Keystone v3 API and admin token
Basic disclaimer. Still CentOS 6 + Icehouse (hope that's the last time I'll write that).
The OpenStack Python APIs are a bit, uhm, optimistically documented. As in "I'm sure people will figure it out". Well that's why I'm writing this.
I tried to get the keystone v3 API . . .
Trying Identity API v3 and Domains
General disclaimer, I'm talking about OpenStack Juno, but a lot of this applies to Kilo too.
Before getting to this post, you will need your assignment separated from identities as per my previous post.
Keystone and keystone domains
Keystone - the identity management component of OpenStack - has for a while . . .
Moving Keystone from LDAP roles to SQL roles
In early versions of OpenStack keystone did all its own user management. When it matured a bit, there was a cool new feature, you can point it at LDAP for authentication and authorization. This was a big step forward when running OpenStack as a part of a larger system.
Everything wasn't perfect though. . . .