Tenant Name or Tenant Id in OpenStack Keystone

OpenStack Keystone is the first stop to get into access of other services (Nova, Cinder, Glance, Neutron, etc). So it is critical to understand Keystone API well.

Applications, such as Vagrant OpenStack Providers, need to access service endpoints from Keystone service catalog. So they can access these services and create e.g. compute instances. Yet, there appears no consistency on which of the tenant forms to use and thus causes confusing for application developers.

Service catalog is on per tenant basis. A REST request to Keystone must contain necessary tenant information to get the service catalogs. Tenant information can either be name (string) or Id (UUID), as specified in the API doc. It is convenient to use names.

In this example, a Keystone authentication request doesn’t have any tenant information:


curl -v -D -i -H "Content-Type: application/json" -d '{"auth":{"passwordCredentials":{"username":"user","password":"password"}}}' http://keystone:5000/v2.0/tokens

And as expected, no service catalog is returned:


{"access": {"token": {"issued_at": "2015-07-10T18:26:07.389768", "expires": "2015-07-10T19:26:07Z", "id": "....."}, "serviceCatalog": [], "user": {"username": "user", "roles_links": [], "id": "...", "roles": [], "name": "user"}, "metadata": {"is_admin": 0, "roles": []}}}

Then providing a tenantName in the request:


curl  -i -H "Content-Type: application/json" -d '{"auth":{"passwordCredentials":{"username":"user","password":"password"}, "tenantName":"Some tenant name"}}' http://keystone:5000/v2.0/tokens

.

You can then find service catalog and endpoints information.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s