Main entry point into the EC2 Credentials service.
This service allows the creation of access/secret credentials used for the ec2 interop layer of OpenStack.
A user can create as many access/secret pairs, each of which is mapped to a specific project. This is required because OpenStack supports a user belonging to multiple projects, whereas the signatures created on ec2-style requests don’t allow specification of which project the user wishes to act upon.
To complete the cycle, we provide a method that OpenStack services can use to validate a signature and get a corresponding OpenStack token. This token allows method calls to other services within the context the access/secret was created. As an example, Nova requests Keystone to validate the signature of a request, receives a token, and then makes a request to Glance to list images needed to perform the requested task.
Bases: keystone.contrib.ec2.controllers.Ec2ControllerCommon, keystone.common.controller.V2Controller
Bases: object
Validate a signed EC2 request and provide a token.
Other services (such as Nova) use this admin call to determine if a request they signed received is from a valid user.
If it is a valid signature, an OpenStack token that maps to the user/tenant is returned to the caller, along with all the other details returned from a normal token validation call.
The returned token is useful for making calls to other OpenStack services within the context of the request.
| Parameters: |
|
|---|---|
| Returns: | token: OpenStack token equivalent to access key along with the corresponding service catalog and roles |
Create a secret/access pair for use with ec2 style auth.
Generates a new set of credentials that map the user/tenant pair.
| Parameters: |
|
|---|---|
| Returns: | credential: dict of ec2 credential |
Delete a user’s access/secret pair.
Used to revoke a user’s access/secret pair
| Parameters: |
|
|---|---|
| Returns: | bool: success |
Bases: keystone.contrib.ec2.controllers.Ec2ControllerCommon, keystone.common.controller.V3Controller