@@ -145,5 +145,224 @@ credentials.
145145This is useful in a Federated environment where one credential give access
146146to many applications/services that the Federation supports. To check how to
147147configure the OpenStackClient to allow Federated users to log in, please check
148- the
149- :ref: `Authentication using federation. <manpage >`
148+ the :ref: `Authentication using federation. <manpage >`
149+
150+ Examples
151+ --------
152+
153+ .. todo: It would be nice to add more examples here, particularly for
154+ complicated things like oauth2
155+
156+ v3password ``
157+ ~~~~~~~~~~~~~~
158+
159+ Using ``clouds.yaml ``:
160+
161+ .. code-block :: yaml
162+
163+ clouds :
164+ demo :
165+ auth :
166+ auth_url : http://openstack.dev/identity
167+ project_name : demo
168+ project_domain_name : default
169+ user_domain_name : default
170+ username : demo
171+ password : password
172+ auth_type : v3password
173+
174+
175+
176+ .. code-block :: bash
177+
178+ $ openstack \
179+ --os-auth-url " http://openstack.dev/identity"
180+ --os-project-name demo \
181+ --os-project-domain-name default \
182+ --os-user-domain-name default \
183+ --os-auth-type=v3password \
184+ --os-username demo \
185+ --os-password password \
186+ server list
187+
188+
189+
190+ .. code-block :: bash
191+
192+ $ export OS_AUTH_URL=" http://openstack.dev/identity"
193+ $ export OS_PROJECT_NAME=demo
194+ $ export OS_PROJECT_DOMAIN_NAME=default
195+ $ export OS_AUTH_TYPE=v3password
196+ $ export OS_USERNAME=demo
197+ $ export OS_PASSWORD=password
198+ $ openstack server list
199+
200+ note ::
201+
202+ If a password is not provided, you will be prompted for one.
203+
204+ ``v3applicationcredential ``
205+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
206+
207+ Using ``clouds.yaml ``:
208+
209+ .. code-block :: yaml
210+
211+ clouds :
212+ demo :
213+ auth :
214+ auth_url : http://openstack.dev/identity
215+ application_credential_id : ${APP_CRED_ID}
216+ application_credential_secret : ${APP_CRED_SECRET}
217+ auth_type : v3applicationcredential
218+
219+
220+
221+ .. code-block :: bash
222+
223+ $ openstack \
224+ --os-auth-url " http://openstack.dev/identity"
225+ --os-auth-type=v3applicationcredential \
226+ --os-application-credential-id=${APP_CRED_ID} \
227+ --os-application-credential-secret=${APP_CRED_SECRET}
228+ server list
229+
230+
231+
232+ .. code-block :: bash
233+
234+ $ export OS_AUTH_URL=" http://openstack.dev/identity"
235+ $ export OS_AUTH_TYPE=v3applicationcredential
236+ $ export OS_APPLICATION_CREDENTIAL_ID=${APP_CRED_ID}
237+ $ export OS_APPLICATION_CREDENTIAL_SECRET=${APP_CRED_SECRET}
238+ $ openstack server list
239+
240+ note ::
241+
242+ You can generate application credentials using the :program: `openstack
243+ application credential create ` command:
244+
245+ .. code-block :: bash
246+
247+ $ readarray -t lines <<< $( openstacktest -f value -c id -c secret)
248+ $ APP_CRED_ID=${lines[0]}
249+ $ APP_CRED_SECRET=${lines[1]}
250+
251+ v3token ``
252+ ~~~~~~~~~~~
253+
254+ Using ``clouds.yaml ``:
255+
256+ .. code-block :: yaml
257+
258+ clouds :
259+ demo :
260+ auth :
261+ auth_url : http://openstack.dev/identity
262+ project_name : demo
263+ project_domain_name : default
264+ token : ${TOKEN}
265+ auth_type : v3token
266+
267+
268+
269+ .. code-block :: bash
270+
271+ $ openstack \
272+ --os-auth-url " http://openstack.dev/identity"
273+ --os-project-name demo \
274+ --os-project-domain-name default \
275+ --os-auth-type=v3token \
276+ --os-token ${TOKEN} \
277+ server list
278+
279+
280+
281+ .. code-block :: bash
282+
283+ $ export OS_AUTH_URL=" http://openstack.dev/identity"
284+ $ export OS_PROJECT_NAME=demo
285+ $ export OS_PROJECT_DOMAIN_NAME=default
286+ $ export OS_AUTH_TYPE=v3token
287+ $ export OS_TOKEN=${TOKEN}
288+ $ openstack server list
289+
290+ note ::
291+
292+ You can generate tokens using the :program: `openstack token issue ` command:
293+
294+ .. code-block :: bash
295+
296+ $ TOKEN=$( openstack token issue -f value -c id)
297+
298+ v3totp ``
299+ ~~~~~~~~~~
300+
301+ .. note ::
302+
303+ The TOTP mechanism is poorly suited to command line-driven API
304+ interactions. Where the TOTP mechanism is configured for a cloud, it is
305+ expected that it is to be used for initial authentication and to create a
306+ token or application credential, which can then be used for future
307+ interactions.
308+
309+ .. note ::
310+
311+ The TOTP mechanism is often combined with other mechanisms to enable
312+ Multi-Factor Authentication, or MFA. The authentication type
313+ ``v3multifactor `` is used in this case, while the ``v3totp `` authentication
314+ type is specified alongside the other mechanisms in ``auth_methods ``.
315+
316+ Using ``clouds.yaml ``:
317+
318+ .. code-block :: yaml
319+
320+ clouds :
321+ demo :
322+ auth :
323+ auth_url : http://openstack.dev/identity
324+ project_name : demo
325+ project_domain_name : default
326+ user_domain_name : default
327+ username : demo
328+ passcode : ${PASSCODE}
329+ auth_type : v3totp
330+
331+
332+
333+ .. code-block :: bash
334+
335+ $ openstack \
336+ --os-auth-url " http://openstack.dev/identity"
337+ --os-project-name demo \
338+ --os-project-domain-name default \
339+ --os-user-domain-name default \
340+ --os-auth-type=v3totp \
341+ --os-username demo \
342+ --os-passcode ${PASSCODE} \
343+ server list
344+
345+
346+
347+ .. code-block :: bash
348+
349+ $ export OS_AUTH_URL=" http://openstack.dev/identity"
350+ $ export OS_PROJECT_NAME=demo
351+ $ export OS_PROJECT_DOMAIN_NAME=default
352+ $ export OS_AUTH_TYPE=v3totp
353+ $ export OS_USERNAME=demo
354+ $ export OS_PASSCODE=${PASSCODE}
355+ $ openstack server list
356+
357+ note ::
358+
359+ The passcode will be generated by an authenticator application such FreeOTP
360+ or Google Authenticator. Refer to your cloud provider's documentation for
361+ information on how to configure an authenticator application, or to the
362+ `Keystone documentation `__ if you are configuring this for your own cloud.
363+
364+ .. __ : https://docs.openstack.org/keystone/latest/admin/auth-totp.html
365+
366+ .. note ::
367+
368+ If a passcode is not provided, you will be prompted for one.
0 commit comments