Search code examples
fiwarefiware-orionkeystone

Using Global Instance of Keystone

Is it possible to use the Global Instance of Keystone to retrieve registered user profile info?

According to these references: https://github.com/telefonicaid/fiware-pep-steelskin#keystone and Keystone create user and permissions by api, it seems possible if I wish to install an instance by my own. However, what if I wish to use the Global Instance, instead. Is it possible?

For example, I have tested te retrieve some data as indicated below without success:

curl -s -H "X-Auth-Token:cXylpiNyh74V6J9YOlqN2GTzYSmGQa" http://cloud.lab.fiware.org:4730/v2.0/tokens | python -mjson.tool

curl -s -H "X-Auth-Token:cXylpiNyh74V6J9YOlqN2GTzYSmGQa" http://cloud.lab.fiware.org:4730/v3/users/ | python -mjson.tool

curl http://cloud.lab.fiware.org:4730/v3/auth/tokens -H "Content-Type: application/json" -d ' { "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "domain": { "name": "matest" }, "name": "pep_proxy_99c59...", "password": "e3025a286dab..." } } } } }'

Note: I have tried both port: 5000 and 4730.

Any hint will be appreciated.

Solution

  • Users doesn't have permissions to see other users information or to create new users using the API.

    However, you can issue tokens from the global keystone using both v2.0 and v3 protocols:

    curl -X POST http://130.206.84.8:4730/v2.0/tokens \
     -H 'Content-Type: application/json' \
     -d "{\"auth\": {\"tenantName\": \"${OS_TENANT_NAME}\",
          \"passwordCredentials\": {
              \"username\": \"$OS_USERNAME\", 
              \"password\": \"$OS_PASSWORD\"}}}" | \
jq -r '.access.token.id'

    Or issue a token in v3:

    curl -v  -H "Content-Type: application/json" -d "
{ \"auth\": {
   \"identity\": {
     \"methods\": [\"password\"],
     \"password\": {
         \"user\": {
             \"name\": \"$OS_USERNAME\",
             \"domain\": { \"id\": \"default\" },
             \"password\": \"$OS_PASSWORD\"
         }
     }
   }
 }
}" http://cloud.lab.fiware.org:4730/v3/auth/tokens 2>&1 \
| grep -i "X-Subject-Token"

    There are few things you can do with Keystone itself using these tokens if you are not the admin user (Non admin users obviously have few permissions). However, you coud, for instance query the endpoints:

    curl -s -H "X-Auth-Token: $TOKEN_ID" http://130.206.84.8:4730/v3/endpoints

    The domains:

    curl -s -H "X-Auth-Token: $TOKEN_ID" http://130.206.84.8:4730/v3/domains