I want to perform CRUD operation on openstack keystone user. according to keystone api docs we must use GET request along with x-auth-token information. I have written a code for that but I could not get any user list but instead I get "404 Not Found, The resource could not be found." My code is below
#!/usr/bin/python
import httplib
import urllib
import os
import json
from urlparse import urlparse
#Define openstack url
url = "x.x.x.x:5000"
osuser = "osuser"
ospassword = "whatever"
params ='{"auth":{"tenantName":"openstackDemo", "passwordCredentials":{"username":"osuser", "password": "ospassword"}}}'
headers = {"Content-Type": "application/json"}
#make http request
conn = httplib.HTTPConnection(url)
conn.request("POST", "/v2.0/tokens", params,headers)
#get http response
response = conn.getresponse()
data = response.read()
verify_services = json.loads(data)
conn.close()
#print "The service verificetion is:%s\n\t" % verify_services
#Get keystone token
keystone_token = verify_services ['access']['token']['id']
print "Printing api token :\n"
print keystone_token
user_id = verify_services['access']['user']['id']
print "Printing user id : \n"
print user_id
# Get keystone URL
keystone_url = verify_services ['access']['serviceCatalog'][5]
print "Printing keystone end points url: \n"
print keystone_url
#Now take the keystone public url and uid
for publicurl in keystone_url['endpoints']:
key_admin_url = publicurl['adminURL']
key_pub_url = publicurl['publicURL']
keystone_user_id = publicurl['id']
print "printing keystone public url:\n"
print key_pub_url
print "Printing keystone user id:\n"
print keystone_user_id
##################
# Get the user list
#################
apiurlt = urlparse(key_pub_url)
print apiurlt
url2 = apiurlt[1]
print url2
#params1 = '{"username":"samit", "email":"[email protected]","enabled":true,"password":"secret", "roles":"member"}'
p = urllib.urlencode({})
headers1 = {"X-Auth-Token":"keystone_token", "Content-type":"application/json"}
conn2 = httplib.HTTPConnection(url2)
conn2.request("GET", "%s/users" %apiurlt[2] , p,headers1)
response2 = conn2.getresponse()
data2 = response2.read()
user_list = json.dumps(data2)
conn.close()
print "getting users:\n"
print response.status
print response.reason
print user_list
@sanjaya, If you're looking for a way to quickly interact with Keystone through Python, I recommend using the keystoneclient library directly, which has all of this relevant work built into it. You can get the source at https://github.com/openstack/python-keystoneclient/, or download a relatively recent (trunk in source is more recent) release from PyPi (http://pypi.python.org/pypi/python-keystoneclient/0.1.3).
Using that client, you can interact with Keystone super easily:
from keystoneclient.v2_0 import client
kc = client.Client(username=osuser, password=ospassword, auth_url=url)
Note that with just a username and password, you'll have very limited access (what's called an "unscoped access authorization token"), and you'll need to make further requests to do anything useful.
More so with Keystone, which with V2 of the API, requires the "admin" role to interact with any of the CRUD operations on keystone. In the cases where you're just wanting to interact with Keystone (such as bootstrapping up accounts before you have lots of other pieces set up), it's easier to start with the "admin token" and use the admin URL interface directly from the client. To do that:
from keystoneclient.v2_0 import client
kc = client.Client(token='123secret456', endpoint='http://x.x.x.x:35350/v2.0')
kc.users.list()
the token is what you already configured in Keystone in the [DEFAULT] section under 'admin_token'. Note that the endpoint URL is a different port (35350) from the authorization URL. For better or worse, the V2 API had those explicitly separated, and to do CRUD operations on elements within Keystone, you need to use that admin URL for the API endpoint.
If you auth with the example that Everett provided above, that admin URL will get loaded automatically by keystoneclient, so it's something that with the library you generally don't have to worry about.
For completeness sake, to do what Everett's suggesting above with the keystoneclient library in Python:
from keystoneclient.v2_0 import client
kc = client.Client(username='admin', password='devstack', tenant_name='admin', auth_url='http://172.16.0.1:5000/v2.0')
kc = client.users.list()