[英]OpenStack - KeyStone Requires Authentication 401
我正在嘗試列出項目(但是無論我嘗試這樣做還是嘗試列出用戶,都會發生相同的事情,所以讓我們將錯誤概括為任何API調用)。 每次執行此操作時,都會得到以下HTTP 401代碼:
File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 656, in respond
response.body = self.handler()
File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 188, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/cherrypy/lib/jsontools.py", line 61, in json_handler
value = cherrypy.serving.request._json_inner_handler(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/cherrypy/_cpdispatch.py", line 34, in __call__
return self.callable(*self.args, **self.kwargs)
File "/var/www/frontend/controllers/api/user.py", line 63, in PUT
print keystoneClient.projects.list()
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/v3/projects.py", line 107, in list
**kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 75, in func
return f(*args, **new_kwargs)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 383, in list
self.collection_key)
File "/usr/lib/python2.7/site-packages/keystoneclient/base.py", line 124, in _list
resp, body = self.client.get(url, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 173, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 331, in request
resp = super(LegacyJsonAdapter, self).request(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 98, in request
return self.session.request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 387, in request
auth_headers = self.get_auth_headers(auth)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 647, in get_auth_headers
return auth.get_headers(self, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/plugin.py", line 84, in get_headers
token = self.get_token(session)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 90, in get_token
return self.get_access(session).auth_token
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/base.py", line 136, in get_access
self.auth_ref = self.get_auth_ref(session)
File "/usr/lib/python2.7/site-packages/keystoneauth1/identity/v3/base.py", line 167, in get_auth_ref
authenticated=False, log=False, **rkwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 595, in post
return self.request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
return wrapped(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 484, in request
raise exceptions.from_response(resp, method, url)
Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-39d02130-6f47-4cae-bc30-0b645296752e)
碼:
import cherrypy
import ldap
from keystoneauth1 import loading
from keystoneauth1 import session as session
from keystoneclient.v3 import client as client
from keystoneauth1.identity import v3
import json
# Storing username and password in a cherrypy session
cherrypy.session['username'] = data.get("username")
cherrypy.session['password'] = data.get("password").replace(" ","%20")
# Setting up KeyStone Client
auth = v3.Password(
auth_url = KEYSTONE_URL,
username = cherrypy.session['username'],
password = cherrypy.session['password'],
user_domain_name="default",
domain_name = "default"
)
sess = session.Session(auth=auth, verify='/etc/ssl/certs/ca-bundle.crt')
keystoneClient = client.Client(session=sess)
# Getting list of projects
print keystoneClient.projects.list()
這是在使用普通用戶的憑據時發生的。 如果我使用管理員憑據登錄,則沒有錯誤,並且列出了項目。 我想知道:
要回答第一個問題,您需要一個項目范圍的令牌,因為未作用域的令牌沒有與之關聯的任何角色。 您不能對無作用域的令牌執行任何操作。 這是一種獲取項目范圍令牌的方法:
auth = v3.Password(auth_url=auth_url,
username=username,
password=password,
user_domain_name="default",
project_name=project_name,
project_domain_name="default")
sess = session.Session(auth=auth, verify='/etc/ssl/certs/ca-bundle.crt')
keystoneClient = client.Client(session=sess)
對於普通用戶,您無法取回提供程序中的整個項目列表,這就是為什么使用管理員憑據可以正常使用,但對於普通用戶卻無法使用。
為了解決它,您需要知道該普通用戶的user_id 。 一種方法是使用管理員憑據來獲取梯形客戶端並調用
keystone.users.get(user="username")
或者只是使用OpenStack儀表板並轉到身份儀表板。 有一個名為“ User的面板,您可以從那里看到user_id 。
擁有user_id ,您可以執行以下操作:
keystoneClient.projects.list(user=user_id)
HTH。
openStack - Package:keyStone 錯誤需要不同的 python 版本
[英]openStack - Package : keyStone error requires a different python version
使用OpenStack API時發生未經授權的錯誤,無法從Keystone獲取身份驗證令牌
[英]Unauthorized error when using OpenStack API, can't get authentication token from keystone
創建KeyStone的實例時,OpenStack KeyStone SSL異常
[英]OpenStack KeyStone SSL Exception When Creating an Instance of KeyStone
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.