Ask Your Question

Heat OS::Keystone::User return user name not just user id

asked 2017-01-26 12:03:56 -0500

jidar gravatar image

I'm attempting to create a user inside of a heat stack, give that user read access to a swift container and then build some servers that pull content out of the swift container. Seems simple enough, right?

The first issue arises when I try to build a curl GET against swift using the user id and password. For whatever reason OSP10 requires v2 keystone tokens to use swift. I suppose there is a chance I could use tempURLs here, but haven't followed up on that.

So here is how I pull down my token, and then list the contents of a container (and then download)


OUTPUT=$(curl -sS -d '
{ "auth":
  { "tenantName": "admin", 
      { "username": "foo-stackuser1", "password": "<somepassword>" }
}' -H "Content-type: application/json" http://<someURL>:5000/v2.0/tokens | jq --raw-output '')

curl -X GET -i $publicURL/c1 -H "X-Auth-Token: ${OUTPUT}"

Keep in mind here, that the v2 api's don't let me use a userid for passwordCredentials v2 api found here

The heat stack that's generating the foo-stackuser1 looks like this,

heat_template_version: 2013-05-23

description: Sample Keystone User template

    type: string
    description: Keystone user password

    type: OS::Keystone::User
      name: foo-stackuser1
      domain: default
      password: {get_param: user_password}
      default_project: admin
        - role: _member_
          project: admin
    value: {get_resource: admin_user}

The thing is, I'm really not interested in hard-setting the foo-stackuser and I'd prefer to nix the name: field entirely. However, I can't find a way to get the return value of admin_user to include the username (only the user id).

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2017-01-27 10:52:19 -0500

zaneb gravatar image

It looks like there's no attribute defined for the name, which doesn't make sense when the name property is optional and Heat can autogenerate a name for you. Please raise a bug for that.

In the meantime, you should be able to work around this by using {get_attr: [admin_user, show, name]}.

edit flag offensive delete link more


This might be more heat specific, but is there any way for me to determine the data type or possible outputs in heat? For instance, get_attr: ... then show how do we know that there is a name in that? Regular show doesn't include name but {get_attr: [admin_user, show, name]} works...

jidar gravatar imagejidar ( 2017-01-27 12:40:02 -0500 )edit

The show attribute just returns all of the data we get from making a client API call requesting the resource. It's possible that the CLI commands don't always expose the same data, though I'd expect them to usually. You can always request just the bare 'show' attribute to see what it contains.

zaneb gravatar imagezaneb ( 2017-01-27 13:01:45 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-01-26 12:03:56 -0500

Seen: 129 times

Last updated: Jan 27