Python – openstack cannot retrieve authentication tokens from the API

openstack cannot retrieve authentication tokens from the API… here is a solution to the problem.

openstack cannot retrieve authentication tokens from the API

I’m trying to retrieve the authentication token from the API using a request library from python. Here’s what I’ve tried so far:

def get_token():
    data = { 
      "auth" : {
         "identity" : { 
            "methods" : [ "password" ],
            "password": { 
               "user" : { 
                  "name"  : OS_USERNAME,
                  "domain": { "name": "Default" },
                  "password": OS_PASSWORD
               }
            }
         }
      }   
    }

r = requests.post(
    OS_AUTH_URL+'/auth/tokens',
      headers = HEADERS,
      json    = data,      # https://stackoverflow.com/questions/9733638
      verify  = False
    )
    print(r.content)
    j = json.loads(r.content)
    return j['token']['user']['id']

I get token : in the response

{
  "token": {
    "issued_at": "2018-07-03T11:03:59.000000Z",
    "audit_ids": [
      "Fg1ywtZBQ1CkigCw70If9g"
    ],
    "methods": [
      "password"
    ],
    "expires_at": "2018-07-03T12:03:59.000000Z",
    "user": {
      "password_expires_at": null,
      "domain": {
        "id": "default",
        "name": "Default"
      },
      "id": "e0dc5beb383a46b98dad824c5d76e719",
      "name": "admin"
    }
  }
}

However, when I reuse this token to get e.g. a list of items:

def get_tenantID():
  r = requests.get(
    OS_AUTH_URL+'/auth/projects',
    headers = HEADERS,
    verify  = False
  )
return r
r = get_token()
HEADERS['X-Auth-Project-Id'] = 'admin'
HEADERS['X-Auth-Token'] = r
r = get_tenantID()

I

get this error as if I wasn’t authenticated:

<Response [401]>
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

Googling and using the openstack token issue command tells me that, typically, tokens are more like:

 gAAAAABaCo1F1CIMVlsTBeuqYH8tm2qR29tbkmUL4vZuhCNPXJI39TQ2YzL6Twoj8fNcAyLe3WhCYW2O1YpbBF0G8mo4bt7Kf0IRsoDOoJ6uWa3RYyJ5SQNoB_5n8EnVXbKPxFYOZ_iFBnaVtL1_ XDrGbwsrlDeyy8lZTDdLsqY52pUhFR-7Uow

This is not what I got with get_token.

What am I doing wrong?

Thank you very much!

Solution

When you use the auth API directly, the issued token is in the X-Subject-Token header.

So, to retrieve in your Python example, you can access the response.headers dictionary like this:

token = r.headers['X-Subject-Token']

For more information about authentication, see Keystone v3 docs

Related Problems and Solutions