Authentication
Each request to compute API endpoints requires a token that you can obtain by performing password authentication with scoped authorization.
Send a POST
request to https://<node_IP_addr>:5000/v3/auth/tokens
, where <node_IP_addr>
is the IP address of a compute cluster node.
If authorization is successful, the response header will contain the token in the X-Subject-Token
header. Pass it in the X-Auth-Token
header in all requests.
You can secure traffic to compute API endpoints as described in "Securing OpenStack API Traffic with SSL" in the Administrator Guide. You can also set a DNS name for the endpoints as explained in "Setting a DNS Name for the Compute API" in the Administrator Guide.
To perform administrative actions, authorize in the project admin with the admin’s password.
Sample request:
# curl -ksD - -o /dev/null -H 'Content-Type: application/json' -d ' { "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "admin", "domain": { "id": "default" }, "password": "admin_password" } } }, "scope": { "project": { "name": "admin", "domain": { "id": "default" } } } } }' https://<node_IP_addr>:5000/v3/auth/tokens
Sample response:
HTTP/1.1 201 CREATED Server: nginx Date: Fri, 24 Jan 2020 12:42:01 GMT Content-Type: application/json Content-Length: 7947 Connection: keep-alive X-Subject-Token: gAAAAA<...> Vary: X-Auth-Token x-openstack-request-id: req-f732464d-62b4-44fd-92fa-ea368efc9a36
Regular users added to a project can authorize in that project in a similar way. They will need to specify the ID of the domain that the project is in. An authorized admin can find out which projects are in which domains by sending a GET
request to https://<node_IP_addr>:5000/v3/projects
(for more details, refer to Listing projects).
Sample request:
# curl -ksD - -o /dev/null -H 'Content-Type: application/json' -d ' { "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "name": "user1", "domain": { "id": "cdc759b962e34e67997f59f8b1c21027" }, "password": "user1_password" } } }, "scope": { "project": { "name": "project1", "domain": { "id": "cdc759b962e34e67997f59f8b1c21027" } } } } }' https://<node_IP_addr>:5000/v3/auth/tokens
Sample response:
HTTP/1.1 201 CREATED Server: nginx Date: Fri, 24 Jan 2020 12:42:01 GMT Content-Type: application/json Content-Length: 7947 Connection: keep-alive X-Subject-Token: gAAAAA<...> Vary: X-Auth-Token x-openstack-request-id: req-99df744f-4752-4b03-9695-ea6ec4447173