Keystone Identity API
This article describes the process for getting a Keystone authentication token in order to access the PMK REST API.
Keystone is an open-source identity service (part of the OpenStack ecosystem) which is deployed and leveraged by Platform9 Managed Kubernetes (PMK) to provide distributed access and authentication to the various SaaS Management Plane components, such as PMK UI and the cluster manager or the PMK Qbert API.
In order to access the PMK REST API, you first need to generate a user authentication token via the Keystone service. Follow the steps below to authenticate and retrieve a token.
There are a few pieces of information you'll need to gather ahead of running this script, all of which can be found within the PMK UI:
- Keystone API Endpoint: Navigate to the API Access tab and locate the "API Endpoints" table – there, you will kind the full Keystone URL.
- Username: Click the top right user icon – the email displayed under your name is your username. If you click on "My Account", you may confirm or update this value.
- Password: The password used to log in to the PMK UI and also may be updated under the "My Account" details.
- Project/Tenant: The name of the "Tenant" which you are currently scoped to, via the selected dropdown which is displayed to the left of the user icon.
The variables may alternatively be stored in an OpenRC file which can be consistently sourced prior to running any curl commands to interact with the API.
export OS_AUTH_URL="<KEYSTONE_URL>"export OS_USERNAME="<EMAIL>"export OS_PASSWORD="<PASSWORD>"export OS_PROJECT_NAME="<TENANT_NAME>"curl -D - -sH "Content-Type: application/json" $OS_AUTH_URL/auth/tokens -d '{"auth":{"identity":{"methods":["password"],"password":{"user":{"name":"'$OS_USERNAME'","domain":{"name": "Default"},"password":"'$OS_PASSWORD'"}}},"scope":{"project":{"domain": {"name": "Default"},"name":"'$OS_PROJECT_NAME'"}}}}' | grep -Ei '^X-Subject-Token' | awk '{print $2}'