How to use the OpenStack API using an SSO enabled user
If your OpenStack user account is SSO-enabled, and you want to use the OpenStack API you'll need to make a few changes to your downloaded OpenStack RC file. These changes allow any API calls that you make to be correctly passed to the SSO service.
Downloading your RC file
See the Bind your OpenStack credentials section of How to use the OpenStack Command Line for details on where to get your RC file.
You will require the v3 version of the OpenStack RC file.
Modifying your RC file
Once you've downloaded your RC file, open it in your editor of choice and remove the following line:
now add the following lines to the bottom of the file:
export OS_IDENTITY_PROVIDER="sso" export OS_PROTOCOL="oidc" export OS_AUTH_TYPE="v3oidcpassword"
You also need to add the following items to the bottom of the file, substituting the appropriate values from the table below depending on the OpenStack regions you're connecting to:
export OS_CLIENT_ID="" export OS_CLIENT_SECRET="" export OS_ACCESS_TOKEN_ENDPOINT=""
If you're using terraform, you'll need to append the following to your file:
echo "Generating token..."#(optional) export OS_TOKEN=$(openstack token issue -c id -f value)
Be advised, that the token generated by the above export statement has a lifetime of a couple of hours. You'll need to re-source your RC file if you're working for extended periods.
To avoid the following error when trying to use the OpenStack CLI, it's advisable to use a seperate RC file for use with terraform:
__init__() got an unexpected keyword argument 'token'
Now save your changes and close the file.
Your OpenStack RC file is now ready to be used as normal.
If you find a problem with this article, click Improve this Doc to make the change yourself or raise an issue in GitHub. If you have an idea for how we could improve any of our services, send an email to firstname.lastname@example.org.