Frequently Asked Question
How to access the API when using SSO?
Last Updated 11 months ago
First, go to https://sso.massopen.cloud/auth/realms/moc/account and after logging in, go to the password tab and set a password. This will be used to bypass the University/GitHub login, and login directly from SSO.
Now after installing the OpenStack Client, via pip using the following command, you can run openstack cli commands.
Using the CLI
Create an .sh file with the following contents#!/usr/bin/env bashReplace with your username and project name to use.
export OS_AUTH_URL="https://kaizen.massopen.cloud:13000/v3"
export OS_USERNAME=""
export OS_PROJECT_NAME=""
export OS_PROJECT_DOMAIN_NAME="Default"
echo "Please enter your SSO Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "
read -sr OS_PASSWORD_INPUT
export OS_PASSWORD=$OS_PASSWORD_INPUT
export OS_REGION_NAME="moc-kzn"
export OS_AUTH_TYPE="v3oidcpassword"
export OS_IDENTITY_PROVIDER="moc"
export OS_PROTOCOL="openid"
export OS_CLIENT_ID="kaizen-client"
export OS_CLIENT_SECRET="fac377a9-f2ba-41e7-bb7f-4064dd9f4468"
export OS_ACCESS_TOKEN_ENDPOINT="https://sso.massopen.cloud/auth/realms/moc/protocol/openid-connect/token"
export OS_DISCOVERY_ENDPOINT="https://sso.massopen.cloud/auth/realms/moc/.well-known/openid-configuration"
export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3
Now after installing the OpenStack Client, via pip using the following command, you can run openstack cli commands.
pip install python-openstackclient
Using Python
First, make sure that keystoneauth is installed.pip install keystoneauthAfter that you can authenticate with the following (filling in username, password and project_name):
from keystoneauth1 import identityThis session object can be used to instantiate the various clients, like python-novaclient or python-cinderclient.
from keystoneauth1 import session
auth = identity.v3.oidc.OidcPassword(
'https://kaizen.massopen.cloud:13000/v3',
identity_provider='moc',
protocol='openid',
client_id='kaizen-client',
client_secret='fac377a9-f2ba-41e7-bb7f-4064dd9f4468',
access_token_endpoint='https://sso.massopen.cloud/auth/realms/moc/protocol/openid-connect/token',
discovery_endpoint='https://sso.massopen.cloud/auth/realms/moc/.well-known/openid-configuration',
username='',
password='',
project_name='',
project_domain_name='Default'
)
s = session.Session(auth)
Clouds.yaml
clouds: kaizen_oidc: auth: username: "" password: "" project_name: "" identity_provider: "moc" protocol: "openid" client_id: "kaizen-client" client_secret: "fac377a9-f2ba-41e7-bb7f-4064dd9f4468" access_token_endpoint: "https://sso.massopen.cloud/auth/realms/moc/protocol/openid-connect/token" discovery_endpoint: "https://sso.massopen.cloud/auth/realms/moc/.well-known/openid-configuration" auth_url: https://kaizen.massopen.cloud:13000/v3 project_domain_name: "Default" region_name: "moc-kzn" interface: "public" identity_api_version: 3 auth_type: "v3oidcpassword"
Using Application Credentials
This is an alternative approach and doesn't require any of the steps specified above.- Go to https://onboarding.massopen.cloud and log in with your account.
- Select the project you would like to create an application credential for in the dropdown, similar to how you switch projects in the Kaizen dashboard.
- Navigate to Identity > Application Credentials in the sidebar.
- Click Create Application Credential
- Specify a name, everything else is optional.
- After creation, you will be prompted to download an RC file or a clouds.yaml file which looks something like the one below:
kaizen: auth: auth_url: "https://kaizen.massopen.cloud:13000/v3" application_credential_id: "" application_credential_secret: "" region_name: "moc-kzn" interface: "public" identity_api_version: 3 auth_type: "v3applicationcredential"