admin/3engines_doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
60adbde60c69b357a21e311d3a47e1badd6024ab
3engines_doc/docs/openstackdev/Authenticating-to-OpenstackSDK-using-Keycloak-Credentials-on-CloudFerro-Cloud.html.md
govardhan e8083e30ae fixes link issue point
2025-06-19 09:15:47 +05:30

98 lines
5.4 KiB
Markdown
Raw Blame History

Authenticating with OpenstackSDK using Keycloak Credentials on CloudFerro Cloud[](#authenticating-with-openstacksdk-using-keycloak-credentials-on-brand-name "Permalink to this headline")
===========================================================================================================================================================================================
If you are using OpenStackSDK to write your own script for OpenStack, the code in this tutorial will **enable the user to automatically log into your app**. When the user normally tries to log into the CloudFerro Cloud account using <https://portal.cloudferro.com/>, they have to log in manually. A screen like this appears:
[![register_cloudferrocloud1.png](../_images/register_cloudferrocloud1.png)](../_images/register_cloudferrocloud1.png)
If they already have an account, they will be logged in after clicking on Login button. The code in this article will avoid exposing the user to such a procedure and if they had ever been authenticated to OpenStack, **the user will be able to log in with your code without even seeing the login screen**.
What Are We Going To Do[](#what-are-we-going-to-do "Permalink to this headline")
---------------------------------------------------------------------------------
> * Set up Python, pip and Venv environments,
> * Download RC file from Horizon,
> * Source that file (execute it and supply the password to authenticate yourself to the system),
> * Prepare Python code to authenticate to Keycloak by using the values from RC file.
Prerequisites[](#prerequisites "Permalink to this headline")
-------------------------------------------------------------
**No. 1 Install Python and its environment**
The following article will help you install Python and **pip**, as well as **Venv**: [How to install Python virtualenv or virtualenvwrapper on CloudFerro Cloud](../cloud/How-to-install-Python-virtualenv-or-virtualenvwrapper-on-CloudFerro-Cloud.html.md).
**No. 2 RC File**
RC file is available from the OpenStack Horizon module and serves as a source of authentication for the user. For technical details how to get it and activate, see [How To Install OpenStack and Magnum Clients for Command Line Interface to CloudFerro Cloud Horizon](../kubernetes/How-To-Install-OpenStack-and-Magnum-Clients-for-Command-Line-Interface-to-CloudFerro-Cloud-Horizon.html.md).
Step 1 Source Your RC File[](#step-1-source-your-rc-file "Permalink to this headline")
---------------------------------------------------------------------------------------
Using **Prerequisite No. 2**, download the corresponding RC file. That file can be executed using a **source** command in Linux/UNIX environments. Once executed, it will ask you for the password and will authenticate you with it.
Here are the system variables (their names all start with **OS\_**) that the **source** command will set up as well:
```
export OS_AUTH_URL=https://keystone.cloudferro.com:5000/v3
export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3
export OS_USERNAME="Your E-mail Adress"
export OS_REGION_NAME="WAW3-1"
export OS_PROJECT_ID="Your Project ID"
export OS_PROJECT_NAME="Your Project Name"
export OS_PROJECT_DOMAIN_ID="Your Domain ID"
export OS_AUTH_TYPE=v3oidcpassword
export OS_PROTOCOL=openid
export OS_DISCOVERY_ENDPOINT=https://identity.cloudferro.com/auth/realms/Creodias-new/.well-known/openid-configuration
export OS_IDENTITY_PROVIDER=ident_creodias-new_provider
export OS_CLIENT_ID=openstack
export OS_CLIENT_SECRET=50xx4972-546x-46x9-8x72-x91x401x8x30
```
Step 2 Create Python Code that Will Perform Keycloak Authentication Within Your App[](#step-2-create-python-code-that-will-perform-keycloak-authentication-within-your-app "Permalink to this headline")
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
In this step you will copy the values from RC file to your Python code. For instance, variable
```
OS_DISCOVERY_ENDPOINT=https://identity.cloudferro.com/auth/realms/Creodias-new/.well-known/openid-configuration
```
from RC file will become the value of the eponymous variable in your code:
```
auth['discovery_endpoint'] = "https://identity.cloudferro.com/auth/realms/Creodias-new/.well-known/openid-configuration"
```
Here is what your code should look like in the end:
```
from openstack import connection
import sys
import os
from openstack import enable_logging
auth = {}
auth['auth_url'] = "https://keystone.cloudferro.com:5000/v3"
auth['username'] = "Your E-mail Adress"
auth['password'] = os.getenv('OS_PASSWORD')
auth['project_domain_id'] = "Your Domain ID"
auth['project_name'] = "Your Project Name"
auth['project_id'] = "Your Project ID"
auth['discovery_endpoint'] = "https://identity.cloudferro.com/auth/realms/Creodias-new/.well-known/openid-configuration"
auth['client_id'] = "openstack"
auth['identity_provider'] = 'ident_creodias-new_provider'
auth['client_secret'] = os.getenv('OS_CLIENT_SECRET')
auth['protocol'] = 'openid'
```
Step 3 Use the Code in Your App[](#step-3-use-the-code-in-your-app "Permalink to this headline")
-------------------------------------------------------------------------------------------------
Once generated, this code will authenticate user and they will not have to supply their credentials each time they try to use your app.
Reference in New Issue View Git Blame Copy Permalink