Search code examples
openstackkeystone

Keystone client project list does not display all the projects

I am trying to list all the keystone projects present on my setup. The snippet i am using displays only few of them.

CODE-1:

from keystoneclient.auth.identity import v3
from keystoneclient import session
from keystoneclient.v3 import client as ksclient3
auth_url = "http://192.16.66.10:5000/v3"
token = '0112efcb75e9411b965b423edb321827'
auth = v3.Token(auth_url=auth_url, token=token, unscoped=True)
sess = session.Session(auth=auth)
ks = ksclient3.Client(session=sess);
project_list = [t.name for t in ks.projects.list(user=sess.get_user_id())]
print project_list

OUTPUT

[A', B', C']

CODE-2

from keystoneclient import session
from keystoneclient.v3 import client
from keystoneclient.auth.identity import v3
auth = v3.Password(auth_url='http://127.0.0.1:5000/v3',user_id='idm',password='idm',project_id='2545070293684905b9623095768b019d')
sess = session.Session(auth=auth)
keystone = client.Client(session=sess)
keystone.users.list()

OUTPUT

keystoneclient.exceptions.Unauthorized: The request you have made requires authentication. (HTTP 401)

EXPECTED OUTPUT

openstack project list
+----------------------------------+----------------+
| ID                               | Name           |
+----------------------------------+----------------+
| 3efabc809570458180b2e20ce099ef1a | A        |
| 546636e4532246f9a440e44deaad82d6 | B |
| 63494b0b0e164e7e82281c94efc709e4 | C         |
| 71dbcec67a3e49979a9a9f519409785d | D   |
| 8699a715c6834ac1a42350e593879695 | E   |
| af88b7d76ab44e13ba73b80b39d2644b | F          |
| b431f905a52448298980a0fe0b7751be | G           |
| ba3053eb5c534052914f133aa065865d | H       |
+----------------------------------+----------------+

Things i want to understand:

  • Why CODE-1 displays few of the them from the list
  • Why CODE-2 fails
  • How to get the keystone project IDS from keystone client
Solution

  • Why CODE-1 displays few of the them from the list

    Your code does filter the tenants, if you like to see all tenants list do not filter them like this:

    ks.projects.list()

    Your filter "user=sess.get_user_id()" returns all tenants that was created by current user.

    Why CODE-2 fails

    I suppose the error is in args, you give user_id='idm', if you use user name, then argument should be username='idm', if you pass in arg user_id, then you need to pass user id, eg user_id='56d88dd0a3ab4c4c8d1d15534352d7de'

    You can take id from horizon http://localhost/horizon/identity/users/

    In source code there are example of client creation:

        from keystoneauth1.identity import v3
    from keystoneauth1 import session
    from keystoneclient.v3 import client
    auth = v3.Password(user_domain_name=DOMAIN_NAME,
                        username=USER,
                        password=PASS,
                        project_domain_name=PROJECT_DOMAIN_NAME,
                        project_name=PROJECT_NAME,
                        auth_url=KEYSTONE_URL)
    sess = session.Session(auth=auth)
    keystone = client.Client(session=sess)
    keystone.projects.list()

    user = keystone.users.get(USER_ID)
    user.delete()

    How to get the keystone project IDS from keystone client

    If you like to see all tenants ids(suppose admin credentials)

    project_list = [proj.id for proj in ks.projects.list(all_tenants=True)]