curl調用openstack API總結

curl命令是Linux下一個能夠使用多種協議收發數據的工具，包括http協議。
openstack的API接口都是URL地址：
http://controller:35357/v3
能夠使用curl命令進行調用。

本文主要示例如何調用V3版本API。對於V2版本，使用keystone命令加--debug參數，能夠看到keystone調用curl的具體寫法：
[root@controller ~]# keystone --debug role-list
DEBUG:keystoneclient.auth.identity.v2:Making authentication request to http://controller:35357/v2.0/tokens
INFO:urllib3.connectionpool:Starting new HTTP connection (1): controller
DEBUG:urllib3.connectionpool:"POST /v2.0/tokens HTTP/1.1" 200 3348
DEBUG:keystoneclient.session:REQ: curl -i -X GET http://controller:35357/v2.0/OS-KSADM/roles -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: TOKEN_REDACTED"
INFO:urllib3.connectionpool:Starting new HTTP connection (1): controller
DEBUG:urllib3.connectionpool:"GET /v2.0/OS-KSADM/roles HTTP/1.1" 200 410
DEBUG:keystoneclient.session:RESP: [200] {'date': 'Fri, 04 Dec 2015 10:26:12 GMT', 'content-type': 'application/json', 'content-length': '410', 'vary': 'X-Auth-Token'}
RESP BODY: {"roles": [{"id": "298083b7a87743f8bc23396ffafa3c69", "name": "evecom"}, {"id": "503d8c52cb034f6d87b5c1bb451c42ee", "name": "admin"}, {"id": "7c947e8a06454b51a486d7fb20d5b469", "name": "ResellerAdmin"}, {"id": "8ee269abb5904744b7ed608176f103fb", "name": "heat_stack_user"}, {"id": "9fe2ff9ee4384b1894a90878d3e92bab", "name": "_member_"}, {"id": "abbef7735094459ab0800b94846daead", "name": "heat_stack_owner"}]}

+----------------------------------+------------------+
| id | name |
+----------------------------------+------------------+
| 7c947e8a06454b51a486d7fb20d5b469 | ResellerAdmin |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| 503d8c52cb034f6d87b5c1bb451c42ee | admin |
| abbef7735094459ab0800b94846daead | heat_stack_owner |
| 8ee269abb5904744b7ed608176f103fb | heat_stack_user |
+----------------------------------+------------------+
則查看角色能夠用curl寫成：
# curl http://controller:35357/v2.0/OS-KSADM/roles -H "Content-type: application/json" -H "X-Auth-Token:0c17632a554a43bcaf9194dfa01b6f38"|python -mjson.tool

「X-Auth-Token:0c17632a554a43bcaf9194dfa01b6f38」表明token是0c17632a554a43bcaf9194dfa01b6f38。token是用戶登陸後得到的票據，表明這個用戶的權限。token只能使用一段時間，不能無限期使用。除登陸自己，其它API調用都須要傳遞token。V2和V3的token是通用的。

提供user_id和密碼，得到token：
# curl -i -X POST http://controller:35357/v3/auth/tokens -H "Content-type: application/json" -d '{"auth": {"identity": {"methods": ["password"],"password": {"user": {"id": "0ebdfa91267c48ee88876d9f5ee1369b","password": "123456"}}},"scope": {"project": {"id": "f7b8022f0794462ba55accbadf8fda37"}}}}'|grep X-Subject-Token
X-Subject-Token: 81d579ec7c2d48f1a5fe28d7e1258f56
# curl -i -X POST http://controller:35357/v3/auth/tokens -H "Content-type: application/json" -d '{"auth": {"identity": {"methods": ["password"],"password": {"user": {"id": "0355aaaf717f491792161850435878da","password": "123456"}}},"scope": {"domain": {"id": "660450adcc194c0bbf9e462bb21b0935"}}}}'|grep X-Subject-Token
X-Subject-Token: d703659e3560480fbf5a92b772d0d4e4
因爲V3版本用戶認證經過後，token的值返回在HTTP-header當中，故curl命令要加-i參數，表示把HTTP-header也輸出在屏幕，其它API調用不須要加-i參數。
「scope」字段是很重要的，能夠指定用戶所屬的domain_id或者project_id。若是不指定，得到的token沒有權限。

使用admin的token列出全部用戶：
# curl http://controller:35357/v3/users -H "X-Auth-Token:81d579ec7c2d48f1a5fe28d7e1258f56"|python -mjson.tool

只列出domain_id爲660450adcc194c0bbf9e462bb21b0935的用戶：
# curl http://controller:35357/v3/users?domain_id=660450adcc194c0bbf9e462bb21b0935 -H "X-Auth-Token:81d579ec7c2d48f1a5fe28d7e1258f56"|python -mjson.tool

想具體查找其它調用的URL或可傳遞的參數，須要查看API文檔。我如今查看的API文檔叫：openstack-api-ref.pdf

列出全部域：
# curl http://controller:35357/v3/domains -H "X-Auth-Token:81d579ec7c2d48f1a5fe28d7e1258f56"|python -mjson.tool

建立用戶：
# curl -X POST http://controller:35357/v3/users -H "Content-type: application/json" -H "X-Auth-Token:81d579ec7c2d48f1a5fe28d7e1258f56" -d '{"user": {"default_project_id": "c0d6c4a09b7649a19c394a6cd946f53f","domain_id": "660450adcc194c0bbf9e462bb21b0935","enabled": true,"name": "test001","password":"123456"}}'|python -mjson.tool
# curl -X POST http://controller:35357/v3/users -H "Content-type: application/json" -H "X-Auth-Token:81d579ec7c2d48f1a5fe28d7e1258f56" -d '{"user": {"domain_id": "660450adcc194c0bbf9e462bb21b0935","enabled": true,"name": "test002","password":"123456"}}'|python -mjson.tool

受權用戶_member_角色（role_id=9fe2ff9ee4384b1894a90878d3e92bab）以訪問項目（project_id=c0d6c4a09b7649a19c394a6cd946f53f）：
# curl -X PUT http://controller:35357/v3/projects/c0d6c4a09b7649a19c394a6cd946f53f/users/735c4d1fc8eb4bf8b96ee6866b441d9d/roles/9fe2ff9ee4384b1894a90878d3e92bab -H "X-Auth-Token:22142d114ddc454a9fbf6d282793840e"

受權用戶_member_角色（role_id=9fe2ff9ee4384b1894a90878d3e92bab）以訪問項目（domain_id=660450adcc194c0bbf9e462bb21b0935）：
# curl -X PUT http://controller:35357/v3/domains/660450adcc194c0bbf9e462bb21b0935/users/735c4d1fc8eb4bf8b96ee6866b441d9d/roles/9fe2ff9ee4384b1894a90878d3e92bab -H "X-Auth-Token:22142d114ddc454a9fbf6d282793840e"

若是用戶沒有任何角色，沒法得到token。

刪除用戶（user_id=31d38aec54684281a993e248835e6d9b）
# curl -X DELETE http://controller:35357/v3/users/31d38aec54684281a993e248835e6d9b -H "X-Auth-Token:81d579ec7c2d48f1a5fe28d7e1258f56"

至於curl -X參數的類型，須要查看API文檔，若是是GET類型，則不須要加-X參數。