All geek questions in one place

How to get openstack token and check it?

I followed this tutorial: http://keystone.openstack.org/api_curl_examples.html

and it seemed like I got a valid token by doing:

curl -d '{"auth":{"passwordCredentials":{"username": "can", "password": "mypassword"}}}' -H "Content-type: application/json" http://url:35357/v2.0/tokens

and he returned:

 { "access": { "token": { "expires": "2012-05-21T14:35:17Z", "id": "468da447bd1c4821bbc5def0498fd441" }, "serviceCatalog": {}, "user": { "username": "can", "roles_links": [], "id": "bb6d3a09ad0c4924bf20c1a32ccb5781", "roles": [], "name": "can" } } }

but when I came to the next few sections to check this token, I came across this magic number: X-Auth-Token:999888777666 . At first I thought it was a sign that I received, but I was mistaken.

I think I might have missed something, so I read the related sections in openstack docs ( http://keystone.openstack.org/configuration.html and http://docs.openstack.org/api/openstack-compute / programmer / content / ), but still don’t know how this number comes from.

can someone explain to me

  • what is the meaning of this magic number
  • how to get the right value so that I can get a working token to control other parts of openstack
+6
source share
3 answers

This is a magic number (the string is valid) - this is the admin_token parameter in the keystone.conf file. In the [DEFAULT] section of the keystone.conf file,

 admin_token = abcd1234

If you do not use it for administrator actions, you will see something like

 ubuntu@i-000004bc :~/devstack$ curl http://localhost:35357/v2.0/tenants {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Not Authorized"}}

If you use it, you will see something like

 ubuntu@i-000004bc :~/devstack$ curl -H "X-Auth-Token: abcd1234" http://localhost:35357/v2.0/tenants {"tenants_links": [], "tenants": [{"enabled": true, "description": null, "name": "demo", "id": "aee8a46babcb4e4286021c8f6ef996cd"}, {"enabled": true, "description": null, "name": "invisible_to_admin", "id": "de17fea45de148ada0a58e998e6c3e73"}, {"enabled": true, "description": null, "name": "admin", "id": "f34b0c8ab30e450489b121fbe723fde5"}, {"enabled": true, "description": null, "name": "service", "id": "fbe3e2e530fd47298cb2cba1b4afa3da"}]}
+7
source

To get a list of tenants, in our current implementation, we authenticate the administrator credentials and use the token that is returned to get the list of tenants. The implementation works with an authentication token. It can work with admin_token, but I did not check.

If you see the examples you are referencing, 2 types of endpoints are used

  • Endpoint pointing to port 5000 - public port
  • Endpoint pointing to port 35357 - admin port

In the examples that go to the admin port, you need to specify the "X-Auth-Token" header as admin_token (specified in the keystone.conf file).

+2
source

The token itself is located in dict["access"]["token"]["id"] , which is the part that will go into the header of subsequent HTTP requests, i.e.

 X-Auth-Token: 468da447bd1c4821bbc5def0498fd441

The value 999888777666 is from a textbook example of twisting and will certainly not work.

As for the value of the token itself, it is randomly generated by the OpenStack service and should not contain any useful information from your point of view.

(By the way, you probably shouldn't embed tokens in the forums, as they are valid for 24 hours, and anyone who has a copy of the token and access to your calculation endpoint can use it to impersonate you).

+1
source

Source: https://habr.com/ru/post/916199/

More articles:


All Articles