Is it necessary to create a token each time you do things in OpenStack? #320
Comments
|
You cannot use credential (username and password) directly. This model is
imposed by Identity for security reason.
HP
…On Wed, 2 Dec 2020 at 3:17 PM, AlD ***@***.***> wrote:
This is my code to, for example, list objects in a storage:
// Get Token
$client = new \GuzzleHttp\Client(['base_uri' => 'https://auth.cloud.ovh.net/v3/']);
$token = new \OpenStack\Identity\v3\Models\Token($client, new \OpenStack\Identity\v3\Api());
$token->create([ 'user' => [ 'name' => $userId, 'domain' => [ 'name' => 'Default' ], 'password' => $password ] ]);
$mytoken = $token->export();
// Get Storage info
$openstack = new \OpenStack\OpenStack([
'authUrl' => $authUrl,
'region' => $region,
'user' => [ 'name' => $userId, 'password' => $password, 'domain' => [ 'name' => 'Default' ] ],
'scope' => [
'project' => [ 'id' => $projectId, 'domain' => [ 'name' => 'Default' ] ]
],
'cachedToken' => $mytoken,
]);
$container = $openstack->objectStoreV1() ->getContainer($containerName);
If I don't use the "cachedToken" in the command, got from previously "get
token" section, it does not work, although I use credentials (user,
password...). Do I have to use "cachedToken" attribute always?
The error without using the cachedToken is:
HTTP Error
~~~~~~~~~~
The remote server returned a "401 Unauthorized" error for the following transaction:
Request
~~~~~~~
POST /v1/AUTH_********************************/auth/tokens HTTP/1.1
User-Agent: GuzzleHttp/7
Content-Type: application/json
Host: storage.gra.cloud.ovh.net
I've seen it has an expiration of 24 hours ... I know I can "save" it to a
file and use it at least 24 hours ... the question is, is there a way to
use, for example, the objectStoreV1 method, without using token and using
the real credentials (user, password should be enough, right?)
Thank you
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#320>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGARMVRFYF7WIM6RJGJCGLSSXS2DANCNFSM4UKCSJ5A>
.
|
|
Then why in all documentation examples is not the cachedToken parameter? |
|
1. Either cachedToken or credentials should be used, not both at the same
time. When supplying user and password, the sdk exchange for a token which
adds a small overhead.
2. CachedToken enables a very specified use case and comes with caveats eg
managing life cycle of token. General usage, therefore, dont have to use
cachedToken
…On Wed, 2 Dec 2020 at 3:29 PM, AlD ***@***.***> wrote:
Then why in all documentation examples is not the cachedToken parameter?
https://php-openstack-sdk.readthedocs.io/en/latest/services/object-store/v1/objects.html#create-an-object
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#320 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGARMTGKA7TBEJLAIO6IS3SSXUGTANCNFSM4UKCSJ5A>
.
|
|
Well, that's my point ! If I use the command with credentials and without the cachedToken , it does not work: The error is shown above, the error without using the cachedToken is: HTTP Error |
Same issue. @dantart did you resolve? I can comment out the user field in $openstack object, but $token is required |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is my code to, for example, list objects in a storage:
If I don't use the "cachedToken" in the command, got from previously "get token" section, it does not work, although I use credentials (user, password...). Do I have to use "cachedToken" attribute always?
The error without using the cachedToken is:
I've seen it has an expiration of 24 hours ... I know I can "save" it to a file and use it at least 24 hours ... the question is, is there a way to use, for example, the objectStoreV1 method, without using token and using the real credentials (user, password should be enough, right?)
Thank you
The text was updated successfully, but these errors were encountered: