token, gán token này vào một biến môi trường để có thể sử dụng lại trong các request khác:

export OS_TOKEN=gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk

### Lấy token từ token
Từ token vừa tạo, chúng ta có thể tạo một request để tạo một token mới.
- Ví dụ:
```bash
curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["token"],
      "token": {
        "id": "'$OS_TOKEN'"
      }
    }
  }
}' \
  "http://localhost:5000/v3/auth/tokens" ; echo

• Kết quả: ``` HTTP/1.1 201 CREATED Date: Fri, 29 May 2020 09:26:50 GMT Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5 X-Subject-Token: gAAAAABe0NVa8nXBiRrBlmlv1FVytYINCDTGeaEV-nMvUWplGifnR5klF22cPvGOkq5EO9rRds0nDyAlaF2OLkym_qd8Sg0iH0ZpP3oGb9eht9DzRzlMWT41UL8JRqX_H1hQ2uP2pJJsfSNl-VesMep1GtUoNKExpCQhnLwZtPXPQnypGfDowWw Vary: X-Auth-Token x-openstack-request-id: req-7041d9c4-1845-4353-b544-7f21ff9d14ea Content-Length: 347 Content-Type: application/json

{ “token”: { “issued_at”: “2020-05-29T09:26:50.000000Z”, “audit_ids”: [ “kbP2VLbORfaspMiVRKWtpg”, “QqJSvzIfQwarvM7dj-kewA” ], “methods”: [“token”, “password”], “expires_at”: “2020-05-29T10:11:31.000000Z”, “user”: { “password_expires_at”: null, “domain”: { “id”: “default”, “name”: “Default” }, “id”: “c49ed0d3dfb144dfb41bf1fa9b619f73”, “name”: “admin” } } }

### Domain-scoped token

curl -i
-H “Content-Type: application/json”
-d ‘ { “auth”: { “identity”: { “methods”: [“password”], “password”: { “user”: { “name”: “admin”, “domain”: { “id”: “default” }, “password”: “osadmin” } } }, “scope”: { “domain”: { “id”: “default” } } } }’
“http://localhost:5000/v3/auth/tokens” ; echo

### Thu hồi Token

curl -i -X DELETE
-H “X-Auth-Token: $OS_TOKEN”
-H “X-Subject-Token: $OS_TOKEN”
“http://localhost:5000/v3/auth/tokens”

## Sử dụng Access token
### Project
#### GET /v3/projects
Liệt kê project:

curl -s
-H “X-Auth-Token: $OS_TOKEN”
“http://localhost:5000/v3/projects” | python -mjson.tool

```json
{
    "links": {
        "next": null,
        "previous": null,
        "self": "http://localhost:5000/v3/projects"
    },
    "projects": [
        {
            "description": "Bootstrap project for initializing the cloud.",
            "domain_id": "default",
            "enabled": true,
            "id": "270488fd0772481d9fdd824a9c7c6490",
            "is_domain": false,
            "links": {
                "self": "http://localhost:5000/v3/projects/270488fd0772481d9fdd824a9c7c6490"
            },
            "name": "admin",
            "options": {},
            "parent_id": "default",
            "tags": []
        },
        {
            "description": "Service Project",
            "domain_id": "default",
            "enabled": true,
            "id": "dd4b154a24ce49c786bf482b546792b8",
            "is_domain": false,
            "links": {
                "self": "http://localhost:5000/v3/projects/dd4b154a24ce49c786bf482b546792b8"
            },
            "name": "service",
            "options": {},
            "parent_id": "default",
            "tags": []
        }
    ]
}

PATCH /v3/projects/{id}

• Disable một project(thay $PROJECT_ID bằng id của project muốn disable):

  curl -s -X PATCH \
  -H "X-Auth-Token: $OS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '
  {
  "project": {
      "enabled": false
    }
  }'\
  "http://localhost:5000/v3/projects/$PROJECT_ID"  | python -mjson.tool
  

Services

GET /v3/services

Liệt kê các services:

curl -s \
  -H "X-Auth-Token: $OS_TOKEN" \
  "http://localhost:5000/v3/services" | python -mjson.tool

Output:

{
    "links": {
        "next": null,
        "previous": null,
        "self": "http://localhost:5000/v3/services"
    },
    "services": [
        {
            "description": "Keystone Identity Service",
            "enabled": true,
            "id": "bd7397d2c0e14fb69bae8ff76e112a90",
            "links": {
                "self": "http://localhost:5000/v3/services/bd7397d2c0e14fb69bae8ff76e112a90"
            },
            "name": "keystone",
            "type": "identity"
        }
    ]
}

Endpoint

Get /v3/endpoint

Liệt kê các endpoint:

curl -s \
 -H "X-Auth-Token: $OS_TOKEN" \
 "http://localhost:5000/v3/endpoints" | python -mjson.tool

Output:

{
    "endpoints": [
        {
            "enabled": true,
            "id": "29beb2f1567642eb810b042b6719ea88",
            "interface": "admin",
            "links": {
                "self": "http://localhost:5000/v3/endpoints/29beb2f1567642eb810b042b6719ea88"
            },
            "region": "RegionOne",
            "service_id": "bd7397d2c0e14fb69bae8ff76e112a90",
            "url": "http://localhost:5000/v3"
        }
    ],
    "links": {
        "next": null,
        "previous": null,
        "self": "http://localhost:5000/v3/endpoints"
    }
}

User

GET /v3/users

Liệt kê các user:

curl -s \
 -H "X-Auth-Token: $OS_TOKEN" \
 "http://localhost:5000/v3/users" | python -mjson.tool

GET /v3/users/{user_id}

Hiển thị thông tin chi tiết về user

curl -s \
 -H "X-Auth-Token: $OS_TOKEN" \
 "http://localhost:5000/v3/users/$USER_ID" | python -mjson.tool

Nguồn tài liệu:

• https://docs.openstack.org/keystone/pike/api_curl_examples.html