Skip to main content

A limited OpenStack Identity API v3 client in Python (with fewer dependencies)

Project description

keystone-light implements a Python interface to a very limited subset of the OpenStack Identity API v3.

Initial goal: access to OpenStack Swift, using the Identity API v3, but with a lot fewer dependencies.

As of this writing, the python-keystoneclient requires keystoneauth1 and oslo.*, which in turn require some more. We only require the ubiquitous requests (and PyYAML), which you generally already have installed anyway.

Example usage

#!/usr/bin/env python3
from urllib.parse import urljoin

import requests
from keystone_light import Cloud, CloudConfig, PermissionDenied


def get_projects(cloud):
    "Yields projects, sorted by domain and project name"
    domains = cloud.get_domains()
    for dom in sorted(domains, key=(lambda x: x.name)):
        if dom.name == 'Default':
            # print('WARN: skipping domain Default (fixme?)')
            continue

        projects = dom.get_projects()
        for project in sorted(projects, key=(lambda x: x.name)):
            project.domain = dom
            yield project


def get_swift_stat_ensuring_permissions(project):
    "Get Swift v1 stat on a project (previously: tenant)"
    try:
        stat = project.get_swift().get_stat()
    except PermissionDenied:
        # We don't have permission to access the project? Upgrade the
        # permissions and try again.
        admin_role = cloud.get_role(name='admin')  # or 'reader'
        dom_admin_group = project.domain.get_admin_group()

        url = urljoin(
            cloud.base_url,
            ('/v3/projects/{project_id}/groups/{group_id}/'
             'roles/{role_id}').format(
                project_id=project.id, group_id=dom_admin_group.id,
                role_id=admin_role.id))
        out = requests.put(
            url, headers={'X-Auth-Token': str(cloud.get_system_token())})
        assert out.status_code == 201, (out.status_code, out.text)

        # Try again. Should succeed if the cloud admin user is in the
        # dom_admin_group.
        stat = project.get_swift().get_stat()

    return stat


# Take config from ~/.config/openstack/clouds.yaml and select
# 'my-cloud-admin', like the openstack(1) --os-cloud option.
config = CloudConfig('my-cloud-admin')
cloud = Cloud(config)
for project in get_projects(cloud):
    swift_stat = get_swift_stat_ensuring_permissions(project)
    print('{:15s} {:23s} {:21d} B ({} objects, {} containers)'.format(
        project.domain.name[0:15], project.name,
        int(swift_stat['X-Account-Bytes-Used']),
        swift_stat['X-Account-Object-Count'],
        swift_stat['X-Account-Container-Count']))

Example output

$ python3 example.py
domainx         project                  3489 B (2 objects, 1 containers)
domainx         otherproject       1455042022 B (267 objects, 1 containers)
...

Project details


Release history Release notifications

This version

0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for keystone-light, version 0.1
Filename, size File type Python version Upload date Hashes
Filename, size keystone-light-0.1.tar.gz (8.2 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page