Keystone is a proposed independent authentication service for OpenStack.
This initial proof of concept aims to address the current use cases in Swift and Nova which are:
- REST-based, token auth for Swift
- many-to-many relationship between identity and tenant for Nova.
- Keystone - authentication service
- Auth_Token - WSGI middleware that can be used to handle token auth protocol (WSGI or remote proxy)
- Echo - A sample service that responds by returning call details
Also included:
- Auth_Basic - Stub for WSGI middleware that will be used to handle basic auth
- Auth_OpenID - Stub for WSGI middleware that will be used to handle openid auth protocol
- RemoteAuth - WSGI middleware that can be used in services (like Swift, Nova, and Glance) when Auth middleware is running remotely
- bottle
- eventlet
- lxml
- Paste
- PasteDeploy
- PasteScript
- SQLAlchemy
- SQLite3
- webob
Install http://pypi.python.org/pypi/setuptools
sudo easy_install bottle
sudo easy_install eventlet
sudo easy_install lxml
sudo easy_install paste
sudo easy_install pastedeploy
sudo easy_install pastescript
sudo easy_install pysqlite
sudo easy_install sqlalchemy
sudo easy_install webob
Or using pip:
sudo pip install -r pip-requires
$ cd keystone
$ python identity.py
Standalone stack (with Auth_Token)
$ cd echo/echo
$ python echo.py
Distributed stack (with RemoteAuth local and Auth_Token remote)
$ cd echo/echo
$ python echo.py --remote
in separate session
$ cd keystone/auth_protocols
$ python auth_token.py --remote
$ cd echo/echo
$ python echo_client.py
$ python setup.py build
$ sudo python setup.py install
$ cd echo
$ python setup.py build
$ sudo python setup.py install
After starting identity.py a keystone.db sql-lite database should be created.
To test setup the test database:
$ sqlite3 keystone/keystone.db < test/test_setup.sql
To clean the test database
$ sqlite3 keystone/keystone.db < test/kill.sql
To run unit tests:
$ python test/unit/test_identity.py
To run client demo (with all auth middleware running locally on sample service):
$ python echo/echo/echo.py
$ python echo/echo/echo_client.py
To perform contract validation and load testing, use SoapUI (for now).
Using SOAPUI:
Download SOAPUI:
To Test Identity Service:
- File->Import Project
- Select tests/IdentitySOAPUI.xml
- Double click on "Keystone Tests" and press the green play (>) button
In order to run the unit test on identity services, run from the keystone directory
python identity.py
Once the Identity service is running, go to unit test/unit directory
python test_identity.py
For more on unit testing please refer
python test_identity --help
CREATE TABLE groups(group_id varchar(255),group_desc varchar(255),tenant_id varchar(255),FOREIGN KEY(tenant_id) REFERENCES tenant(tenant_id));
CREATE TABLE tenants(tenant_id varchar(255), tenant_desc varchar(255), tenant_enabled INTEGER, PRIMARY KEY(tenant_id ASC));
CREATE TABLE token(token_id varchar(255),user_id varchar(255),expires datetime,tenant_id varchar(255));
CREATE TABLE user_group(user_id varchar(255),group_id varchar(255), FOREIGN KEY(user_id) REFERENCES user(id), FOREIGN KEY(group_id) REFERENCES groups(group_id));
CREATE TABLE user_tenant(tenant_id varchar(255),user_id varchar(255),FOREIGN KEY(tenant_id) REFERENCES tenant(tenant_id),FOREIGN KEY(user_id) REFERENCES user(id));
CREATE TABLE users(id varchar(255),password varchar(255),email varchar(255),enabled integer);