My understanding is that API keys are a provider's term. They are specially generated per user by the provider.
There are no API keys in a generic OpenStack Identity (keystone folsom) installation. There are just calls you can make to get a token. Depending on the provider you may need just username and password, or username, password, and tenant id. API keys just give users a way to get a token other than username/password. Users still have to get a token. Depending on the provider's configuration, tokens can be either UUID or PKI. In fact, default for the latest daily code (grizzly) is PKI. This has tripped more than a few people up in the last few months. Lots of Identity configuration info here if you're interested: http://docs.openstack.org/developer/keystone/configuration.html Identity experts, please assist in my (probably over-simplified) explanations. :) Anne On Fri, Feb 8, 2013 at 8:55 AM, Emilio García < emilio.gar...@cloudreach.co.uk> wrote: > Hello again, > > Basically I am using Openstack itself, keystone folsom in particular. I > understand then the API keys are just user's passwords? > > Kind regards. > > > On Fri, Feb 8, 2013 at 2:47 PM, Anne Gentle <a...@openstack.org> wrote: > >> >> >> >> On Fri, Feb 8, 2013 at 8:43 AM, Emilio García < >> emilio.gar...@cloudreach.co.uk> wrote: >> >>> Thank your for taking your time answering. >>> >>> I am aware about this not being a Zenoss list, so this was just to give >>> a little bit of background. I can only find this sentence concerning API >>> keys: >>> >>> *Note: An API key — provided by some cloud providers auth systems. You >>> or your OpenStack provider's administrator/support staff can revoke it and >>> generate a new one. While an authentication token can have a short >>> lifespan, an API key lasts until it is regenerated.* >>> >>> However I cannot see anywhere any reference on how to generate API keys >>> (not tokens). It is just like some kind of holy grail which is mentioned >>> but anyone really knows where exactly is. Am I overlooking something very >>> obvious? Closest reference I found suggested that the API key could be just >>> a user's password. Is that so? or is a dead end? >>> >>> >> API keys are specific to the provider. For example, Rackspace lets their >> users authenticate with either a username and password or a username and >> API key. See: >> >> >> http://docs.rackspace.com/servers/api/v2/cs-devguide/content/curl_auth.html >> >> >>> In a nutshell I am very confused about what is a API key exactly and how >>> can they be generated (not a token). >>> >>> >> I think it really depends on your provider. Perhaps some others can chime >> in. >> >> Anne >> >> >>> Kind regards. >>> >>> >>> On Fri, Feb 8, 2013 at 2:34 PM, Anne Gentle <a...@openstack.org> wrote: >>> >>>> Hi Emilio, >>>> >>>> This isn't exactly a Zenoss list, but look under Usage on this page: >>>> https://github.com/zenoss/ZenPacks.zenoss.OpenStack >>>> >>>> The above page doesn't clearly explain the versions of different APIs >>>> from different services. From OpenStack's release perspective for Folsom, >>>> the Identity API is currently v2 and the Compute API is currently v2 (which >>>> is identical to v1.1). So I'm not sure from the Zenoss perspective what API >>>> they are providing support for. >>>> >>>> In the OpenStack docs, this page explains more about tokens and API >>>> keys. API keys are typically given by a particular provider. Tokens are >>>> handed out by Keystone, the Identity service under the OpenStack umbrella. >>>> >>>> http://docs.openstack.org/api/openstack-compute/programmer/content/getting-the-keys-to-the-kingdom.html >>>> >>>> This page describes the process of obtaining a token. >>>> http://docs.openstack.org/api/quick-start/content/index.html#Getting-Credentials-a00665 >>>> >>>> Hope this helps. >>>> Anne >>>> >>>> >>>> On Fri, Feb 8, 2013 at 7:53 AM, Emilio García < >>>> emilio.gar...@cloudreach.co.uk> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I am trying to generate an API key for a Zenpack (Zenoss) to use the >>>>> OpenStack API to gather stats. However I cannot see how to generate a API >>>>> key in the documentation anywhere. How can I do that? Also is it possible >>>>> to use the v1 of the API protocol in Folsom or only v2? >>>>> >>>>> Kind regards. >>>>> >>>>> >>>>> Cloudreach Limited is a limited company registered in England with >>>>> registered number 06975407 >>>>> >>>>> The above terms reflect a potential business arrangement, are provided >>>>> solely as a basis for further discussion, >>>>> and are not intended to be and do not constitute a legally binding >>>>> obligation. No legally binding obligations >>>>> will be created, implied, or inferred until an agreement in final form is >>>>> executed in writing by all parties involved. >>>>> >>>>> This email may be confidential or privileged. If you received this >>>>> communication by mistake, please don't forward >>>>> it to anyone else, please erase all copies and attachments, and please >>>>> let us know that it has gone to the wrong person. >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Mailing list: https://launchpad.net/~openstack >>>>> Post to : openstack@lists.launchpad.net >>>>> Unsubscribe : https://launchpad.net/~openstack >>>>> More help : https://help.launchpad.net/ListHelp >>>>> >>>>> >>>> >>> >>> >>> -- >>> >>> *Emilio Garcia* >>> Systems Developer, Cloudreach Limited >>> [t] +44 20 7183 3893 (ext. 403) >>> [m] +44 7958 036 743 >>> >>> Cloudreach Limited is a limited company registered in England with >>> registered number 06975407 >>> >>> The above terms reflect a potential business arrangement, are provided >>> solely as a basis for further discussion, >>> and are not intended to be and do not constitute a legally binding >>> obligation. No legally binding obligations >>> will be created, implied, or inferred until an agreement in final form is >>> executed in writing by all parties involved. >>> >>> This email may be confidential or privileged. If you received this >>> communication by mistake, please don't forward >>> it to anyone else, please erase all copies and attachments, and please let >>> us know that it has gone to the wrong person. >>> >>> >>> >> > > > > Cloudreach Limited is a limited company registered in England with > registered number 06975407 > > The above terms reflect a potential business arrangement, are provided solely > as a basis for further discussion, > and are not intended to be and do not constitute a legally binding > obligation. No legally binding obligations > will be created, implied, or inferred until an agreement in final form is > executed in writing by all parties involved. > > This email may be confidential or privileged. If you received this > communication by mistake, please don't forward > it to anyone else, please erase all copies and attachments, and please let us > know that it has gone to the wrong person. > > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
