Linked Horizon to this bug for historical context. The maintainers for python-openstackclient no longer use launchpad, so we'll have to track this separately with Storyboard [0].
[0] https://storyboard.openstack.org/#!/project_group/80 ** Also affects: horizon Importance: Undecided Status: New ** Changed in: keystone Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1805817 Title: provide a 'whoami' service for authenticated users Status in OpenStack Dashboard (Horizon): New Status in OpenStack Identity (keystone): Invalid Bug description: It would be very helpful if keystone could provide a 'whoami' service to users and other projects, for example for building clouds.yaml and openstackrc files to horizon interface / openstack client and API users openstack user show admin +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 22b8b60e6***************b | | name | admin | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ This is not very useful. - and I need a working RC file to get this far! Federated users have to build their own clouds.yaml and need to find out fairly low level details from multiple systems for example with a SAML user: -os-auth-type v3samlpassword --os-identity-provider <name of ido in keystone> --os-identity-provider-url <ECP endpoint> --os-protocol saml2 --os-username <federated username> --os-password --os-auth-url http://sp.keystone:5000/v3 --os-project-name demo --os-project-domain-name Default --os-identity-api-versione 3 I logged this with the horizon team, who suggested I log it here. Currently Horizon builds environment variables for users in a static way, it's quite messy and will only ever work for manual users export OS_AUTH_URL= # With the addition of Keystone we have standardized on the term **project** # as the entity that owns the resources. export OS_PROJECT_ID= export OS_PROJECT_NAME= export OS_USER_DOMAIN_NAME= if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi export OS_PROJECT_DOMAIN_ID="default" if [ -z "$OS_PROJECT_DOMAIN_ID" ]; then unset OS_PROJECT_DOMAIN_ID; fi # unset v2.0 items in case set unset OS_TENANT_ID unset OS_TENANT_NAME # In addition to the owning entity (tenant), OpenStack stores the entity # performing the action as the **user**. export OS_USERNAME= # With Keystone you pass the keystone password. echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: " read -sr OS_PASSWORD_INPUT export OS_PASSWORD=$OS_PASSWORD_INPUT # If your configuration has multiple regions, we set that information here. # OS_REGION_NAME is optional and only valid in certain environments. export OS_REGION_NAME="RegionOne" # Don't leave a blank variable, unset it if it was empty if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi export OS_INTERFACE= export OS_IDENTITY_API_VERSION= It's quite ironic given that keystone is a discovery service too ;-) here's the original bug on Horizon https://bugs.launchpad.net/horizon/+bug/1795851 and this is an abomination :-/ https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/api_access/templates/api_access/openrc.sh.template thanks! .....I love keystone To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1805817/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
