Recently, I needed to build a project for OpenStack that required that I not know the end-user’s authentication method. I had used the clouds.yaml (cloud configuration file) approach before, so I thought I’d give it a go and test it out with a few authentication scenarios I’m familiar with. I found, not to my surprise, that there were no examples showing how to use this very handy configuration file format with anything besides the standard “v3password” mechanism. Boring.
Here’s an example of using the v3samlpassword authentication method (SAML 2.0 ECP) using the same dummy data used from a related article – Use OpenStack CLI with SAML 2.0 ECP
(venv) [email protected]:~> cat clouds.yaml clouds: ellingson: auth_type: v3samlpassword auth_url: https://cloud.example.org:13000/v3 auth: project_id: __MYPROJECTID__ project_name: __MYPROJECT__ project_domain_name: __MYDOMAIN__ username: __MYUSERNAME__ password: __MYPASSWORD__ # Federation Identity Provider (IdP) can be found using the following: # openstack identity provider list identity_provider: __MYIDP__ # Federation protocol can be found using the following: # openstack federation protocol list --identity-provider "__MYIDP__" protocol: __MYPROTOCOL__ identity_provider_url: https://example.org/idp/saml2/idp/SSOService.php region_name: regionOne interface: public version: 3 cacert: /path/to/server-ca.crt