Skip to the content.

Làm việc với Keystone thông qua Curl

Cài đặt các công cụ cần thiết:

yum install -y epel-release
yum install -y curl

Tokens

Unscope token

Project-scoped.

{ “token”: { “is_domain”: false, “methods”: [ “password” ], “roles”: [ { “id”: “f234937e59434033aff17acd55059b94”, “name”: “admin” } ], “expires_at”: “2020-05-29T09:25:20.000000Z”, “project”: { “domain”: { “id”: “default”, “name”: “Default” }, “id”: “270488fd0772481d9fdd824a9c7c6490”, “name”: “admin” }, “catalog”: [ { “endpoints”: [ { “region_id”: “RegionOne”, “url”: “http://controller:5000/v3/”, “region”: “RegionOne”, “interface”: “admin”, “id”: “b64a6c35b70540d8956266e7ff7aaa09” }, { “region_id”: “RegionOne”, “url”: “http://controller:5000/v3/”, “region”: “RegionOne”, “interface”: “public”, “id”: “c3cf4353951c44c4bdadfac059dc7148” }, { “region_id”: “RegionOne”, “url”: “http://controller:5000/v3/”, “region”: “RegionOne”, “interface”: “internal”, “id”: “e64632f871444e0197c9f3ce545ae493” } ], “type”: “identity”, “id”: “2fc1045ed039475599422a73f35d5d93”, “name”: “keystone” } ], “user”: { “password_expires_at”: null, “domain”: { “id”: “default”, “name”: “Default” }, “id”: “c49ed0d3dfb144dfb41bf1fa9b619f73”, “name”: “admin” }, “audit_ids”: [ “eRY15PHsTAK9MlnpIfuBzA” ], “issued_at”: “2020-05-29T08:25:20.000000Z” } }


Token được trả về trong key `X-Subject-Token` của HTTP header.
ở đây Token là `gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk`

Qua giá trị "issued_ad" và "expires_at" có thể thấy thời gian tạo và thời gian hết hạn của token.

Sau khi có token, gán token này vào một biến môi trường để có thể sử dụng lại trong các request khác:

export OS_TOKEN=gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk


### Lấy token từ token
Từ token vừa tạo, chúng ta có thể tạo một request để tạo một token mới.
- Ví dụ:
```bash
curl -i \
  -H "Content-Type: application/json" \
  -d '
{ "auth": {
    "identity": {
      "methods": ["token"],
      "token": {
        "id": "'$OS_TOKEN'"
      }
    }
  }
}' \
  "http://localhost:5000/v3/auth/tokens" ; echo

{ “token”: { “issued_at”: “2020-05-29T09:26:50.000000Z”, “audit_ids”: [ “kbP2VLbORfaspMiVRKWtpg”, “QqJSvzIfQwarvM7dj-kewA” ], “methods”: [“token”, “password”], “expires_at”: “2020-05-29T10:11:31.000000Z”, “user”: { “password_expires_at”: null, “domain”: { “id”: “default”, “name”: “Default” }, “id”: “c49ed0d3dfb144dfb41bf1fa9b619f73”, “name”: “admin” } } }


### Domain-scoped token

curl -i
-H “Content-Type: application/json”
-d ‘ { “auth”: { “identity”: { “methods”: [“password”], “password”: { “user”: { “name”: “admin”, “domain”: { “id”: “default” }, “password”: “osadmin” } } }, “scope”: { “domain”: { “id”: “default” } } } }’
“http://localhost:5000/v3/auth/tokens” ; echo


### Thu hồi Token

curl -i -X DELETE
-H “X-Auth-Token: $OS_TOKEN”
-H “X-Subject-Token: $OS_TOKEN”
“http://localhost:5000/v3/auth/tokens”



## Sử dụng Access token
### Project
#### GET /v3/projects
Liệt kê project:

curl -s
-H “X-Auth-Token: $OS_TOKEN”
“http://localhost:5000/v3/projects” | python -mjson.tool

```json
{
    "links": {
        "next": null,
        "previous": null,
        "self": "http://localhost:5000/v3/projects"
    },
    "projects": [
        {
            "description": "Bootstrap project for initializing the cloud.",
            "domain_id": "default",
            "enabled": true,
            "id": "270488fd0772481d9fdd824a9c7c6490",
            "is_domain": false,
            "links": {
                "self": "http://localhost:5000/v3/projects/270488fd0772481d9fdd824a9c7c6490"
            },
            "name": "admin",
            "options": {},
            "parent_id": "default",
            "tags": []
        },
        {
            "description": "Service Project",
            "domain_id": "default",
            "enabled": true,
            "id": "dd4b154a24ce49c786bf482b546792b8",
            "is_domain": false,
            "links": {
                "self": "http://localhost:5000/v3/projects/dd4b154a24ce49c786bf482b546792b8"
            },
            "name": "service",
            "options": {},
            "parent_id": "default",
            "tags": []
        }
    ]
}

PATCH /v3/projects/{id}

Services

GET /v3/services

Liệt kê các services:

curl -s \
  -H "X-Auth-Token: $OS_TOKEN" \
  "http://localhost:5000/v3/services" | python -mjson.tool

Output:

{
    "links": {
        "next": null,
        "previous": null,
        "self": "http://localhost:5000/v3/services"
    },
    "services": [
        {
            "description": "Keystone Identity Service",
            "enabled": true,
            "id": "bd7397d2c0e14fb69bae8ff76e112a90",
            "links": {
                "self": "http://localhost:5000/v3/services/bd7397d2c0e14fb69bae8ff76e112a90"
            },
            "name": "keystone",
            "type": "identity"
        }
    ]
}

Endpoint

Get /v3/endpoint

Liệt kê các endpoint:

curl -s \
 -H "X-Auth-Token: $OS_TOKEN" \
 "http://localhost:5000/v3/endpoints" | python -mjson.tool

Output:

{
    "endpoints": [
        {
            "enabled": true,
            "id": "29beb2f1567642eb810b042b6719ea88",
            "interface": "admin",
            "links": {
                "self": "http://localhost:5000/v3/endpoints/29beb2f1567642eb810b042b6719ea88"
            },
            "region": "RegionOne",
            "service_id": "bd7397d2c0e14fb69bae8ff76e112a90",
            "url": "http://localhost:5000/v3"
        }
    ],
    "links": {
        "next": null,
        "previous": null,
        "self": "http://localhost:5000/v3/endpoints"
    }
}

User

GET /v3/users

Liệt kê các user:

curl -s \
 -H "X-Auth-Token: $OS_TOKEN" \
 "http://localhost:5000/v3/users" | python -mjson.tool

GET /v3/users/{user_id}

Hiển thị thông tin chi tiết về user

curl -s \
 -H "X-Auth-Token: $OS_TOKEN" \
 "http://localhost:5000/v3/users/$USER_ID" | python -mjson.tool

Nguồn tài liệu: