File: using-api-v3.rst

package info (click to toggle)
python-keystoneclient 1%3A5.6.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,548 kB
  • sloc: python: 21,934; sh: 171; xml: 149; makefile: 100
file content (165 lines) | stat: -rw-r--r-- 6,545 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
 
=======================
Using the V3 Client API
=======================

Introduction
============

The main concepts in the Identity v3 API are:

 * :py:mod:`~keystoneclient.v3.credentials`
 * :py:mod:`~keystoneclient.v3.domain_configs`
 * :py:mod:`~keystoneclient.v3.domains`
 * :py:mod:`~keystoneclient.v3.endpoints`
 * :py:mod:`~keystoneclient.v3.groups`
 * :py:mod:`~keystoneclient.v3.policies`
 * :py:mod:`~keystoneclient.v3.projects`
 * :py:mod:`~keystoneclient.v3.regions`
 * :py:mod:`~keystoneclient.v3.role_assignments`
 * :py:mod:`~keystoneclient.v3.roles`
 * :py:mod:`~keystoneclient.v3.services`
 * :py:mod:`~keystoneclient.v3.tokens`
 * :py:mod:`~keystoneclient.v3.users`

The :py:mod:`keystoneclient.v3.client` API lets you query and make changes
through ``managers``. For example, to manipulate a project (formerly
called tenant), you interact with a
:py:class:`keystoneclient.v3.projects.ProjectManager` object.

You obtain access to managers through attributes of a
:py:class:`keystoneclient.v3.client.Client` object. For example, the
``projects`` attribute of a ``Client`` object is a projects manager::

    >>> from keystoneclient.v3 import client
    >>> keystone = client.Client(...)
    >>> keystone.projects.list() # List projects

While it is possible to instantiate a
:py:class:`keystoneclient.v3.client.Client` object (as done above for
clarity), the recommended approach is to use the discovery mechanism
provided by the :py:class:`keystoneclient.client.Client` class. The
appropriate class will be instantiated depending on the API versions
available::

    >>> from keystoneclient import client
    >>> keystone =
    ...    client.Client(auth_url='http://localhost:5000', ...)
    >>> type(keystone)
    <class 'keystoneclient.v3.client.Client'>

One can force the use of a specific version of the API, either by
using the ``version`` keyword argument::

    >>> from keystoneclient import client
    >>> keystone = client.Client(auth_url='http://localhost:5000',
                                 version=(2,), ...)
    >>> type(keystone)
    <class 'keystoneclient.v2_0.client.Client'>
    >>> keystone = client.Client(auth_url='http://localhost:5000',
                                 version=(3,), ...)
    >>> type(keystone)
    <class 'keystoneclient.v3.client.Client'>

Or by specifying directly the specific API version authentication URL
as the auth_url keyword argument::

    >>> from keystoneclient import client
    >>> keystone =
    ...     client.Client(auth_url='http://localhost:5000/v2.0', ...)
    >>> type(keystone)
    <class 'keystoneclient.v2_0.client.Client'>
    >>> keystone =
    ...     client.Client(auth_url='http://localhost:5000/v3', ...)
    >>> type(keystone)
    <class 'keystoneclient.v3.client.Client'>

Upon successful authentication, a :py:class:`keystoneclient.v3.client.Client`
object is returned (when using the Identity v3 API). Authentication and
examples of common tasks are provided below.

You can generally expect that when the client needs to propagate an
exception it will raise an instance of subclass of
:class:`keystoneclient.exceptions.ClientException`.

Authenticating Using Sessions
=============================

Instantiate a :py:class:`keystoneclient.v3.client.Client` using a
:py:class:`~keystoneauth1.session.Session` to provide the authentication
plugin, SSL/TLS certificates, and other data::

    >>> from keystoneauth1.identity import v3
    >>> from keystoneauth1 import session
    >>> from keystoneclient.v3 import client
    >>> auth = v3.Password(auth_url='https://my.keystone.com:5000/v3',
    ...                    user_id='myuserid',
    ...                    password='mypassword',
    ...                    project_id='myprojectid')
    >>> sess = session.Session(auth=auth)
    >>> keystone = client.Client(session=sess)

For more information on Sessions refer to: `Using Sessions`_.

.. _`Using Sessions`: using-sessions.html

Getting Metadata Responses
==========================

Instantiating :py:class:`keystoneclient.v3.client.Client` using
`include_metadata=True` will cause manager response to return
:py:class:`keystoneclient.base.Response` instead of just the data.
The metadata property will be available directly to the
:py:class:`keystoneclient.base.Response` and the response data will
be available as property `data` to it.

    >>> from keystoneauth1.identity import v3
    >>> from keystoneauth1 import session
    >>> from keystoneclient.v3 import client
    >>> auth = v3.Password(auth_url='https://my.keystone.com:5000/v3',
    ...                    user_id='myuserid',
    ...                    password='mypassword',
    ...                    project_id='myprojectid')
    >>> sess = session.Session(auth=auth)
    >>> keystone = client.Client(session=sess, include_metadata=True)
    >>> resp = keystone.projects.list()
    >>> resp.request_ids[0]
    req-1234-5678-...
    >>> resp.data
    [<Project ...>, <Project ...>, ...]

Non-Session Authentication (deprecated)
=======================================

The *deprecated* way to authenticate is to pass the username, the user's domain
name (which will default to 'Default' if it is not specified), and a
password::

    >>> from keystoneclient import client
    >>> auth_url = 'http://localhost:5000'
    >>> username = 'adminUser'
    >>> user_domain_name = 'Default'
    >>> password = 'secreetword'
    >>> keystone = client.Client(auth_url=auth_url, version=(3,),
    ...                          username=username, password=password,
    ...                          user_domain_name=user_domain_name)

A :py:class:`~keystoneauth1.session.Session` should be passed to the Client
instead. Using a Session you're not limited to authentication using a username
and password but can take advantage of other more secure authentication
methods.

You may optionally specify a domain or project (along with its project
domain name), to obtain a scoped token::

    >>> from keystoneclient import client
    >>> auth_url = 'http://localhost:5000'
    >>> username = 'adminUser'
    >>> user_domain_name = 'Default'
    >>> project_name = 'demo'
    >>> project_domain_name = 'Default'
    >>> password = 'secreetword'
    >>> keystone = client.Client(auth_url=auth_url, version=(3,),
    ...                          username=username, password=password,
    ...                          user_domain_name=user_domain_name,
    ...                          project_name=project_name,
    ...                          project_domain_name=project_domain_name)