Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Working With OpenStack4j Identity Service (Keystone) V2

DZone's Guide to

Working With OpenStack4j Identity Service (Keystone) V2

If you love Java and OpenStack, then you should take a look at OpenStack4j. This post deals with integrating it to your deployment and common commands to keep in mind.

· Cloud Zone
Free Resource

Are you joining the containers revolution? Start leveraging container management using Platform9's ultimate guide to Kubernetes deployment.

OpenStack4j is an open source library that helps you manage OpenStack deployments. It is a fluent-based API, giving you full control over the various OpenStack services.

We'll grab the latest release of OpenStack4j from the central Maven repository. Starting with version 3.0.0+, OpenStack4j now has the ability to choose the underlying connection framework. By default, the API’s are configured to use the Jersey 2 connector. See optional configuration scenarios below:

Default Setup (Using Jersey2 as the Connector Choice)

<dependency>
    <groupId>org.pacesys</groupId>
    <artifactId>openstack4j</artifactId>
    <version>3.0.3</version>
</dependency>


With Dependencies (All in One JAR)

<dependency>
    <groupId>org.pacesys</groupId>
    <artifactId>openstack4j</artifactId>
    <version>3.0.3</version>
    <classifier>withdeps</classifier>
</dependency>


Using a Connector of Your Choice

  • Declare the OpenStack4j core dependency in your POM.

<dependency>
    <groupId>org.pacesys</groupId>
    <artifactId>openstack4j-core</artifactId>
    <version>3.0.3</version>
</dependency>


  • Declare a connector

<dependency>
    <groupId>org.pacesys.openstack4j.connectors</groupId>
    <artifactId>[ connector artifactId ]</artifactId>
    <version>3.0.3</version>
</dependency>


Valid artifactId's are: openstack4j-jersey2, openstack4j-jersey2-jdk16 [OS4J 2.0.X Only], openstack4j-resteasy, openstack4j-okhttp, and openstack4j-httpclient.

Identity Service V2

The Identity (Keystone) V2 service provides the central directory of users, tenants, service endpoints, and authorization. This API is responsible for authenticating and providing access to all the other OpenStack services. The API also enables administrators to configure centralized access policies, users, and tenants.

Version 2 Authentication

import org.openstack4j.api.OSClient.OSClientV2;
import org.openstack4j.openstack.OSFactory;

OSClientV2 os = OSFactory.builderV2()
                       .endpoint("http://127.0.0.1:5000/v2.0")
                       .credentials("admin","sample")
                       .tenantName("admin")
                       .authenticate();


Regions

OpenStack4j supports the ability to switch from one region to another within the same client. If you have a regional deployment (example: West and East coast) and would like to target certain calls to specific region, see the sample below:

// Switch to East Coast
os.useRegion("EastRegion");
List<? extends Server> eastServers = os.compute().servers().list();

// Switch to West Coast
os.useRegion("WestRegion");
List<? extends Server> westServers = os.compute().servers().list();

// Switch to Default - No region specified
os.removeRegion();


Tenants

In OpenStack user interfaces and documentation, a group of users is referred to as a project or tenant. Users must be associated with at least one tenant and can belong to many.

Creating Tenants

This example will create a new tenant called ABC Corp. Once created, the tenant could then be assigned to users who have access to the resources within this tenant.

Tenant tenant = os.identity().tenants()
                  .create(Builders.identityV2().tenant()
                                .name("ABC Corp")
                                .description("ABC Corporation Tenant")
                                .build());


Querying for Tenants

The examples below are ways to find tenants.

Find all Tenants

List<? extends Tenant> tenants = os.identity().tenants().list();


Find a specific Tenant

// Find by ID
Tenant tenant = os.identity().tenants().get("tenantId");
// Find by Name
tenant = os.identity().tenants().getByName("ABC Corp");


Updating a Tenant

This example will change the name of ABC Corp to ABC Corporation by looking up the tenant and updating it. The example also shows the fluent nature of the API and how easily you can go to and from a mutable state via builder:

Tenant tenant = os.identity().tenants().get("tenantId");
if (tenant != null)
  tenant = os.identity().tenants().update(tenant.builder().name("ABC Corporation").build());


Deleting a Tenant

This example will delete the ABC Corporation tenant we have been working with:

os.identity().tenants().delete(tenant.getId());


User and Role Management

Users and Roles are essentially associated to one another, which is why we’ve covered this in one section.

Create a Tenant and User and Associate a Role

This example covers the most common use case in user management. We will create a new tenant and user, then associate the user to a role. The tenant, since it will be the first tenant assigned to the user, will automatically become the user's default tenant as per OpenStack's documentation. OpenStack ships with two roles (member and admin). In this example, we will assign the member role, which is a non-superuser role.

// Create the Tenant
Tenant abcTenant = os.identity().tenants().create(Builders.identityV2().tenant().name("ABC Corporation").build());

// Create a User associated to the ABC Corporation tenant
User john = os.identity().users()
              .create(Builders.identityV2().user()
                                .name("johndoe")
                                .password("password")
                                .email("jdoe@abccorp.com")
                                .tenant(abcTenant).build());

// Associate the Member role to the John Doe
Role memberRole = os.identity().roles().getByName("Member");
os.identity().roles().addUserRole(abcTenant.getId(), john.getId(), memberRole.getId());


Querying for Users and Roles

Below are common examples of locating users and roles:

// Find all Users
List<? extends User> users = os.identity().users().list();

// Find all Users for a Tenant
List<? extends User> users = os.identity().users().listTenantUsers("tenantId");

// List a Users Global Roles
List<? extends Role> roles = os.identity().users().listRoles("userId");

// List User Roles on a Tenant
List<? extends Role> roles = os.identity().users().listRolesOnTenant("userId", "tenantId");

// Find all Global Roles
List<? extends Role> roles = os.identity().roles().list();

// Get a User by ID
User user = os.identity().users().get("userId");

// Get a Role by ID
Role role = os.identity().roles().get("roleId");

// Get a Role by Name
Role role = os.identity().roles().getByName("Member");


Update a User

The example below shows how to update a user:

// Lookup an existing User
User jdoe = User john = os.identity().users().get("userId");

// Change the user John's email address
jdoe = os.identity().users().update(jdoe.builder().email("newemail@abccorp.com").build());


Toggle Enabled State

// Disable John Doe from having access
User jdoe = os.identity().users().enableUser("userId", false);


Change a User Password

// You must be authenticated with administrative rights to do this operation
os.identity().users().changePassword("userId", "newPassword");


Delete a User or Role

The examples below show how to delete a user and a role:

// Delete a Role
os.identity().roles().delete("roleId");

// Delete a User
os.identity().users().delete("userId");


The above examples should help you understand the basic management of users and roles. There are many other API operations that have not been listed in this guide. 

Services and Endpoints

Services and endpoints are typically not used a lot unless you are in charge of the deployment. Most plugins will automatically associate the service and endpoint information when installed. We cover this in the API of OpenStack4j to be current with all major Identity operations.

Below are various examples of service and endpoint management:

// Lets cut down our method chaining and pre-assign the ServiceManagerService API
ServiceManagerService sm = os.identity().services();

// List Services
List<Service> services = sm.list();

// List Endpoints
List<? extends ServiceEndpoint> ep = sm.listEndpoints();

// Create a Service and Endpoint
Service service = sm.create("Name", "Type", "Description");
ServiceEndpoint sep = sm.createEndpoint("region", service.getId(), "pubURL", "admURL", "intURL");

// Get a Service by ID
Service service = sm.get("serviceId");

// Delete a Service
sm.delete("serviceId");

// Delete a Endpoint
sm.deleteEndpoint("endpointId");


Extensions

Extensions are add-ons to the core OpenStack deployment. Sometimes, it is important to determine whether the deployment has an enhanced feature set available. To get a list of installed extensions, see the example below:

List<? extends Extension> extensions = os.identity().listExtensions();


Token Endpoints

Token endpoints are authorized accessible endpoints through the Identity service. For example, Compute (Nova) is an endpoint. The example below will return a list of all the authorized endpoints for the current authorized user:

List<? extends Endpoint> endpoints = os.identity().listTokenEndpoints();


Using Containers? Read our Kubernetes Comparison eBook to learn the positives and negatives of Kubernetes, Mesos, Docker Swarm and EC2 Container Services.

Topics:
cloud ,openstack4j ,identity management ,tenant management ,tutorial

Published at DZone with permission of Vinod Borole. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}