Làm việc với Keystone thông qua Curl
Cài đặt các công cụ cần thiết:
yum install -y epel-release
yum install -y curl
Tokens
Unscope token
- Lấy token với scope mặc định(hoặc unscoped)
Project-scoped.
- Lấy token với project scoped
curl \ -i \ -H "Content-Type: application/json" \ -d ' { "auth": { "identity": { "methods": ["password"], "password": { "user": { "name": "admin", "domain": { "id": "default" }, "password": "adminpwd" } } }, "scope": { "project": { "name": "admin", "domain": { "id": "default" } } } } }' \ "http://localhost:5000/v3/auth/tokens" ; echo
- Output ví dụ như sau ``` HTTP/1.1 201 CREATED Date: Fri, 29 May 2020 09:11:31 GMT Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5 X-Subject-Token: gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk Vary: X-Auth-Token x-openstack-request-id: req-eff00224-ff88-46cb-9c63-1c2dfa7d715a Content-Length: 4807 Content-Type: application/json
{ “token”: { “is_domain”: false, “methods”: [ “password” ], “roles”: [ { “id”: “f234937e59434033aff17acd55059b94”, “name”: “admin” } ], “expires_at”: “2020-05-29T09:25:20.000000Z”, “project”: { “domain”: { “id”: “default”, “name”: “Default” }, “id”: “270488fd0772481d9fdd824a9c7c6490”, “name”: “admin” }, “catalog”: [ { “endpoints”: [ { “region_id”: “RegionOne”, “url”: “http://controller:5000/v3/”, “region”: “RegionOne”, “interface”: “admin”, “id”: “b64a6c35b70540d8956266e7ff7aaa09” }, { “region_id”: “RegionOne”, “url”: “http://controller:5000/v3/”, “region”: “RegionOne”, “interface”: “public”, “id”: “c3cf4353951c44c4bdadfac059dc7148” }, { “region_id”: “RegionOne”, “url”: “http://controller:5000/v3/”, “region”: “RegionOne”, “interface”: “internal”, “id”: “e64632f871444e0197c9f3ce545ae493” } ], “type”: “identity”, “id”: “2fc1045ed039475599422a73f35d5d93”, “name”: “keystone” } ], “user”: { “password_expires_at”: null, “domain”: { “id”: “default”, “name”: “Default” }, “id”: “c49ed0d3dfb144dfb41bf1fa9b619f73”, “name”: “admin” }, “audit_ids”: [ “eRY15PHsTAK9MlnpIfuBzA” ], “issued_at”: “2020-05-29T08:25:20.000000Z” } }
Token được trả về trong key `X-Subject-Token` của HTTP header.
ở đây Token là `gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk`
Qua giá trị "issued_ad" và "expires_at" có thể thấy thời gian tạo và thời gian hết hạn của token.
Sau khi có token, gán token này vào một biến môi trường để có thể sử dụng lại trong các request khác:
export OS_TOKEN=gAAAAABe0NHDzk2M5aduqBcOBQhP_dWHsrLMFBJxoZpGNWO_MaL4_8MJkin48q1fCieIcOYMvEg_INNawCSvkC1VND1FgJLWqOsu_NvuZb6Kn6NknWvovvlXClOo19Yn64zPTN953WGcN-3n65kyBuLd8QZyYeovKJCL4bXibtCuDdopzhN9Xsk
### Lấy token từ token
Từ token vừa tạo, chúng ta có thể tạo một request để tạo một token mới.
- Ví dụ:
```bash
curl -i \
-H "Content-Type: application/json" \
-d '
{ "auth": {
"identity": {
"methods": ["token"],
"token": {
"id": "'$OS_TOKEN'"
}
}
}
}' \
"http://localhost:5000/v3/auth/tokens" ; echo
- Kết quả: ``` HTTP/1.1 201 CREATED Date: Fri, 29 May 2020 09:26:50 GMT Server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5 X-Subject-Token: gAAAAABe0NVa8nXBiRrBlmlv1FVytYINCDTGeaEV-nMvUWplGifnR5klF22cPvGOkq5EO9rRds0nDyAlaF2OLkym_qd8Sg0iH0ZpP3oGb9eht9DzRzlMWT41UL8JRqX_H1hQ2uP2pJJsfSNl-VesMep1GtUoNKExpCQhnLwZtPXPQnypGfDowWw Vary: X-Auth-Token x-openstack-request-id: req-7041d9c4-1845-4353-b544-7f21ff9d14ea Content-Length: 347 Content-Type: application/json
{ “token”: { “issued_at”: “2020-05-29T09:26:50.000000Z”, “audit_ids”: [ “kbP2VLbORfaspMiVRKWtpg”, “QqJSvzIfQwarvM7dj-kewA” ], “methods”: [“token”, “password”], “expires_at”: “2020-05-29T10:11:31.000000Z”, “user”: { “password_expires_at”: null, “domain”: { “id”: “default”, “name”: “Default” }, “id”: “c49ed0d3dfb144dfb41bf1fa9b619f73”, “name”: “admin” } } }
### Domain-scoped token
curl -i
-H “Content-Type: application/json”
-d ‘
{ “auth”: {
“identity”: {
“methods”: [“password”],
“password”: {
“user”: {
“name”: “admin”,
“domain”: { “id”: “default” },
“password”: “osadmin”
}
}
},
“scope”: {
“domain”: {
“id”: “default”
}
}
}
}’
“http://localhost:5000/v3/auth/tokens” ; echo
### Thu hồi Token
curl -i -X DELETE
-H “X-Auth-Token: $OS_TOKEN”
-H “X-Subject-Token: $OS_TOKEN”
“http://localhost:5000/v3/auth/tokens”
## Sử dụng Access token
### Project
#### GET /v3/projects
Liệt kê project:
curl -s
-H “X-Auth-Token: $OS_TOKEN”
“http://localhost:5000/v3/projects” | python -mjson.tool
```json
{
"links": {
"next": null,
"previous": null,
"self": "http://localhost:5000/v3/projects"
},
"projects": [
{
"description": "Bootstrap project for initializing the cloud.",
"domain_id": "default",
"enabled": true,
"id": "270488fd0772481d9fdd824a9c7c6490",
"is_domain": false,
"links": {
"self": "http://localhost:5000/v3/projects/270488fd0772481d9fdd824a9c7c6490"
},
"name": "admin",
"options": {},
"parent_id": "default",
"tags": []
},
{
"description": "Service Project",
"domain_id": "default",
"enabled": true,
"id": "dd4b154a24ce49c786bf482b546792b8",
"is_domain": false,
"links": {
"self": "http://localhost:5000/v3/projects/dd4b154a24ce49c786bf482b546792b8"
},
"name": "service",
"options": {},
"parent_id": "default",
"tags": []
}
]
}
PATCH /v3/projects/{id}
- Disable một project(thay $PROJECT_ID bằng id của project muốn disable):
curl -s -X PATCH \ -H "X-Auth-Token: $OS_TOKEN" \ -H "Content-Type: application/json" \ -d ' { "project": { "enabled": false } }'\ "http://localhost:5000/v3/projects/$PROJECT_ID" | python -mjson.tool
Services
GET /v3/services
Liệt kê các services:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/services" | python -mjson.tool
Output:
{
"links": {
"next": null,
"previous": null,
"self": "http://localhost:5000/v3/services"
},
"services": [
{
"description": "Keystone Identity Service",
"enabled": true,
"id": "bd7397d2c0e14fb69bae8ff76e112a90",
"links": {
"self": "http://localhost:5000/v3/services/bd7397d2c0e14fb69bae8ff76e112a90"
},
"name": "keystone",
"type": "identity"
}
]
}
Endpoint
Get /v3/endpoint
Liệt kê các endpoint:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/endpoints" | python -mjson.tool
Output:
{
"endpoints": [
{
"enabled": true,
"id": "29beb2f1567642eb810b042b6719ea88",
"interface": "admin",
"links": {
"self": "http://localhost:5000/v3/endpoints/29beb2f1567642eb810b042b6719ea88"
},
"region": "RegionOne",
"service_id": "bd7397d2c0e14fb69bae8ff76e112a90",
"url": "http://localhost:5000/v3"
}
],
"links": {
"next": null,
"previous": null,
"self": "http://localhost:5000/v3/endpoints"
}
}
User
GET /v3/users
Liệt kê các user:
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/users" | python -mjson.tool
GET /v3/users/{user_id}
Hiển thị thông tin chi tiết về user
curl -s \
-H "X-Auth-Token: $OS_TOKEN" \
"http://localhost:5000/v3/users/$USER_ID" | python -mjson.tool
Nguồn tài liệu:
- https://docs.openstack.org/keystone/pike/api_curl_examples.html