Introduction to Keystone
Keystone is a robust Identity service that forms the authentication and high-level authorization component of OpenStack. Keystone provides a single point of integration for OpenStack policy, catalog, token, and identity management. In this detailed guide, we will explore dozens of Keystone’s powerful APIs with examples, and how you can use them to create your own applications.
API Examples
Create a User
To create a user in Keystone, you can use the following API:
POST /v3/users
{
"user": {
"name": "newuser",
"domain_id": "default",
"enabled": true
}
}
List Users
To list all users, you can use the following API:
GET /v3/users
Update a User
To update a user, you can use the following API:
PATCH /v3/users/{user_id}
{
"user": {
"email": "newemail@example.com"
}
}
Delete a User
To delete a user, you can use the following API:
DELETE /v3/users/{user_id}
Generate Authentication Token
To generate an authentication token, use the following:
POST /v3/auth/tokens
{
"auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": "username",
"domain": { "id": "default" },
"password": "userpassword"
}
}
}
}
}
Validate a Token
To validate an authentication token:
HEAD /v3/auth/tokens
X-Subject-Token: {token}
Create a Project
To create a project:
POST /v3/projects
{
"project": {
"name": "newproject",
"domain_id": "default",
"enabled": true
}
}
List Projects
To list all projects:
GET /v3/projects
Assign User Role to Project
To assign a user role to a project:
PUT /v3/projects/{project_id}/users/{user_id}/roles/{role_id}
Application Example with Keystone APIs
Let’s integrate some of these Keystone APIs into a simple Python application to better understand their utility. Below is a sample application that creates a user, lists users, and generates an authentication token.
import requests
BASE_URL = 'http://keystone.example.com/v3'
ADMIN_TOKEN = 'admintoken'
def create_user(name, password, domain_id='default'):
url = f"{BASE_URL}/users"
headers = {
'X-Auth-Token': ADMIN_TOKEN,
'Content-Type': 'application/json'
}
data = {
"user": {
"name": name,
"domain_id": domain_id,
"enabled": True,
"password": password
}
}
response = requests.post(url, headers=headers, json=data)
return response.json()
def list_users():
url = f"{BASE_URL}/users"
headers = {
'X-Auth-Token': ADMIN_TOKEN,
}
response = requests.get(url, headers=headers)
return response.json()
def authenticate_user(name, password, domain_id='default'):
url = f"{BASE_URL}/auth/tokens"
headers = {
'Content-Type': 'application/json'
}
data = {
"auth": {
"identity": {
"methods": ["password"],
"password": {
"user": {
"name": name,
"domain": { "id": domain_id },
"password": password
}
}
}
}
}
response = requests.post(url, headers=headers, json=data)
return response.headers['X-Subject-Token']
if __name__ == "__main__":
print("Creating User: ", create_user("newuser", "password123"))
print("List Users: ", list_users())
print("Authenticating User: ", authenticate_user("newuser", "password123"))
With these API examples and the sample application, you can start leveraging Keystone for identity management in your OpenStack environment. Explore more Keystone capabilities to unlock the full potential!
Hash: 4cc7a4b341d8ce3315ea112ebb01e664bd328e88781db0f4bbc0e3f65e201bf9
