0

Currently I am using (of course with more elaborate variables):

conn = openstack.connect(
                load_yaml_config=False,
                load_envvars=False,
                auth_url=AL,
                project_name=PN,
                username=UN,
                password=PW,
                region_name=RN,
                user_domain_name=UDN,
                project_domain_name=PDN,
                app_name=42,
                app_version=42
            )

to connect to projects. But in the future I would like to offer using application credentials, too. While there is plenty of documentation on how to authenticate with said credentials, I can't find anything about authenticating a connection with it. How is it done?

So what I am looking for is a way to create a connection without username and password, but credentials instead.

Existing authenticated session

This might be an option:

From existing authenticated Session
-----------------------------------

For applications that already have an authenticated Session, simply passing
it to the :class:`~openstack.connection.Connection` constructor is all that
is needed:

.. code-block:: python

    from openstack import connection

    conn = connection.Connection(
        session=session,
        region_name='example-region',
        compute_api_version='2',
        identity_interface='internal')

but I have to investigate further.

Natan
  • 728
  • 1
  • 7
  • 23

1 Answers1

1

I couldn't find any documentation, but apparently it is possible to create a connection like this:

    openstack.connect(
        load_yaml_config=False,
        load_envvars=False,
        auth_url=AU,
        region_name=RN,
        application_credential_id=ACI,
        application_credential_secret=ACS,
        auth_type=AT
    )

and that will return a connection object just like before. auth_type has to be "v3applicationcredential" when using application credentials.

Natan
  • 728
  • 1
  • 7
  • 23
  • I was looking for the exact same thing, so thank you ! – Lou Nov 18 '22 at 14:02
  • Was that really working for you @Natan? It doesn't for me (`TypeError: BaseGenericPlugin.__init__() got an unexpected keyword argument 'auth_type'`) and I cannot find any reference to `application_credential_secret` in the sources https://opendev.org/openstack/openstacksdk/search?q=application_credential_secret either. However, I have to admit that I am somewhat confused by the history/evolution of the OpenStack APIs and what's now the official client or not. What's the PyPI package? – vlerenc Mar 10 '23 at 18:01
  • The current version we use is a bit more elaborated than the one above due to the fact that it supports application credentials and passwords. However, the above works. Currently we use `openstacksdk==0.62` and `python-openstackclient==6.0.0`, but that is not because of the connection, but a deprecation warning that does more than just warn. OpenStacks documentation can be hell. Maybe open up your problem as a question and drop a link and I will take a look if I can figure out what's going wrong. – Natan Mar 11 '23 at 07:26
  • 1
    Thank you very much. After your confirmation, I noticed that I was using a slightly different way how to construct a connection, using the `auth` argument, assuming naively it would lead to the same result (it doesn't). Following your API call (argument for argument) worked. When browsing the source, I now assume the reason I didn't find application credential arguments in the sources is that Keystone is resolving them (they are handed in opaquely as it seems). Thank you very much! – vlerenc Mar 12 '23 at 06:25
  • P.S.: The versioning scheme was also a bit surprising. https://pypi.org/project/openstacksdk/#history shows that your version 0.62 was newer than any other 0.x versions with a higher number. Somewhat strange. – vlerenc Mar 12 '23 at 06:27