Red Hat’s Adam Young offers this tutorial.


Say you have an AUTH_URL like this:

$ echo $OS_AUTH_URL

And now you want to do something with it. You might think you can get the info you want from the /v3 url, but it does not tell you much:

$ curl $OS_AUTH_URL
 {"version": {"status": "stable", 
              "updated": "2016-10-06T00:00:00Z", 
              "media-types": [{"base": "application/json", 
                               "type": "application/vnd.openstack.identity-v3+json"}], 
              "id": "v3.7",
              "links": [{"href": "",
                         "rel": "self"}]}
[ayoung@ayoung541 salab]$

Not too helpful. Turns out, though, that there is data, it is just requires the json-home accepts header.

You access the document like this:

$ curl $OS_AUTH_URL -H "Accept: application/json-home"

I’m not going to past the output: it is huge.

Here is how I process it:

$ curl $OS_AUTH_URL -H "Accept: application/json-home" | jq '. | .resources '

Will format somewhat legibly. To get a specific section, say the endpoint list you can find it in the doc like this:

"": {
"href": "/endpoints"

And to pull it out programatically:

$ curl -s $OS_AUTH_URL -H "Accept: application/json-home" | jq '. \
  | .resources |\
  | .href' "/endpoints"


This post first appeared on Adam Young’s blog.

For more on Keystone, an OpenStack service that provides API client authentication, service discovery and distributed multi-tenant authorization, check out the project Wiki.

Superuser is always interested in community content – get in touch: