Getting auth token from keystone in horizon

Question

I want to get the auth token from keystone using horizon and then wants to pass that auth token to my backed code.

i don't know how to get this, please help me out.

I read many articles and blogs blogs but i am not able to find the answer. Please just point me into the right direction.

Answer 1

First you have to install python-keystoneclient.

To generate the token you can use the following code, here I want to mention you can change the authentication url with your server url but port number will be same,

from keystoneclient.v2_0 import client
username='admin'
password='1234'
tenant_name='demo'
auth_url='http://10.0.2.15:5000/v2.0' # Or auth_url='http://192.168.206.133:5000/v2.0'

if your username, password, or tenant_name is wrong then you will get keystoneclient.openstack.common.apiclient.exceptions.Unauthorized: Invalid user / password keystone = client.Client(username=username, password=password, tenant_name=tenant_name, auth_url=auth_url) token_dict = keystone.auth_ref token_dict

Answer 2

You can use python-keystoneclient. To authenticate the user, use for example

 username='admin'
 password='1234'
 tenant_name='admin'
 auth_url='http://127.0.0.1:5000/v2.0'
 keystone = client.Client(username=username, password=password, tenant_name=tenant_name, auth_url=auth_url)

Once, the user is authenticated, a token is generated. The auth_ref property on the client ( keystone variable in this example) will give you a dictionary like structure having all the information you need about the token, which will enable you to re-use the token or pass it to the back-end in your case.

token_dict = keystone.auth_ref

Now,the token_dict is the variable that you can pass to your back-end.

Answer 3

As an example of how to get at it:

import keystoneclient.v2_0.client as ksclient
# authenticate with keystone to get a token

keystone = ksclient.Client(auth_url="http://192.168.10.5:35357/v2.0",
                           username="admin",
                           password="admin",
                           tenant_name="admin")


token = keystone.auth_ref['token']['id']

# use this token for whatever other services you are accessing.
print token

Answer 4

Easiest is to use a Rest client to login and just take the token from the response. I like the Firefox RESTClient add-on but you can use any client you want.

• Post a request to the Openstack Identity URL:

  POST keystone_ip:port/version/tokens
  

  (e.g. 127.0.0.1:5000/v2.0/tokens)

  with header:

  Content-Type: application/json
  

  and body:

  {
      "auth": {
          "tenantName": "enter_your_tenantname",
          "passwordCredentials": {
              "username": "enter_your_username",
              "password": "enter_your_password"
          }
      }
  }
  

  Note: If you're not sure what is the correct identity (keystone) URL you can log in manually to Horizon and look for a list of API endpoints.

• The response body will include something like this:

  {
      "token": {
          "issued_at": "2014-02-25T08:34:56.068363",
          "expires": "2014-02-26T08:34:55Z",
          "id": "529e3a0e1c375j498315c71d08134837"
      }
  }
  

• Use the returned token id as a header in new rest calls. For example, to get a list of servers use request:

  GET compute_endpoint_ip:port/v2/tenant_id/servers
  

  with Headers:

  X-Auth-Token: 529e3a0e1c375j498315c71d08134837
  Content-Type: application/json
  

Answer 5

Go to the node where you have installed Keystone services. Open vi /etc/keystone/keystone.conf

Check for the third line starting admin_token. It should be a long random string:

admin_token = 05131394ad6b49c56f217

That is your keystone token. Using python:

>>> from keystoneclient.v2_0.client as ksclient
>>> keystone = ksclient.Client(auth_url="http://service-stack.linxsol.com:35357/v2.0", username="admin", password="123456", tenant_name="admin")

Ofcourse, you will change auth_url, *username, password* and tenant_name to your choice. Now you can use keystone to execute all the api tasks:

keystone.tenants.list()
keystone.users.list()
keystone.roles.list()

Or use dir(keystone) to list all the available options.

You can reuse the token as follows:

auth_ref = keystone.auth_ref or token = ksclient.get_raw_token_from_identity_service(auth_url="http://service-stack.linxsol.com:35357/v2.0", username="admin", password="123456", tenant_name="admin")

But remember it returns a dictionary and a raw token not in a form of a token as you can see above.

For further information please check the python-keystoneclient.

I hope that helps.

Answer 6

Use the python-keystoneclient package.

Look into the Client.get_raw_token_from_identity_service method.