/ 
OpenStack-Client-1.0007
River stage one • 1 direct dependent • 1 total dependent
/ OpenStack::Client::Auth

NAME

OpenStack::Client::Auth - OpenStack Keystone authentication and authorization

SYNOPSIS

use OpenStack::Client::Auth ();

my $auth = OpenStack::Client::Auth->new('http://openstack.foo.bar:5000/v2.0',
    'tenant'   => $ENV{'OS_TENANT_NAME'},
    'username' => $ENV{'OS_USERNAME'},
    'password' => $ENV{'OS_PASSWORD'}
);

# or you can also use API v3
$auth = OpenStack::Client::Auth->new(
    $ENV{OS_AUTH_URL},
    'username' => $ENV{'OS_USERNAME'},
    'password' => $ENV{'OS_PASSWORD'},
    'version'  => 3,
    # provide a scope to get a catalog
    'scope' => {
        project => {
            name => $ENV{'OS_PROJECT_NAME'},
            domain => { id => 'default' },
        }
    }
);

my $glance = $auth->service('image',
    'region' => $ENV{'OS_REGION_NAME'}
);

DESCRIPTION

OpenStack::Client::Auth provides an interface for obtaining authorization to access other OpenStack cloud services.

AUTHORIZING WITH KEYSTONE

OpenStack::Client::Auth->new($endpoint, %args)

Contact the OpenStack Keystone API at the address provided in $endpoint, and obtain an authorization token and set of endpoints for which the client is allowed to access. Credentials are specified in %args; the following named values are required:

  • tenant

    The OpenStack tenant (project) name

  • username

    The OpenStack user name

  • password

    The OpenStack password

  • version

    The version of the Glance API to negotiate with. Default is 2.0, but 3 is also accepted.

  • scope

    When negotiating with an Identity v3 endpoint, the information provided here is passed in the scope property of the auth portion of the request body submitted to the endpoint.

  • domain

    When negotiating with an Identity v3 endpoint, the name of the domain to authenticate to.

When successful, this method will return an object containing the following:

  • response

    The full decoded JSON authorization response from Keystone

  • services

    A hash containing services the client has authorization to

  • clients

    An initially empty hash that would contain OpenStack::Client objects obtained for any requested OpenStack services

RETRIEVING RESPONSE

$auth->response()

Return the full decoded response from the Keystone API.

ACCESSING AUTHORIZATION DATA

$auth->access()

Return the service access data stored in the current object.

ACCESSING TOKEN DATA

$auth->token()

Return the authorization token data stored in the current object.

OBTAINING LIST OF SERVICES AUTHORIZED

$auth->services()

Return a list of service types the OpenStack user is authorized to access.

ACCESSING SERVICES AUTHORIZED

$auth->service($type, %opts)

Obtain a client to the OpenStack service $type, where $type is usually one of:

  • compute

  • ec2

  • identity

  • image

  • network

  • volumev2

The following values may be specified in %opts to help locate the most appropriate endpoint for a given service:

  • uri

    When specified, use a specific URI to gain access to a named service endpoint. This might be useful for non-production development or testing scenarios.

  • id

    When specified, attempt to obtain a client for the very endpoint indicated by that identifier.

  • region

    When specified, attempt to obtain a client for the endpoint for that region. When not specified, the a client for the first endpoint found for service $type is returned instead.

  • endpoint

    When specified and set to one of 'public', 'internal' or 'admin', return a client for the corresponding public, internal or admin endpoint. The default endpoint is the public endpoint.

AUTHOR

Written by Alexandra Hrefna Maheu <xan@cpanel.net>

COPYRIGHT

Copyright (c) 2019 cPanel, L.L.C. Released under the terms of the MIT license. See LICENSE for further details.