-
Giuseppe Attardi authoredGiuseppe Attardi authored
@ WARNING: Obsolete, this has been incorporated in cloud/charms/keystone
Update Remote IDs
A simple python script that GET a list of Identity Providers entityIDs
from a DiscoFeed URL, and convert it to a format suitable to update the
OpenStack Keystone identity provider remote_ids value.
The script use only core python libraries (no pip, no virtualenv), so it should be suitable to be runned with standard python distribution, and to be directly called by cron or other system components.
Usage
./update-remote-ids.py [--json] [--no-cert] DISCOFEED_URL OUTFILEThe --nocert option is used to skip certificate validation
in HTTPS DISCOFEED_URLs.
The --json option will create a JSON output, otherwise a plaintext one.
Examples
Running the script along with a Shibboleth Service Provider and a valid HTTPS endpoint.
JSON
./update-remote-ids.py --json https://KEYSTONE_URL/Shibboleth.sso/DiscoFeed /tmp/remote_ids.jsonThe file /tmp/remote_ids.json will be populated with the available IdP entityIDs:
{"identity_provider":
{"remote_ids":
[ entityID, ... ]
}
}Using the output to feed the remote_ids value with OpenStack API call:
curl -s -X PATCH \
-H "X-Auth-Token: $OS_TOKEN" \
-H "Content-Type: application/json" \
-d @/tmp/remote_ids.json \
KEYSTONE_URL/v3/OS-FEDERATION/identity_providers/{id}Plaintext file
./update-remote-ids.py KEYSTONE_URL/Shibboleth.sso/DiscoFeed /tmp/remote_ids.txtThe file /tmp/remote_ids.txt will be populated with the available IdP entityIDs:
entityID-1
..
entityID-NUsing the output to feed the remote_ids value with OpenStack CLI:
openstack identity provider set IDPNAME --remote-id-file /tmp/remote_ids.txt