下载所需要的jar包
==openstack4j-withdeps.jar==
https://oss.sonatype.org/content/repositories/snapshots/org/pacesys/openstack4j/3.0.3-SNAPSHOT/
==slf4j-api-1.6.2.jar==
==slf4j-simple-1.6.1.jar==
keystone
注:认证服务提供用户、组、地区、服务、端点、角色管理和授权的核心指南。这个API负责验证并提供访问所有其他OpenStack服务。该API还允许管理员配置集中的访问策略,用户,域和项目。
创建入口对象
// domain 范围的认证
OSClientV3 os = OSFactory.builderV3()
.endpoint("http://172.18.1.200:5000/v3")
.credentials("admin", "admin", Identifier.byName("default"))
.scopeToProject(Identifier.byId("a0a88a6e588e442d99da8fde65bd23a6"))
.authenticate();
注:后面所有其他api调用都会用到OSClientV3对象。
#
Regions
创建Region
Region region = os.identity().regions()
.create(Builders.regions()
.id("EastRegion")
.description("Region for east coast")
.build());
#
切换到其他Region
os.useRegion("EastRegion");
#
查询全部Region
List<? extends Region> regionList = os.identity().regions().list();
#
查找特定Region
//根据id查找
Region region = os.identity().regions().get("EastRegion");
#
修改Region
//根据id得到region对象,修改其描述
Region region = os.identity().regions().get("EastRegion");
if (region != null)
region = os.identity().regions().update(region.toBuilder().description("East coast region").build());
#
删除Region
os.identity().regions().delete(region.getId());
Domains
创建domain
Domain domain = os.identity().domains().create(Builders.domain()
.name("domainName")
.description("This is a new domain.")
.enabled(true)
.build());
#
查询全部domain
List<? extends Domain> domainList = os.identity().domains().list();
#
查询特定domain
//根据domainid查询
Domain domain = os.identity().domains().get("domainId");
#
修改domain
Domain domain = os.identity().domains().get("domainId");
if (domain != null)
domain = os.identity().domains().update(domain.toBuilder().enabled(false).build());
#
Projects
创建Project
Project project = os.identity().projects().create(Builders.project()
.name("projectName")
.description("This is a new project.")
.enabled(true)
.build());
#
查询全部Project
List<? extends Project> projectList = os.identity().projects().list();
#
查询特定Project
//根据projectId查找
Project project = os.identity().projects().get("projectId");
//根据projectName和projectDomainId查找
Project project = os.identity().projects().getByName("projectName","projectDomainId");
//进入一个domain后根据projectName查找
List<? extends Project> projectList = os.identity().projects().getByName("projectName");
#
修改Project
Project project = os.identity().projects().get("projectId");
if (project != null)
project = os.identity().projects().update(project.toBuilder().enabled(false).build());
#
删除Project
os.identity().projects().delete(project.getId());
Users
创建user
//指定user的名字,描述,密码,email,domainid
User user = os.identity().users().create(Builders.user()
.name("Foobar")
.description("A new user.")
.password("secret")
.email("foobar@example.org")
.domainId("domainId")
.build());
#
查找全部user
List<? extends User> userList = os.identity().users().list();
#
查找特定user
//根据userid查找
User user = os.identity().users().get("userId");
//根据userName和userDomainId查找
User user = os.identity().users().getByName("userName", "userDomainId");
//进入一个domain后根据username查找
List<? extends Users> userList = os.identity().users().getByName("userName");
#
列出用户角色
//同一个domain中
List<? extends Role> domainUserRolesList = os.identity().users().listDomainUserRoles("userId", "domainId");
//同一个项目中
List<? extends Role> projectUserRolesList = os.identity().users().listProjectUserRoles("userId", "projectId");
#
列出用户组
List<? extends Group> userGroupsList = os.identity().users().listUserGroups("userId");
#
修改user
User user = os.identity().users().get("userId");
if (user != null)
user = os.identity().users().update(user.toBuilder().email("foobar@openstack.com").build());
#
删除 User
os.identity().users().delete(user.getId());
Groups
创建Group
Group group = os.identity().groups().create(Builders.group()
.name("myGroup")
.description("A new group.")
.domainId("domainId")
.build());
#
查询全部Group
List<? extends Group> groupList = os.identity().groups().list();
#
查询特定Group
//根据id查找
Group group = os.identity().groups().get("groupId");
//根据名字查找
List<? extends Group> groupList = os.identity().groups().getByName("groupName")
#
根据groupid获取同一group中所有用户组成的List
List<? extends User> userGroupList = os.identity().groups().listGroupUsers("groupId");
#
添加user到Group
os.identity().groups().addUserToGroup("groupId", "userId");
#
判断一个User是否在指定group中
os.identity().groups().checkGroupUser("groupId", "userId");
#
从group中删除user
os.identity().groups().removeUserFromGroup("groupId", "userId");
#
修改group
Group group = os.identity().groups().get("groupId");
if (group != null)
group = os.identity().groups().update(group.toBuilder().description("admin-group").build());
#
删除group
os.identity().groups().delete(group.getId());
Role 管理
创建role
Role role = os.identity().roles().create(Builders.role()
.name("developer")
.build());
#
查询全部role
List<? extends Role> roleList = os.identity().roles().list();
#
查询特定role
//根据id查找
Role role = os.identity().roles().get("roleId");
//根据名字查找
List<? extends Role> roleList = os.identity().roles().getByName("roleName")
role分配
注:授予、撤销、检查
To a User
//在项目中给用户分配角色
ActionResponse grantProjectRole = os.identity().roles().grantProjectUserRole("projectId", "userId", "roleId");
//检查用户是否在项目中有指定的角色
ActionResponse checkProjectRole = os.identity().roles().checkProjectUserRole("projectId", "userId", "roleId");
//在一个项目中撤销一个用户的角色
ActionResponse revokeProjectRole = os.identity().roles().revokeProjectUserRole("projectId", "userId", "roleId");
//在domain中授予用户角色
ActionResponse grantDomainRole = os.identity().roles().grantDomainUserRole("domainId", "userId", "roleId");
//在一个domain中检查一个用户是否有特定的角色
ActionResponse checkDomainRole = os.identity().roles().checkDomainUserRole("domainId", "userId", "roleId");
//在一个domain中撤销一个用户的角色
ActionResponse revokeDomainRole = os.identity().roles().revokeDomainUserRole("domainId", "userId", "roleId");
#
To a Group
//在一个项目中授予一个角色给用户
ActionResponse grantProjectRole = os.identity().roles().grantProjectGroupRole("projectId", "groupId", "roleId");
//在一个项目中检查一个组是否有特定的角色
ActionResponse checkProjectRole = os.identity().roles().checkProjectGroupRole("projectId", "groupId", "roleId");
//在项目中撤销一个组的角色
ActionResponse revokeProjectRole = os.identity().roles().revokeProjectGroupRole("projectId", "groupId", "roleId");
//在一个域中授予一个组给角色
ActionResponse grantDomainRole = os.identity().roles().grantDomainGroupRole("domainId", "groupId", "roleId");
//在一个域检查一个组是否有特定角色
ActionResponse checkDomainRole = os.identity().roles().checkDomainGroupRole("domainId", "groupId", "roleId");
//在域中撤销一个组的角色
ActionResponse revokeDomainRole = os.identity().roles().revokeDomainGroupRole("domainId", "groupId", "roleId");
#
修改role
Role role = os.identity().roles().get("roleId");
if (role != null)
role = os.identity().roles().update(role.toBuilder().name("admin-role").build());
#
删除role
os.identity().roles().delete(role.getId());
服务和端点
创建服务
Service service = os.identity().serviceEndpoints().create(Builders.service()
.type("serviceType")
.name("serviceName")
.description("A new service.")
.enabled(true)
.build());
#
查询全部服务
List<? extends Service> serviceList = os.identity().serviceEndpoints().list();
#
查询特定服务
//根据id查询
Service service = os.identity().serviceEndpoints().get("serviceId");
#
修改服务(描述)
Service service = os.identity().services().get("serviceId");
if (service != null)
service = os.identity().services().update(service.toBuilder().description("Identity V3 Service").build());
#
根据服务ID删除服务
os.identity().services().delete(service.getId());
#
为服务创建一个端点
Endpoint endpoint = os.identity().serviceEndpoints().createEndpoint(Builders.endpoint()
.name("endpointName")
.url(new URL( "http", "devstack.openstack.stack", 5000, "/v3"))
.iFace(Facing.ADMIN).regionId("regionId")
.serviceId("serviceId")
.enabled(true)
.build());
#
查询全部可用端点
List<? extends Endpoint> endpointList = os.identity().serviceEndpoints().listEndpoints()
#
查询特定端点
Endpoint endpoint = os.identity().serviceEndpoints().getEndpoint("endpointId")
#
修改端点
//将端点从http://devstack.openstack.stack:5000/v3变到http://openstack.stack:5000/v3
Endpoint endpoint = os.identity().services().getEndpoint("endpointId");
if (endpoint != null)
endpoint = os.identity().services().updateEndpoint(endpoint.toBuilder().url(new URL( "http", "openstack.stack", 5000, "/v3")).build());
#
删除端点
os.identity().serviceEndpoints().deleteEndpoint("endpointId");
证书
创建证书
Credential credential = os.identity().credentials().create(Builders.credential()
.blob("{\"access\":\"181920\",\"secret\":\"secretKey\"}")
.type("ec2")
.projectId("projectId")
.userId("userId")
.build());
#
查询证书
查询全部证书
List<? extends Credential> credentialList = os.identity().credentials().list();
查询特定证书
//Find by ID
Credential credential = os.identity().credentials().get("credentialId");
#
更新证书
//该例子改变BLOB的证书从{\"access\":\"181920\",\"secret\":\"secretKey\"} 到 {\"access\":\"181920\",\"secret\":\"updatedSecretKey\"}
Credential credential = os.identity().credentials().get("credential id");
if (credential != null)
credential = os.identity().credentials().update(credential.toBuilder()
.blob("{\"access\":\"181920\",\"secret\":\"updatedSecretKey\"}")
.build());
#
删除证书
os.identity().credentials().delete("credentialId");