Main entry point into the EC2 Credentials service.
This service allows the creation of access/secret credentials used for the ec2 interop layer of OpenStack.
A user can create as many access/secret pairs, each of which map to a specific tenant. This is required because OpenStack supports a user belonging to multiple tenants, whereas the signatures created on ec2-style requests don’t allow specification of which tenant the user wishs to act upon.
To complete the cycle, we provide a method that OpenStack services can use to validate a signature and get a corresponding openstack token. This token allows method calls to other services within the context the access/secret was created. As an example, nova requests keystone to validate the signature of a request, receives a token, and then makes a request to glance to list images needed to perform the requested task.
Bases: keystone.common.wsgi.Application
Validate a signed EC2 request and provide a token.
Other services (such as Nova) use this admin call to determine if a request they signed received is from a valid user.
If it is a valid signature, an openstack token that maps to the user/tenant is returned to the caller, along with all the other details returned from a normal token validation call.
The returned token is useful for making calls to other OpenStack services within the context of the request.
Parameters: |
|
---|---|
Returns: | token: openstack token equivalent to access key along with the corresponding service catalog and roles |
Create a secret/access pair for use with ec2 style auth.
Generates a new set of credentials that map the the user/tenant pair.
Parameters: |
|
---|---|
Returns: | credential: dict of ec2 credential |
Delete a user’s access/secret pair.
Used to revoke a user’s access/secret pair
Parameters: |
|
---|---|
Returns: | bool: success |
Retreive a user’s access/secret pair by the access key.
Grab the full access/secret pair for a given access key.
Parameters: |
|
---|---|
Returns: | credential: dict of ec2 credential |
List all credentials for a user.
Parameters: |
|
---|---|
Returns: | credentials: list of ec2 credential dicts |
Bases: keystone.common.wsgi.ExtensionRouter
Bases: keystone.common.manager.Manager
Default pivot point for the EC2 Credentials backend.
See keystone.common.manager.Manager for more details on how this dynamically calls the backend.