Created
March 4, 2013 14:17
-
-
Save vkmc/5082502 to your computer and use it in GitHub Desktop.
ec2-credentials removal on tenant deletion
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Keystone ec2-credentials management | |
| Apparently ec2-credentials are not directly related to tenants, and the delete function doesn't provide | |
| a way to select a tenant. | |
| So, when listing credentials-list we get all ec2-credentials for every tenant | |
| [vkmc@thermalx2 devstack]$ keystone ec2-credentials-list | |
| +--------+----------------------------------+----------------------------------+ | |
| | tenant | access | secret | | |
| +--------+----------------------------------+----------------------------------+ | |
| | admin | 47be600ac144482783d091e2bdec8795 | 1a391180d33a41b78e310340e1f00987 | | |
| | demo | c38fe00bfa5a45d2bb39cf0bcf13ccaa | 94977a57d7e54ebba1c6ca8638c1bccd | | |
| +--------+----------------------------------+----------------------------------+ | |
| ec2-credentials creation can be done without specifying a user, nor a tenant | |
| [vkmc@thermalx2 devstack]$ keystone help ec2-credentials-create | |
| usage: keystone ec2-credentials-create [--user-id <user-id>] | |
| [--tenant-id <tenant-id>] | |
| Create EC2-compatible credentials for user per tenant | |
| Optional arguments: | |
| --user-id <user-id> User ID | |
| --tenant-id <tenant-id> | |
| Tenant ID | |
| [vkmc@thermalx2 devstack]$ keystone ec2-credentials-create | |
| +-----------+----------------------------------+ | |
| | Property | Value | | |
| +-----------+----------------------------------+ | |
| | access | 2969382e822945388a75777558be5670 | | |
| | secret | a789d9e315364e7993a5956a0ac24535 | | |
| | tenant_id | 590b7d279d2c4a70b2807c8334870921 | | |
| | user_id | 435738e5c4f449338349b661cdba28ca | | |
| +-----------+----------------------------------+ | |
| Here we created a new ec2-credential for user admin in tenant demo (current user, current tenant) | |
| [vkmc@thermalx2 devstack]$ keystone ec2-credentials-list | |
| +--------+----------------------------------+----------------------------------+ | |
| | tenant | access | secret | | |
| +--------+----------------------------------+----------------------------------+ | |
| | admin | 47be600ac144482783d091e2bdec8795 | 1a391180d33a41b78e310340e1f00987 | | |
| | demo | 2969382e822945388a75777558be5670 | a789d9e315364e7993a5956a0ac24535 | | |
| | demo | c38fe00bfa5a45d2bb39cf0bcf13ccaa | 94977a57d7e54ebba1c6ca8638c1bccd | | |
| +--------+----------------------------------+----------------------------------+ | |
| If we decide to delete ec2-credentials, we should first get the id of all those users related to the tenant, | |
| filter by tenant and delete | |
| [vkmc@thermalx2 devstack]$ keystone help ec2-credentials-delete | |
| usage: keystone ec2-credentials-delete [--user-id <user-id>] --access | |
| <access-key> | |
| Delete EC2-compatible credentials | |
| Optional arguments: | |
| --user-id <user-id> User ID | |
| --access <access-key> | |
| Access Key | |
| To ec2-credentials by user | |
| [vkmc@thermalx2 devstack]$ keystone help ec2-credentials-list | |
| usage: keystone ec2-credentials-list [--user-id <user-id>] | |
| List EC2-compatible credentials for a user | |
| Optional arguments: | |
| --user-id <user-id> User ID | |
| This can be done in the same moment we remove the associated role in a tenant. | |
| We should first solve the issue related to role removal. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment