No description, website, or topics provided.
Python Shell
Pull request Compare This branch is 2172 commits behind openstack:master.
Latest commit 5628eea Apr 5, 2012 @jk0 jk0 Removed unused imports and variables.
Also fixes AUTHORS file. Previous version was copied directly from python-novaclient.

Change-Id: I33654b6fe7197efbff300ebaf4892a8b53d85c54
Failed to load latest commit information.
docs Change CLIAuth arg names Mar 14, 2012
tests Updated tox.ini to work properly with Jenkins. Mar 21, 2012
tools Updated tox.ini to work properly with Jenkins. Mar 21, 2012
.gitignore Updates client to work with keystone essex roles API routes. Jan 29, 2012
.gitreview Added in common test, venv and gitreview stuff. Dec 22, 2011
HACKING Initial commit. Oct 25, 2011
LICENSE Include last missing files in tarball Apr 3, 2012
README.rst Change CLIAuth arg names Mar 14, 2012 Remove trailing whitespaces in regular file Mar 3, 2012
setup.cfg Updated tox.ini to work properly with Jenkins. Mar 21, 2012 Open Folsom Mar 23, 2012
tox.ini Updated tox.ini to work properly with Jenkins. Mar 21, 2012


Python bindings to the OpenStack Keystone API

This is a client for the OpenStack Keystone API. There's a Python API (the keystoneclient module), and a command-line script (keystone). The Keystone 2.0 API is still a moving target, so this module will remain in "Beta" status until the API is finalized and fully implemented.

Development takes place via the usual OpenStack processes as outlined in the `OpenStack wiki`_. The master repository is on GitHub__.

This code a fork of `Rackspace's python-novaclient`__ which is in turn a fork of `Jacobian's python-cloudservers`__. The python-keystoneclient is licensed under the Apache License like the rest of OpenStack.

Python API

By way of a quick-start:

# use v2.0 auth with")
>>> from keystoneclient.v2_0 import client
>>> keystone = client.Client(username=USERNAME, password=PASSWORD, tenant_name=TENANT, auth_url=KEYSTONE_URL)
>>> keystone.tenants.list()
>>> tenant = keystone.tenants.create(name="test", descrption="My new tenant!", enabled=True)
>>> tenant.delete()

Command-line API

Installing this package gets you a shell command, keystone, that you can use to interact with Keystone's Identity API.

You'll need to provide your OpenStack tenant, username and password. You can do this with the --os_tenant_name, --os_username and --os_password params, but it's easier to just set them as environment variables:

export OS_TENANT_NAME=project
export OS_USERNAME=user
export OS_PASSWORD=pass

You will also need to define the authentication url with --os_auth_url and the version of the API with --identity_api_version. Or set them as an environment variables as well:

export OS_AUTH_URL=

Alternatively, to authenticate to Keystone without a username/password, such as when there are no users in the database yet, use the service token and endpoint arguemnts. The service token is set in keystone.conf as admin_token; set it with service_token. Note: keep the service token secret as it allows total access to Keystone's database. The admin endpoint is set with --endpoint or SERVICE_ENDPOINT:

export SERVICE_TOKEN=thequickbrownfox-jumpsover-thelazydog

Since Keystone can return multiple regions in the Service Catalog, you can specify the one you want with --region_name (or export OS_REGION_NAME). It defaults to the first in the list returned.

You'll find complete documentation on the shell by running keystone help:

usage: keystone [--os_username OS_USERNAME] [--os_password OS_PASSWORD]
                [--os_tenant_name OS_TENANT_NAME]
                [--os_tenant_id OS_TENANT_ID] [--os_auth_url OS_AUTH_URL]
                [--os_region_name OS_REGION_NAME]
                [--identity_api_version IDENTITY_API_VERSION] [--token TOKEN]
                [--endpoint ENDPOINT]
                <subcommand> ...

Command-line interface to the OpenStack Identity API.

Positional arguments:
    catalog             List service catalog, possibly filtered by service.
                        Create EC2-compatibile credentials for user per tenant
                        Delete EC2-compatibile credentials
                        Display EC2-compatibile credentials
                        List EC2-compatibile credentials for a user
    endpoint-create     Create a new endpoint associated with a service
    endpoint-delete     Delete a service endpoint
    endpoint-get        Find endpoint filtered by a specific attribute or
                        service type
    endpoint-list       List configured service endpoints
    role-create         Create new role
    role-delete         Delete role
    role-get            Display role details
    role-list           List all available roles
    service-create      Add service to Service Catalog
    service-delete      Delete service from Service Catalog
    service-get         Display service from Service Catalog
    service-list        List all services in Service Catalog
    tenant-create       Create new tenant
    tenant-delete       Delete tenant
    tenant-get          Display tenant details
    tenant-list         List all tenants
    tenant-update       Update tenant name, description, enabled status
    token-get           Display the current user token
    user-create         Create new user
    user-delete         Delete user
    user-list           List users
                        Update user password
    user-role-add       Add role to user
    user-role-remove    Remove role from user
    user-update         Update user's name, email, and enabled status
    discover            Discover Keystone servers and show authentication
                        protocols and
    help                Display help about this program or one of its

Optional arguments:
  --os_username OS_USERNAME
                        Defaults to env[OS_USERNAME]
  --os_password OS_PASSWORD
                        Defaults to env[OS_PASSWORD]
  --os_tenant_name OS_TENANT_NAME
                        Defaults to env[OS_TENANT_NAME]
  --os_tenant_id OS_TENANT_ID
                        Defaults to env[OS_TENANT_ID]
  --os_auth_url OS_AUTH_URL
                        Defaults to env[OS_AUTH_URL]
  --os_region_name OS_REGION_NAME
                        Defaults to env[OS_REGION_NAME]
  --identity_api_version IDENTITY_API_VERSION
                        Defaults to env[OS_IDENTITY_API_VERSION] or 2.0
  --token TOKEN         Defaults to env[SERVICE_TOKEN]
  --endpoint ENDPOINT   Defaults to env[SERVICE_ENDPOINT]

See "keystone help COMMAND" for help on a specific command.