Fixes #3084: Implement OpenStack Identity V3 API
Fog::Identity::OpenStack.new() will return either a V2 API object or a V3 API object depending on the auth URL Fog::OpenStack::Core.authenticate switches on the auth URL to call the V2 or V3 authentication API
This commit is contained in:
parent
2ed8c48cec
commit
803dedb297
3
Rakefile
3
Rakefile
|
@ -78,6 +78,9 @@ namespace :test do
|
|||
task :openstack do
|
||||
sh("export FOG_MOCK=#{mock} && bundle exec shindont tests/openstack")
|
||||
end
|
||||
task :openstack_idv3 do
|
||||
sh("export FOG_MOCK=#{mock} && bundle exec rspec spec/fog/openstack/identity_v3_spec.rb")
|
||||
end
|
||||
task :cloudstack do
|
||||
sh("export FOG_MOCK=#{mock} && bundle exec shindont tests/cloudstack")
|
||||
end
|
||||
|
|
|
@ -84,6 +84,9 @@ Gem::Specification.new do |s|
|
|||
s.add_development_dependency("simplecov")
|
||||
s.add_development_dependency("thor")
|
||||
s.add_development_dependency("yard")
|
||||
s.add_development_dependency("rspec-core")
|
||||
s.add_development_dependency("vcr")
|
||||
s.add_development_dependency("webmock")
|
||||
|
||||
s.files = `git ls-files`.split("\n")
|
||||
s.test_files = `git ls-files -- {spec,tests}/*`.split("\n")
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
require 'fog/openstack/compute'
|
||||
require 'fog/openstack/identity'
|
||||
require 'fog/openstack/identity_v2'
|
||||
require 'fog/openstack/image'
|
||||
require 'fog/openstack/metering'
|
||||
require 'fog/openstack/network'
|
||||
|
|
|
@ -337,7 +337,7 @@ module Fog
|
|||
:openstack_endpoint_type => @openstack_endpoint_type
|
||||
}
|
||||
|
||||
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
|
||||
credentials = Fog::OpenStack.authenticate(options, @connection_options)
|
||||
|
||||
@current_user = credentials[:user]
|
||||
@current_tenant = credentials[:tenant]
|
||||
|
|
|
@ -414,13 +414,7 @@ module Fog
|
|||
:openstack_endpoint_type => @openstack_endpoint_type
|
||||
}
|
||||
|
||||
if @openstack_auth_uri.path =~ /\/v2.0/
|
||||
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
|
||||
elsif @openstack_auth_uri.path =~ /\/v3/
|
||||
credentials = Fog::OpenStack.authenticate_v3(options, @connection_options)
|
||||
else
|
||||
credentials = Fog::OpenStack.authenticate_v1(options, @connection_options)
|
||||
end
|
||||
credentials = Fog::OpenStack.authenticate(options, @connection_options)
|
||||
|
||||
@current_user = credentials[:user]
|
||||
@current_tenant = credentials[:tenant]
|
||||
|
|
|
@ -177,10 +177,11 @@ module Fog
|
|||
def self.authenticate_v3(options, connection_options = {})
|
||||
uri = options[:openstack_auth_uri]
|
||||
tenant_name = options[:openstack_tenant]
|
||||
project_name = options[:openstack_project_name]
|
||||
service_type = options[:openstack_service_type]
|
||||
service_name = options[:openstack_service_name]
|
||||
identity_service_type = options[:openstack_identity_service_type]
|
||||
endpoint_type = (options[:openstack_endpoint_type] || 'public').to_s
|
||||
endpoint_type = map_endpoint_type(options[:openstack_endpoint_type] || 'publicURL')
|
||||
openstack_region = options[:openstack_region]
|
||||
|
||||
body, token_headers = retrieve_tokens_v3(options, connection_options)
|
||||
|
@ -190,6 +191,29 @@ module Fog
|
|||
options[:unscoped_token] = token_headers['X-Subject-Token']
|
||||
|
||||
unless service
|
||||
unless project_name
|
||||
request_body = {
|
||||
:expects => [200],
|
||||
:headers => {'Content-Type' => 'application/json',
|
||||
'Accept' => 'application/json',
|
||||
'X-Auth-Token' => token_headers['X-Subject-Token']},
|
||||
:method => 'GET'
|
||||
}
|
||||
user_id = body['token']['user']['id']
|
||||
response = Fog::Core::Connection.new(
|
||||
"#{uri.scheme}://#{uri.host}:#{uri.port}/v3/users/#{user_id}/projects", false, connection_options).request(request_body)
|
||||
|
||||
projects_body = Fog::JSON.decode(response.body)
|
||||
if projects_body['projects'].empty?
|
||||
raise Fog::Errors::NotFound.new('No Project Found')
|
||||
else
|
||||
options[:openstack_project_name] = projects_body['projects'].first['name']
|
||||
options[:openstack_domain_name] = body['token']['user']['domain']['name']
|
||||
end
|
||||
end
|
||||
|
||||
tenant_name = options[:openstack_project_name]
|
||||
|
||||
unless tenant_name
|
||||
response = Fog::Core::Connection.new(
|
||||
"#{uri.scheme}://#{uri.host}:#{uri.port}/v3/projects", false, connection_options).request({
|
||||
|
@ -211,8 +235,6 @@ module Fog
|
|||
service = get_service(body, service_type, service_name)
|
||||
end
|
||||
|
||||
endpoint_type = 'public'
|
||||
|
||||
service['endpoints'] = service['endpoints'].select do |endpoint|
|
||||
endpoint['region'] == openstack_region && endpoint['interface'] == endpoint_type
|
||||
end if openstack_region
|
||||
|
@ -238,13 +260,14 @@ module Fog
|
|||
admin = true if r["name"] == "admin"
|
||||
end
|
||||
|
||||
if service['endpoints'].count > 1 and not admin
|
||||
regions = service["endpoints"].map{ |e| e['region'] }.uniq.join(',')
|
||||
raise Fog::Errors::NotFound.new("Multiple regions available choose one of these '#{regions}'")
|
||||
regions = service["endpoints"].map{ |e| e['region'] }.uniq
|
||||
if regions.count > 1 and not admin
|
||||
raise Fog::Errors::NotFound.new("Multiple regions available choose one of these '#{regions.join(',')}'")
|
||||
end
|
||||
|
||||
identity_service = get_service(body, identity_service_type) if identity_service_type
|
||||
tenant = body['token']['project']['name']
|
||||
tenant = body['token']['project']['name'] if body['token']['project']
|
||||
tenant = body['token']['user']['project']['name'] unless body['token']['project']
|
||||
user = body['token']['user']['name']
|
||||
|
||||
management_url = service['endpoints'].find{|s| s["interface"][endpoint_type]}["url"]
|
||||
|
@ -411,5 +434,17 @@ module Fog
|
|||
'%' + $1.unpack('H2' * $1.bytesize).join('%').upcase
|
||||
end
|
||||
end
|
||||
|
||||
def self.map_endpoint_type type
|
||||
case type
|
||||
when "publicURL"
|
||||
"public"
|
||||
when "internalURL"
|
||||
"internal"
|
||||
when "adminURL"
|
||||
"admin"
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,269 +3,41 @@ require 'fog/openstack/core'
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack < Fog::Service
|
||||
requires :openstack_auth_url
|
||||
recognizes :openstack_auth_token, :openstack_management_url, :persistent,
|
||||
:openstack_service_type, :openstack_service_name, :openstack_tenant,
|
||||
:openstack_api_key, :openstack_username, :openstack_current_user_id,
|
||||
:current_user, :current_tenant,
|
||||
:openstack_endpoint_type, :openstack_region
|
||||
|
||||
model_path 'fog/openstack/models/identity'
|
||||
model :tenant
|
||||
collection :tenants
|
||||
model :user
|
||||
collection :users
|
||||
model :role
|
||||
collection :roles
|
||||
model :ec2_credential
|
||||
collection :ec2_credentials
|
||||
|
||||
request_path 'fog/openstack/requests/identity'
|
||||
|
||||
request :check_token
|
||||
request :validate_token
|
||||
|
||||
request :list_tenants
|
||||
request :create_tenant
|
||||
request :get_tenant
|
||||
request :get_tenants_by_id
|
||||
request :get_tenants_by_name
|
||||
request :update_tenant
|
||||
request :delete_tenant
|
||||
|
||||
request :list_users
|
||||
request :create_user
|
||||
request :update_user
|
||||
request :delete_user
|
||||
request :get_user_by_id
|
||||
request :get_user_by_name
|
||||
request :add_user_to_tenant
|
||||
request :remove_user_from_tenant
|
||||
|
||||
request :list_endpoints_for_token
|
||||
request :list_roles_for_user_on_tenant
|
||||
request :list_user_global_roles
|
||||
|
||||
request :create_role
|
||||
request :delete_role
|
||||
request :delete_user_role
|
||||
request :create_user_role
|
||||
request :get_role
|
||||
request :list_roles
|
||||
|
||||
request :set_tenant
|
||||
|
||||
request :create_ec2_credential
|
||||
request :delete_ec2_credential
|
||||
request :get_ec2_credential
|
||||
request :list_ec2_credentials
|
||||
|
||||
class Mock
|
||||
attr_reader :auth_token
|
||||
attr_reader :auth_token_expiration
|
||||
attr_reader :current_user
|
||||
attr_reader :current_tenant
|
||||
attr_reader :unscoped_token
|
||||
|
||||
def self.data
|
||||
@users ||= {}
|
||||
@roles ||= {}
|
||||
@tenants ||= {}
|
||||
@ec2_credentials ||= Hash.new { |hash, key| hash[key] = {} }
|
||||
@user_tenant_membership ||= {}
|
||||
|
||||
@data ||= Hash.new do |hash, key|
|
||||
hash[key] = {
|
||||
:users => @users,
|
||||
:roles => @roles,
|
||||
:tenants => @tenants,
|
||||
:ec2_credentials => @ec2_credentials,
|
||||
:user_tenant_membership => @user_tenant_membership
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
def self.reset!
|
||||
@data = nil
|
||||
@users = nil
|
||||
@roles = nil
|
||||
@tenants = nil
|
||||
@ec2_credentials = nil
|
||||
end
|
||||
|
||||
def initialize(options={})
|
||||
@openstack_username = options[:openstack_username] || 'admin'
|
||||
@openstack_tenant = options[:openstack_tenant] || 'admin'
|
||||
@openstack_auth_uri = URI.parse(options[:openstack_auth_url])
|
||||
@openstack_management_url = @openstack_auth_uri.to_s
|
||||
|
||||
@auth_token = Fog::Mock.random_base64(64)
|
||||
@auth_token_expiration = (Time.now.utc + 86400).iso8601
|
||||
|
||||
@admin_tenant = self.data[:tenants].values.find do |u|
|
||||
u['name'] == 'admin'
|
||||
end
|
||||
|
||||
if @openstack_tenant
|
||||
@current_tenant = self.data[:tenants].values.find do |u|
|
||||
u['name'] == @openstack_tenant
|
||||
# Fog::Identity::OpenStack.new() will return a Fog::Identity::OpenStack::V2 or a Fog::Identity::OpenStack::V3,
|
||||
# depending on whether the auth URL is for an OpenStack Identity V2 or V3 API endpoint
|
||||
def self.new(args = {})
|
||||
if self.inspect == 'Fog::Identity::OpenStack'
|
||||
if args[:openstack_auth_url]
|
||||
@openstack_auth_uri = URI.parse(args[:openstack_auth_url])
|
||||
if @openstack_auth_uri.path =~ /\/v3/
|
||||
service = Fog::Identity::OpenStack::V3.new(args)
|
||||
end
|
||||
|
||||
unless @current_tenant
|
||||
@current_tenant_id = Fog::Mock.random_hex(32)
|
||||
@current_tenant = self.data[:tenants][@current_tenant_id] = {
|
||||
'id' => @current_tenant_id,
|
||||
'name' => @openstack_tenant
|
||||
}
|
||||
else
|
||||
@current_tenant_id = @current_tenant['id']
|
||||
end
|
||||
else
|
||||
@current_tenant = @admin_tenant
|
||||
end
|
||||
|
||||
@current_user = self.data[:users].values.find do |u|
|
||||
u['name'] == @openstack_username
|
||||
end
|
||||
@current_tenant_id = Fog::Mock.random_hex(32)
|
||||
|
||||
unless @current_user
|
||||
@current_user_id = Fog::Mock.random_hex(32)
|
||||
@current_user = self.data[:users][@current_user_id] = {
|
||||
'id' => @current_user_id,
|
||||
'name' => @openstack_username,
|
||||
'email' => "#{@openstack_username}@mock.com",
|
||||
'tenantId' => Fog::Mock.random_numbers(6).to_s,
|
||||
'enabled' => true
|
||||
}
|
||||
else
|
||||
@current_user_id = @current_user['id']
|
||||
end
|
||||
service ||= Fog::Identity::OpenStack::V2.new(args)
|
||||
else
|
||||
service = Fog::Service.new(args)
|
||||
end
|
||||
|
||||
def data
|
||||
self.class.data[@openstack_username]
|
||||
end
|
||||
|
||||
def reset_data
|
||||
self.class.data.delete(@openstack_username)
|
||||
end
|
||||
|
||||
def credentials
|
||||
{ :provider => 'openstack',
|
||||
:openstack_auth_url => @openstack_auth_uri.to_s,
|
||||
:openstack_auth_token => @auth_token,
|
||||
:openstack_management_url => @openstack_management_url,
|
||||
:openstack_current_user_id => @openstack_current_user_id,
|
||||
:current_user => @current_user,
|
||||
:current_tenant => @current_tenant}
|
||||
end
|
||||
service
|
||||
end
|
||||
|
||||
class Real
|
||||
attr_reader :current_user
|
||||
attr_reader :current_tenant
|
||||
attr_reader :unscoped_token
|
||||
|
||||
def initialize(options={})
|
||||
@openstack_auth_token = options[:openstack_auth_token]
|
||||
|
||||
unless @openstack_auth_token
|
||||
missing_credentials = Array.new
|
||||
@openstack_api_key = options[:openstack_api_key]
|
||||
@openstack_username = options[:openstack_username]
|
||||
@openstack_region = options[:openstack_region]
|
||||
|
||||
missing_credentials << :openstack_api_key unless @openstack_api_key
|
||||
missing_credentials << :openstack_username unless @openstack_username
|
||||
raise ArgumentError, "Missing required arguments: #{missing_credentials.join(', ')}" unless missing_credentials.empty?
|
||||
end
|
||||
|
||||
@openstack_tenant = options[:openstack_tenant]
|
||||
@openstack_auth_uri = URI.parse(options[:openstack_auth_url])
|
||||
@openstack_management_url = options[:openstack_management_url]
|
||||
@openstack_must_reauthenticate = false
|
||||
@openstack_service_type = options[:openstack_service_type] || ['identity']
|
||||
@openstack_service_name = options[:openstack_service_name]
|
||||
|
||||
@connection_options = options[:connection_options] || {}
|
||||
|
||||
@openstack_current_user_id = options[:openstack_current_user_id]
|
||||
|
||||
@openstack_endpoint_type = options[:openstack_endpoint_type] || 'adminURL'
|
||||
|
||||
@current_user = options[:current_user]
|
||||
@current_tenant = options[:current_tenant]
|
||||
|
||||
authenticate
|
||||
|
||||
@persistent = options[:persistent] || false
|
||||
@connection = Fog::Core::Connection.new("#{@scheme}://#{@host}:#{@port}", @persistent, @connection_options)
|
||||
end
|
||||
|
||||
def credentials
|
||||
{ :provider => 'openstack',
|
||||
:openstack_auth_url => @openstack_auth_uri.to_s,
|
||||
:openstack_auth_token => @auth_token,
|
||||
:openstack_management_url => @openstack_management_url,
|
||||
:openstack_current_user_id => @openstack_current_user_id,
|
||||
:current_user => @current_user,
|
||||
:current_tenant => @current_tenant }
|
||||
end
|
||||
|
||||
def reload
|
||||
@connection.reset
|
||||
end
|
||||
|
||||
def request(params)
|
||||
retried = false
|
||||
begin
|
||||
response = @connection.request(params.merge({
|
||||
:headers => {
|
||||
'Content-Type' => 'application/json',
|
||||
'Accept' => 'application/json',
|
||||
'X-Auth-Token' => @auth_token
|
||||
}.merge!(params[:headers] || {}),
|
||||
:path => "#{@path}/#{params[:path]}"#,
|
||||
}))
|
||||
rescue Excon::Errors::Unauthorized => error
|
||||
raise if retried
|
||||
retried = true
|
||||
|
||||
@openstack_must_reauthenticate = true
|
||||
authenticate
|
||||
retry
|
||||
rescue Excon::Errors::HTTPStatusError => error
|
||||
raise case error
|
||||
when Excon::Errors::NotFound
|
||||
Fog::Identity::OpenStack::NotFound.slurp(error)
|
||||
else
|
||||
error
|
||||
end
|
||||
end
|
||||
unless response.body.empty?
|
||||
response.body = Fog::JSON.decode(response.body)
|
||||
end
|
||||
response
|
||||
end
|
||||
|
||||
private
|
||||
module Common
|
||||
|
||||
def authenticate
|
||||
if !@openstack_management_url || @openstack_must_reauthenticate
|
||||
options = {
|
||||
:openstack_api_key => @openstack_api_key,
|
||||
:openstack_username => @openstack_username,
|
||||
:openstack_auth_token => @openstack_must_reauthenticate ? nil : @openstack_auth_token,
|
||||
:openstack_auth_uri => @openstack_auth_uri,
|
||||
:openstack_tenant => @openstack_tenant,
|
||||
:openstack_service_type => @openstack_service_type,
|
||||
:openstack_service_name => @openstack_service_name,
|
||||
:openstack_endpoint_type => @openstack_endpoint_type,
|
||||
:openstack_region => @openstack_region
|
||||
:openstack_api_key => @openstack_api_key,
|
||||
:openstack_username => @openstack_username,
|
||||
:openstack_auth_token => @openstack_must_reauthenticate ? nil : @openstack_auth_token,
|
||||
:openstack_auth_uri => @openstack_auth_uri,
|
||||
:openstack_tenant => @openstack_tenant,
|
||||
:openstack_service_type => @openstack_service_type,
|
||||
:openstack_service_name => @openstack_service_name,
|
||||
:openstack_endpoint_type => @openstack_endpoint_type,
|
||||
:openstack_region => @openstack_region
|
||||
}
|
||||
|
||||
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
|
||||
credentials = Fog::OpenStack.authenticate(options, @connection_options)
|
||||
|
||||
@current_user = credentials[:user]
|
||||
@current_tenant = credentials[:tenant]
|
||||
|
@ -281,14 +53,17 @@ module Fog
|
|||
uri = URI.parse(@openstack_management_url)
|
||||
end
|
||||
|
||||
@host = uri.host
|
||||
@path = uri.path
|
||||
@host = uri.host
|
||||
@path = uri.path
|
||||
@path.sub!(/\/$/, '')
|
||||
@port = uri.port
|
||||
@port = uri.port
|
||||
@scheme = uri.scheme
|
||||
true
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,264 @@
|
|||
require 'fog/openstack/core'
|
||||
require 'fog/openstack/identity'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2 < Fog::Service
|
||||
|
||||
requires :openstack_auth_url
|
||||
recognizes :openstack_auth_token, :openstack_management_url, :persistent,
|
||||
:openstack_service_type, :openstack_service_name, :openstack_tenant,
|
||||
:openstack_api_key, :openstack_username, :openstack_current_user_id,
|
||||
:current_user, :current_tenant,
|
||||
:openstack_endpoint_type, :openstack_region
|
||||
|
||||
model_path 'fog/openstack/models/identity_v2'
|
||||
model :tenant
|
||||
collection :tenants
|
||||
model :user
|
||||
collection :users
|
||||
model :role
|
||||
collection :roles
|
||||
model :ec2_credential
|
||||
collection :ec2_credentials
|
||||
|
||||
request_path 'fog/openstack/requests/identity_v2'
|
||||
|
||||
request :check_token
|
||||
request :validate_token
|
||||
|
||||
request :list_tenants
|
||||
request :create_tenant
|
||||
request :get_tenant
|
||||
request :get_tenants_by_id
|
||||
request :get_tenants_by_name
|
||||
request :update_tenant
|
||||
request :delete_tenant
|
||||
|
||||
request :list_users
|
||||
request :create_user
|
||||
request :update_user
|
||||
request :delete_user
|
||||
request :get_user_by_id
|
||||
request :get_user_by_name
|
||||
request :add_user_to_tenant
|
||||
request :remove_user_from_tenant
|
||||
|
||||
request :list_endpoints_for_token
|
||||
request :list_roles_for_user_on_tenant
|
||||
request :list_user_global_roles
|
||||
|
||||
request :create_role
|
||||
request :delete_role
|
||||
request :delete_user_role
|
||||
request :create_user_role
|
||||
request :get_role
|
||||
request :list_roles
|
||||
|
||||
request :set_tenant
|
||||
|
||||
request :create_ec2_credential
|
||||
request :delete_ec2_credential
|
||||
request :get_ec2_credential
|
||||
request :list_ec2_credentials
|
||||
|
||||
class Mock
|
||||
attr_reader :auth_token
|
||||
attr_reader :auth_token_expiration
|
||||
attr_reader :current_user
|
||||
attr_reader :current_tenant
|
||||
attr_reader :unscoped_token
|
||||
|
||||
def self.data
|
||||
@users ||= {}
|
||||
@roles ||= {}
|
||||
@tenants ||= {}
|
||||
@ec2_credentials ||= Hash.new { |hash, key| hash[key] = {} }
|
||||
@user_tenant_membership ||= {}
|
||||
|
||||
@data ||= Hash.new do |hash, key|
|
||||
hash[key] = {
|
||||
:users => @users,
|
||||
:roles => @roles,
|
||||
:tenants => @tenants,
|
||||
:ec2_credentials => @ec2_credentials,
|
||||
:user_tenant_membership => @user_tenant_membership
|
||||
}
|
||||
end
|
||||
end
|
||||
|
||||
def self.reset!
|
||||
@data = nil
|
||||
@users = nil
|
||||
@roles = nil
|
||||
@tenants = nil
|
||||
@ec2_credentials = nil
|
||||
end
|
||||
|
||||
def initialize(options={})
|
||||
@openstack_username = options[:openstack_username] || 'admin'
|
||||
@openstack_tenant = options[:openstack_tenant] || 'admin'
|
||||
@openstack_auth_uri = URI.parse(options[:openstack_auth_url])
|
||||
@openstack_management_url = @openstack_auth_uri.to_s
|
||||
|
||||
@auth_token = Fog::Mock.random_base64(64)
|
||||
@auth_token_expiration = (Time.now.utc + 86400).iso8601
|
||||
|
||||
@admin_tenant = self.data[:tenants].values.find do |u|
|
||||
u['name'] == 'admin'
|
||||
end
|
||||
|
||||
if @openstack_tenant
|
||||
@current_tenant = self.data[:tenants].values.find do |u|
|
||||
u['name'] == @openstack_tenant
|
||||
end
|
||||
|
||||
unless @current_tenant
|
||||
@current_tenant_id = Fog::Mock.random_hex(32)
|
||||
@current_tenant = self.data[:tenants][@current_tenant_id] = {
|
||||
'id' => @current_tenant_id,
|
||||
'name' => @openstack_tenant
|
||||
}
|
||||
else
|
||||
@current_tenant_id = @current_tenant['id']
|
||||
end
|
||||
else
|
||||
@current_tenant = @admin_tenant
|
||||
end
|
||||
|
||||
@current_user = self.data[:users].values.find do |u|
|
||||
u['name'] == @openstack_username
|
||||
end
|
||||
@current_tenant_id = Fog::Mock.random_hex(32)
|
||||
|
||||
unless @current_user
|
||||
@current_user_id = Fog::Mock.random_hex(32)
|
||||
@current_user = self.data[:users][@current_user_id] = {
|
||||
'id' => @current_user_id,
|
||||
'name' => @openstack_username,
|
||||
'email' => "#{@openstack_username}@mock.com",
|
||||
'tenantId' => Fog::Mock.random_numbers(6).to_s,
|
||||
'enabled' => true
|
||||
}
|
||||
else
|
||||
@current_user_id = @current_user['id']
|
||||
end
|
||||
end
|
||||
|
||||
def data
|
||||
self.class.data[@openstack_username]
|
||||
end
|
||||
|
||||
def reset_data
|
||||
self.class.data.delete(@openstack_username)
|
||||
end
|
||||
|
||||
def credentials
|
||||
{:provider => 'openstack',
|
||||
:openstack_auth_url => @openstack_auth_uri.to_s,
|
||||
:openstack_auth_token => @auth_token,
|
||||
:openstack_management_url => @openstack_management_url,
|
||||
:openstack_current_user_id => @openstack_current_user_id,
|
||||
:current_user => @current_user,
|
||||
:current_tenant => @current_tenant}
|
||||
end
|
||||
end
|
||||
|
||||
class Real
|
||||
attr_reader :current_user
|
||||
attr_reader :current_tenant
|
||||
attr_reader :unscoped_token
|
||||
|
||||
include Fog::Identity::OpenStack::Common
|
||||
|
||||
def initialize(options={})
|
||||
@openstack_auth_token = options[:openstack_auth_token]
|
||||
|
||||
unless @openstack_auth_token
|
||||
missing_credentials = Array.new
|
||||
@openstack_api_key = options[:openstack_api_key]
|
||||
@openstack_username = options[:openstack_username]
|
||||
@openstack_region = options[:openstack_region]
|
||||
|
||||
missing_credentials << :openstack_api_key unless @openstack_api_key
|
||||
missing_credentials << :openstack_username unless @openstack_username
|
||||
raise ArgumentError, "Missing required arguments: #{missing_credentials.join(', ')}" unless missing_credentials.empty?
|
||||
end
|
||||
|
||||
@openstack_tenant = options[:openstack_tenant]
|
||||
@openstack_auth_uri = URI.parse(options[:openstack_auth_url])
|
||||
@openstack_management_url = options[:openstack_management_url]
|
||||
@openstack_must_reauthenticate = false
|
||||
@openstack_service_type = options[:openstack_service_type] || ['identity']
|
||||
@openstack_service_name = options[:openstack_service_name]
|
||||
|
||||
@connection_options = options[:connection_options] || {}
|
||||
|
||||
@openstack_current_user_id = options[:openstack_current_user_id]
|
||||
|
||||
@openstack_endpoint_type = options[:openstack_endpoint_type] || 'adminURL'
|
||||
|
||||
@current_user = options[:current_user]
|
||||
@current_tenant = options[:current_tenant]
|
||||
|
||||
authenticate
|
||||
|
||||
@persistent = options[:persistent] || false
|
||||
@connection = Fog::Core::Connection.new("#{@scheme}://#{@host}:#{@port}", @persistent, @connection_options)
|
||||
end
|
||||
|
||||
def credentials
|
||||
{:provider => 'openstack',
|
||||
:openstack_auth_url => @openstack_auth_uri.to_s,
|
||||
:openstack_auth_token => @auth_token,
|
||||
:openstack_management_url => @openstack_management_url,
|
||||
:openstack_current_user_id => @openstack_current_user_id,
|
||||
:current_user => @current_user,
|
||||
:current_tenant => @current_tenant}
|
||||
end
|
||||
|
||||
def reload
|
||||
@connection.reset
|
||||
end
|
||||
|
||||
def request(params)
|
||||
retried = false
|
||||
begin
|
||||
response = @connection.request(params.merge({
|
||||
:headers => {
|
||||
'Content-Type' => 'application/json',
|
||||
'Accept' => 'application/json',
|
||||
'X-Auth-Token' => @auth_token
|
||||
}.merge!(params[:headers] || {}),
|
||||
:path => "#{@path}/#{params[:path]}" #,
|
||||
}))
|
||||
rescue Excon::Errors::Unauthorized => error
|
||||
raise if retried
|
||||
retried = true
|
||||
|
||||
@openstack_must_reauthenticate = true
|
||||
authenticate
|
||||
retry
|
||||
rescue Excon::Errors::HTTPStatusError => error
|
||||
raise case error
|
||||
when Excon::Errors::NotFound
|
||||
Fog::Identity::OpenStack::NotFound.slurp(error)
|
||||
else
|
||||
error
|
||||
end
|
||||
end
|
||||
unless response.body.empty?
|
||||
response.body = Fog::JSON.decode(response.body)
|
||||
end
|
||||
response
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,249 @@
|
|||
require 'fog/openstack/core'
|
||||
require 'fog/openstack/identity'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3 < Fog::Service
|
||||
|
||||
requires :openstack_auth_url
|
||||
recognizes :openstack_auth_token, :openstack_management_url, :persistent,
|
||||
:openstack_service_type, :openstack_service_name, :openstack_tenant,
|
||||
:openstack_project_name, :openstack_domain_name, :openstack_userid,
|
||||
:openstack_api_key, :openstack_username, :openstack_current_user_id,
|
||||
:current_user, :current_tenant,
|
||||
:openstack_endpoint_type, :openstack_region, :openstack_domain_id,
|
||||
:openstack_domain, :openstack_project, :provider
|
||||
|
||||
model_path 'fog/openstack/models/identity_v3'
|
||||
model :domain
|
||||
collection :domains
|
||||
model :endpoint
|
||||
collection :endpoints
|
||||
model :project
|
||||
collection :projects
|
||||
model :service
|
||||
collection :services
|
||||
model :token
|
||||
collection :tokens
|
||||
model :user
|
||||
collection :users
|
||||
model :group
|
||||
collection :groups
|
||||
model :role
|
||||
collection :roles
|
||||
model :role_assignment
|
||||
collection :role_assignments
|
||||
model :os_credential
|
||||
collection :os_credentials
|
||||
model :policy
|
||||
collection :policies
|
||||
|
||||
request_path 'fog/openstack/requests/identity_v3'
|
||||
|
||||
|
||||
request :list_users
|
||||
request :get_user
|
||||
request :create_user
|
||||
request :update_user
|
||||
request :delete_user
|
||||
request :list_user_groups
|
||||
request :list_user_projects
|
||||
request :list_groups
|
||||
request :get_group
|
||||
request :create_group
|
||||
request :update_group
|
||||
request :delete_group
|
||||
request :add_user_to_group
|
||||
request :remove_user_from_group
|
||||
request :group_user_check
|
||||
request :list_group_users
|
||||
request :list_roles
|
||||
request :list_role_assignments
|
||||
request :get_role
|
||||
request :create_role
|
||||
request :update_role
|
||||
request :delete_role
|
||||
request :auth_domains
|
||||
request :auth_projects
|
||||
request :list_domains
|
||||
request :get_domain
|
||||
request :create_domain
|
||||
request :update_domain
|
||||
request :delete_domain
|
||||
request :list_domain_user_roles
|
||||
request :grant_domain_user_role
|
||||
request :check_domain_user_role
|
||||
request :revoke_domain_user_role
|
||||
request :list_domain_group_roles
|
||||
request :grant_domain_group_role
|
||||
request :check_domain_group_role
|
||||
request :revoke_domain_group_role
|
||||
request :list_endpoints
|
||||
request :get_endpoint
|
||||
request :create_endpoint
|
||||
request :update_endpoint
|
||||
request :delete_endpoint
|
||||
request :list_projects
|
||||
request :get_project
|
||||
request :create_project
|
||||
request :update_project
|
||||
request :delete_project
|
||||
request :list_project_user_roles
|
||||
request :grant_project_user_role
|
||||
request :check_project_user_role
|
||||
request :revoke_project_user_role
|
||||
request :list_project_group_roles
|
||||
request :grant_project_group_role
|
||||
request :check_project_group_role
|
||||
request :revoke_project_group_role
|
||||
request :list_services
|
||||
request :get_service
|
||||
request :create_service
|
||||
request :update_service
|
||||
request :delete_service
|
||||
request :token_authenticate
|
||||
request :token_validate
|
||||
request :token_check
|
||||
request :token_revoke
|
||||
request :list_os_credentials
|
||||
request :get_os_credential
|
||||
request :create_os_credential
|
||||
request :update_os_credential
|
||||
request :delete_os_credential
|
||||
request :list_policies
|
||||
request :get_policy
|
||||
request :create_policy
|
||||
request :update_policy
|
||||
request :delete_policy
|
||||
|
||||
class Mock
|
||||
def initialize(options={})
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
def self.get_api_version uri, connection_options={}
|
||||
connection = Fog::Core::Connection.new(uri, false, connection_options)
|
||||
response = connection.request({
|
||||
:expects => [200],
|
||||
:headers => {'Content-Type' => 'application/json',
|
||||
'Accept' => 'application/json'},
|
||||
:method => 'GET'
|
||||
})
|
||||
|
||||
body = Fog::JSON.decode(response.body)
|
||||
version = nil
|
||||
unless body['version'].empty?
|
||||
version = body['version']['id']
|
||||
end
|
||||
if version.nil?
|
||||
raise Fog::OpenStack::Errors::ServiceUnavailable.new(
|
||||
"No version available at #{uri}")
|
||||
end
|
||||
|
||||
version
|
||||
end
|
||||
|
||||
class Real
|
||||
attr_reader :current_user
|
||||
attr_reader :current_tenant
|
||||
attr_reader :unscoped_token
|
||||
attr_reader :auth_token
|
||||
|
||||
include Fog::Identity::OpenStack::Common
|
||||
|
||||
def initialize(options={})
|
||||
@openstack_auth_token = options[:openstack_auth_token]
|
||||
|
||||
@openstack_region = options[:openstack_region]
|
||||
|
||||
unless @openstack_auth_token
|
||||
missing_credentials = Array.new
|
||||
@openstack_api_key = options[:openstack_api_key]
|
||||
@openstack_username = options[:openstack_username]
|
||||
@openstack_userid = options[:openstack_userid]
|
||||
|
||||
missing_credentials << :openstack_api_key unless @openstack_api_key
|
||||
unless @openstack_username || @openstack_userid
|
||||
missing_credentials << 'openstack_username or openstack_userid'
|
||||
end
|
||||
raise ArgumentError, "Missing required arguments: #{missing_credentials.join(', ')}" unless missing_credentials.empty?
|
||||
end
|
||||
|
||||
|
||||
@openstack_tenant = options[:openstack_tenant]
|
||||
@openstack_auth_uri = URI.parse(options[:openstack_auth_url])
|
||||
@openstack_management_url = options[:openstack_management_url]
|
||||
@openstack_must_reauthenticate = false
|
||||
@openstack_service_type = options[:openstack_service_type] || ['identity_v3','identityv3','identity']
|
||||
@openstack_service_name = options[:openstack_service_name]
|
||||
|
||||
@connection_options = options[:connection_options] || {}
|
||||
|
||||
@openstack_current_user_id = options[:openstack_current_user_id]
|
||||
|
||||
@openstack_endpoint_type = options[:openstack_endpoint_type] || 'adminURL'
|
||||
|
||||
@current_user = options[:current_user]
|
||||
@current_tenant = options[:current_tenant]
|
||||
|
||||
authenticate
|
||||
|
||||
@persistent = options[:persistent] || false
|
||||
@connection = Fog::Core::Connection.new("#{@scheme}://#{@host}:#{@port}", @persistent, @connection_options)
|
||||
end
|
||||
|
||||
def credentials
|
||||
{:provider => 'openstack',
|
||||
:openstack_auth_url => @openstack_auth_uri.to_s,
|
||||
:openstack_auth_token => @auth_token,
|
||||
:openstack_management_url => @openstack_management_url,
|
||||
:openstack_current_user_id => @openstack_current_user_id,
|
||||
:current_user => @current_user,
|
||||
:current_tenant => @current_tenant}
|
||||
end
|
||||
|
||||
def reload
|
||||
@connection.reset
|
||||
end
|
||||
|
||||
def request(params)
|
||||
retried = false
|
||||
begin
|
||||
response = @connection.request(params.merge({
|
||||
:headers => {
|
||||
'Content-Type' => 'application/json',
|
||||
'Accept' => 'application/json',
|
||||
'X-Auth-Token' => @auth_token
|
||||
}.merge!(params[:headers] || {}),
|
||||
:path => "#{@path}/#{params[:path]}" #,
|
||||
}))
|
||||
rescue Excon::Errors::Unauthorized => error
|
||||
raise if retried
|
||||
retried = true
|
||||
|
||||
@openstack_must_reauthenticate = true
|
||||
authenticate
|
||||
retry
|
||||
rescue Excon::Errors::HTTPStatusError => error
|
||||
raise case error
|
||||
when Excon::Errors::NotFound
|
||||
Fog::Identity::OpenStack::NotFound.slurp(error)
|
||||
else
|
||||
error
|
||||
end
|
||||
end
|
||||
unless response.body.empty?
|
||||
response.body = Fog::JSON.decode(response.body)
|
||||
end
|
||||
response
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -185,7 +185,7 @@ module Fog
|
|||
:openstack_endpoint_type => @openstack_endpoint_type
|
||||
}
|
||||
|
||||
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
|
||||
credentials = Fog::OpenStack.authenticate(options, @connection_options)
|
||||
|
||||
@current_user = credentials[:user]
|
||||
@current_tenant = credentials[:tenant]
|
||||
|
|
|
@ -178,7 +178,7 @@ module Fog
|
|||
:openstack_endpoint_type => @openstack_endpoint_type
|
||||
}
|
||||
|
||||
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
|
||||
credentials = Fog::OpenStack.authenticate(options, @connection_options)
|
||||
|
||||
@current_user = credentials[:user]
|
||||
@current_tenant = credentials[:tenant]
|
||||
|
|
|
@ -1,44 +0,0 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Ec2Credential < Fog::Model
|
||||
identity :access, :aliases => 'access_key'
|
||||
|
||||
attribute :secret, :aliases => 'secret_key'
|
||||
attribute :tenant_id
|
||||
attribute :user_id
|
||||
|
||||
def initialize(attributes)
|
||||
# Old 'connection' is renamed as service and should be used instead
|
||||
prepare_service_value(attributes)
|
||||
super
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :access
|
||||
requires :user_id
|
||||
service.delete_ec2_credential user_id, access
|
||||
true
|
||||
end
|
||||
|
||||
def save
|
||||
raise Fog::Errors::Error, 'Existing credentials cannot be altered' if
|
||||
access
|
||||
|
||||
self.user_id ||= user.id
|
||||
self.tenant_id ||= user.tenant_id
|
||||
|
||||
requires :user_id, :tenant_id
|
||||
|
||||
data = service.create_ec2_credential user_id, tenant_id
|
||||
|
||||
merge_attributes(data.body['credential'])
|
||||
|
||||
true
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,53 +0,0 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity/ec2_credential'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Ec2Credentials < Fog::Collection
|
||||
model Fog::Identity::OpenStack::Ec2Credential
|
||||
|
||||
attribute :user
|
||||
|
||||
def all
|
||||
user_id = user ? user.id : nil
|
||||
|
||||
ec2_credentials = service.list_ec2_credentials(user_id)
|
||||
|
||||
load(ec2_credentials.body['credentials'])
|
||||
end
|
||||
|
||||
def create(attributes = {})
|
||||
if user then
|
||||
attributes[:user_id] ||= user.id
|
||||
attributes[:tenant_id] ||= user.tenant_id
|
||||
end
|
||||
|
||||
super attributes
|
||||
end
|
||||
|
||||
def destroy(access_key)
|
||||
ec2_credential = self.find_by_access_key(access_key)
|
||||
ec2_credential.destroy
|
||||
end
|
||||
|
||||
def find_by_access_key(access_key)
|
||||
user_id = user ? user.id : nil
|
||||
|
||||
ec2_credential =
|
||||
self.find { |ec2_credential| ec2_credential.access == access_key }
|
||||
|
||||
unless ec2_credential then
|
||||
response = service.get_ec2_credential(user_id, access_key)
|
||||
body = response.body['credential']
|
||||
body = body.merge 'service' => service
|
||||
|
||||
ec2_credential = Fog::Identity::OpenStack::EC2Credential.new(body)
|
||||
end
|
||||
|
||||
ec2_credential
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,50 +0,0 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Role < Fog::Model
|
||||
identity :id
|
||||
attribute :name
|
||||
|
||||
def save
|
||||
requires :name
|
||||
data = service.create_role(name)
|
||||
merge_attributes(data.body['role'])
|
||||
true
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_role(id)
|
||||
true
|
||||
end
|
||||
|
||||
def add_to_user(user, tenant)
|
||||
add_remove_to_user(user, tenant, :add)
|
||||
end
|
||||
|
||||
def remove_to_user(user, tenant)
|
||||
add_remove_to_user(user, tenant, :remove)
|
||||
end
|
||||
|
||||
private
|
||||
def add_remove_to_user(user, tenant, ops)
|
||||
requires :id
|
||||
user_id = get_id(user)
|
||||
tenant_id = get_id(tenant)
|
||||
case ops
|
||||
when :add
|
||||
service.create_user_role(tenant_id, user_id, id).status == 200
|
||||
when :remove
|
||||
service.delete_user_role(tenant_id, user_id, id).status == 204
|
||||
end
|
||||
end
|
||||
|
||||
def get_id(_)
|
||||
_.is_a?(String) ? _ : _.id
|
||||
end
|
||||
end # class Role
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,20 +0,0 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity/role'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Roles < Fog::Collection
|
||||
model Fog::Identity::OpenStack::Role
|
||||
|
||||
def all
|
||||
load(service.list_roles.body['roles'])
|
||||
end
|
||||
|
||||
def get(id)
|
||||
service.get_role(id)
|
||||
end
|
||||
end
|
||||
end # class OpenStack
|
||||
end # module Compute
|
||||
end # module Fog
|
|
@ -1,62 +0,0 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Tenant < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :description
|
||||
attribute :enabled
|
||||
attribute :name
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def roles_for(user)
|
||||
service.roles(
|
||||
:tenant => self,
|
||||
:user => user)
|
||||
end
|
||||
|
||||
def users
|
||||
requires :id
|
||||
service.users(:tenant_id => self.id)
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_tenant(self.id)
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_tenant(self.id, attr || attributes).body['tenant'])
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :name
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_tenant(attributes).body['tenant'])
|
||||
self
|
||||
end
|
||||
|
||||
def grant_user_role(user_id, role_id)
|
||||
service.add_user_to_tenant(self.id, user_id, role_id)
|
||||
end
|
||||
|
||||
def revoke_user_role(user_id, role_id)
|
||||
service.remove_user_from_tenant(self.id, user_id, role_id)
|
||||
end
|
||||
end # class Tenant
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,29 +0,0 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity/tenant'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Tenants < Fog::Collection
|
||||
model Fog::Identity::OpenStack::Tenant
|
||||
|
||||
def all
|
||||
load(service.list_tenants.body['tenants'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
cached_tenant = self.find {|tenant| tenant.id == id}
|
||||
return cached_tenant if cached_tenant
|
||||
tenant_hash = service.get_tenant(id).body['tenant']
|
||||
Fog::Identity::OpenStack::Tenant.new(
|
||||
tenant_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
tenant = self.find_by_id(id)
|
||||
tenant.destroy
|
||||
end
|
||||
end # class Tenants
|
||||
end # class OpenStack
|
||||
end # module Compute
|
||||
end # module Fog
|
|
@ -1,69 +0,0 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class User < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :email
|
||||
attribute :enabled
|
||||
attribute :name
|
||||
attribute :tenant_id, :aliases => 'tenantId'
|
||||
attribute :password
|
||||
|
||||
attr_accessor :email, :name, :tenant_id, :enabled, :password
|
||||
|
||||
def initialize(attributes)
|
||||
# Old 'connection' is renamed as service and should be used instead
|
||||
prepare_service_value(attributes)
|
||||
super
|
||||
end
|
||||
|
||||
def ec2_credentials
|
||||
requires :id
|
||||
service.ec2_credentials(:user => self)
|
||||
end
|
||||
|
||||
def save
|
||||
raise Fog::Errors::Error.new('Resaving an existing object may create a duplicate') if persisted?
|
||||
requires :name, :tenant_id, :password
|
||||
enabled = true if enabled.nil?
|
||||
data = service.create_user(name, password, email, tenant_id, enabled)
|
||||
merge_attributes(data.body['user'])
|
||||
true
|
||||
end
|
||||
|
||||
def update(options = {})
|
||||
requires :id
|
||||
options.merge('id' => id)
|
||||
response = service.update_user(id, options)
|
||||
true
|
||||
end
|
||||
|
||||
def update_password(password)
|
||||
update({'password' => password, 'url' => "/users/#{id}/OS-KSADM/password"})
|
||||
end
|
||||
|
||||
def update_tenant(tenant)
|
||||
tenant = tenant.id if tenant.class != String
|
||||
update({:tenantId => tenant, 'url' => "/users/#{id}/OS-KSADM/tenant"})
|
||||
end
|
||||
|
||||
def update_enabled(enabled)
|
||||
update({:enabled => enabled, 'url' => "/users/#{id}/OS-KSADM/enabled"})
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_user(id)
|
||||
true
|
||||
end
|
||||
|
||||
def roles(tenant_id = self.tenant_id)
|
||||
service.list_roles_for_user_on_tenant(tenant_id, self.id).body['roles']
|
||||
end
|
||||
end # class User
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,41 +0,0 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity/user'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Users < Fog::Collection
|
||||
model Fog::Identity::OpenStack::User
|
||||
|
||||
attribute :tenant_id
|
||||
|
||||
def all
|
||||
load(service.list_users(tenant_id).body['users'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
self.find {|user| user.id == id} ||
|
||||
Fog::Identity::OpenStack::User.new(
|
||||
service.get_user_by_id(id).body['user'].merge(
|
||||
'service' => service
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def find_by_name(name)
|
||||
self.find {|user| user.name == name} ||
|
||||
Fog::Identity::OpenStack::User.new(
|
||||
service.get_user_by_name(name).body['user'].merge(
|
||||
'service' => service
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
user = self.find_by_id(id)
|
||||
user.destroy
|
||||
end
|
||||
end # class Users
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -0,0 +1,45 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Ec2Credential < Fog::Model
|
||||
identity :access, :aliases => 'access_key'
|
||||
|
||||
attribute :secret, :aliases => 'secret_key'
|
||||
attribute :tenant_id
|
||||
attribute :user_id
|
||||
|
||||
def initialize(attributes)
|
||||
# Old 'connection' is renamed as service and should be used instead
|
||||
prepare_service_value(attributes)
|
||||
super
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :access
|
||||
requires :user_id
|
||||
service.delete_ec2_credential user_id, access
|
||||
true
|
||||
end
|
||||
|
||||
def save
|
||||
raise Fog::Errors::Error, 'Existing credentials cannot be altered' if access
|
||||
|
||||
self.user_id ||= user.id
|
||||
self.tenant_id ||= user.tenant_id
|
||||
|
||||
requires :user_id, :tenant_id
|
||||
|
||||
data = service.create_ec2_credential user_id, tenant_id
|
||||
|
||||
merge_attributes(data.body['credential'])
|
||||
|
||||
true
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,55 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v2/ec2_credential'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Ec2Credentials < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V2::Ec2Credential
|
||||
|
||||
attribute :user
|
||||
|
||||
def all
|
||||
user_id = user ? user.id : nil
|
||||
|
||||
ec2_credentials = service.list_ec2_credentials(user_id)
|
||||
|
||||
load(ec2_credentials.body['credentials'])
|
||||
end
|
||||
|
||||
def create(attributes = {})
|
||||
if user then
|
||||
attributes[:user_id] ||= user.id
|
||||
attributes[:tenant_id] ||= user.tenant_id
|
||||
end
|
||||
|
||||
super attributes
|
||||
end
|
||||
|
||||
def destroy(access_key)
|
||||
ec2_credential = self.find_by_access_key(access_key)
|
||||
ec2_credential.destroy
|
||||
end
|
||||
|
||||
def find_by_access_key(access_key)
|
||||
user_id = user ? user.id : nil
|
||||
|
||||
ec2_credential =
|
||||
self.find { |ec2_credential| ec2_credential.access == access_key }
|
||||
|
||||
unless ec2_credential then
|
||||
response = service.get_ec2_credential(user_id, access_key)
|
||||
body = response.body['credential']
|
||||
body = body.merge 'service' => service
|
||||
|
||||
ec2_credential = Fog::Identity::OpenStack::V2::EC2Credential.new(body)
|
||||
end
|
||||
|
||||
ec2_credential
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,52 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Role < Fog::Model
|
||||
identity :id
|
||||
attribute :name
|
||||
|
||||
def save
|
||||
requires :name
|
||||
data = service.create_role(name)
|
||||
merge_attributes(data.body['role'])
|
||||
true
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_role(id)
|
||||
true
|
||||
end
|
||||
|
||||
def add_to_user(user, tenant)
|
||||
add_remove_to_user(user, tenant, :add)
|
||||
end
|
||||
|
||||
def remove_to_user(user, tenant)
|
||||
add_remove_to_user(user, tenant, :remove)
|
||||
end
|
||||
|
||||
private
|
||||
def add_remove_to_user(user, tenant, ops)
|
||||
requires :id
|
||||
user_id = get_id(user)
|
||||
tenant_id = get_id(tenant)
|
||||
case ops
|
||||
when :add
|
||||
service.create_user_role(tenant_id, user_id, id).status == 200
|
||||
when :remove
|
||||
service.delete_user_role(tenant_id, user_id, id).status == 204
|
||||
end
|
||||
end
|
||||
|
||||
def get_id(_)
|
||||
_.is_a?(String) ? _ : _.id
|
||||
end
|
||||
end # class Role
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -0,0 +1,22 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v2/role'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Roles < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V2::Role
|
||||
|
||||
def all
|
||||
load(service.list_roles.body['roles'])
|
||||
end
|
||||
|
||||
def get(id)
|
||||
service.get_role(id)
|
||||
end
|
||||
end
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -0,0 +1,64 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Tenant < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :description
|
||||
attribute :enabled
|
||||
attribute :name
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def roles_for(user)
|
||||
service.roles(
|
||||
:tenant => self,
|
||||
:user => user)
|
||||
end
|
||||
|
||||
def users
|
||||
requires :id
|
||||
service.users(:tenant_id => self.id)
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_tenant(self.id)
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_tenant(self.id, attr || attributes).body['tenant'])
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :name
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_tenant(attributes).body['tenant'])
|
||||
self
|
||||
end
|
||||
|
||||
def grant_user_role(user_id, role_id)
|
||||
service.add_user_to_tenant(self.id, user_id, role_id)
|
||||
end
|
||||
|
||||
def revoke_user_role(user_id, role_id)
|
||||
service.remove_user_from_tenant(self.id, user_id, role_id)
|
||||
end
|
||||
end # class Tenant
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -0,0 +1,31 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v2/tenant'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Tenants < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V2::Tenant
|
||||
|
||||
def all
|
||||
load(service.list_tenants.body['tenants'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
cached_tenant = self.find { |tenant| tenant.id == id }
|
||||
return cached_tenant if cached_tenant
|
||||
tenant_hash = service.get_tenant(id).body['tenant']
|
||||
Fog::Identity::OpenStack::V2::Tenant.new(
|
||||
tenant_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
tenant = self.find_by_id(id)
|
||||
tenant.destroy
|
||||
end
|
||||
end # class Tenants
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Compute
|
||||
end # module Fog
|
|
@ -0,0 +1,71 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class User < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :email
|
||||
attribute :enabled
|
||||
attribute :name
|
||||
attribute :tenant_id, :aliases => 'tenantId'
|
||||
attribute :password
|
||||
|
||||
attr_accessor :email, :name, :tenant_id, :enabled, :password
|
||||
|
||||
def initialize(attributes)
|
||||
# Old 'connection' is renamed as service and should be used instead
|
||||
prepare_service_value(attributes)
|
||||
super
|
||||
end
|
||||
|
||||
def ec2_credentials
|
||||
requires :id
|
||||
service.ec2_credentials(:user => self)
|
||||
end
|
||||
|
||||
def save
|
||||
raise Fog::Errors::Error.new('Resaving an existing object may create a duplicate') if persisted?
|
||||
requires :name, :tenant_id, :password
|
||||
enabled = true if enabled.nil?
|
||||
data = service.create_user(name, password, email, tenant_id, enabled)
|
||||
merge_attributes(data.body['user'])
|
||||
true
|
||||
end
|
||||
|
||||
def update(options = {})
|
||||
requires :id
|
||||
options.merge('id' => id)
|
||||
response = service.update_user(id, options)
|
||||
true
|
||||
end
|
||||
|
||||
def update_password(password)
|
||||
update({'password' => password, 'url' => "/users/#{id}/OS-KSADM/password"})
|
||||
end
|
||||
|
||||
def update_tenant(tenant)
|
||||
tenant = tenant.id if tenant.class != String
|
||||
update({:tenantId => tenant, 'url' => "/users/#{id}/OS-KSADM/tenant"})
|
||||
end
|
||||
|
||||
def update_enabled(enabled)
|
||||
update({:enabled => enabled, 'url' => "/users/#{id}/OS-KSADM/enabled"})
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_user(id)
|
||||
true
|
||||
end
|
||||
|
||||
def roles(tenant_id = self.tenant_id)
|
||||
service.list_roles_for_user_on_tenant(tenant_id, self.id).body['roles']
|
||||
end
|
||||
end # class User
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -0,0 +1,43 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v2/user'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Users < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V2::User
|
||||
|
||||
attribute :tenant_id
|
||||
|
||||
def all
|
||||
load(service.list_users(tenant_id).body['users'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
self.find { |user| user.id == id } ||
|
||||
Fog::Identity::OpenStack::V2::User.new(
|
||||
service.get_user_by_id(id).body['user'].merge(
|
||||
'service' => service
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def find_by_name(name)
|
||||
self.find { |user| user.name == name } ||
|
||||
Fog::Identity::OpenStack::V2::User.new(
|
||||
service.get_user_by_name(name).body['user'].merge(
|
||||
'service' => service
|
||||
)
|
||||
)
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
user = self.find_by_id(id)
|
||||
user.destroy
|
||||
end
|
||||
end # class Users
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -0,0 +1,47 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Domain < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :description
|
||||
attribute :enabled
|
||||
attribute :name
|
||||
attribute :links
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_domain(self.id)
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_domain(self.id, attr || attributes).body['domain'])
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :name
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_domain(attributes).body['domain'])
|
||||
self
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,36 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/domain'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Domains < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::Domain
|
||||
|
||||
def all params={}
|
||||
load(service.list_domains(params).body['domains'])
|
||||
end
|
||||
|
||||
def auth_domains params={}
|
||||
load(service.auth_domains(params).body['domains'])
|
||||
end
|
||||
|
||||
|
||||
def find_by_id(id)
|
||||
cached_domain = self.find { |domain| domain.id == id }
|
||||
return cached_domain if cached_domain
|
||||
domain_hash = service.get_domain(id).body['domain']
|
||||
Fog::Identity::OpenStack::V3::Domain.new(
|
||||
domain_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
domain = self.find_by_id(id)
|
||||
domain.destroy
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,50 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Endpoint < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :description
|
||||
attribute :interface
|
||||
attribute :service_id
|
||||
attribute :name
|
||||
attribute :region
|
||||
attribute :url
|
||||
attribute :links
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_endpoint(self.id)
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_endpoint(self.id, attr || attributes).body['endpoint'])
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :name
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_endpoint(attributes).body['endpoint'])
|
||||
self
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,27 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/service'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Endpoints < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::Endpoint
|
||||
|
||||
def all params = {}
|
||||
load(service.list_endpoints(params).body['endpoints'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
cached_endpoint = self.find { |endpoint| endpoint.id == id }
|
||||
return cached_endpoint if cached_endpoint
|
||||
endpoint_hash = service.get_endpoint(id).body['endpoint']
|
||||
Fog::Identity::OpenStack::V3::Endpoint.new(
|
||||
endpoint_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,96 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Group < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :description
|
||||
attribute :domain_id
|
||||
attribute :name
|
||||
attribute :links
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_group(self.id)
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_group(self.id, attr || attributes).body['group'])
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :name
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_group(attributes).body['group'])
|
||||
self
|
||||
end
|
||||
|
||||
def add_user user_id
|
||||
requires :id
|
||||
service.add_user_to_group(self.id, user_id)
|
||||
end
|
||||
|
||||
def remove_user user_id
|
||||
requires :id
|
||||
service.remove_user_from_group(self.id, user_id)
|
||||
end
|
||||
|
||||
def contains_user? user_id
|
||||
requires :id
|
||||
begin
|
||||
service.group_user_check(self.id, user_id)
|
||||
rescue Fog::Identity::OpenStack::NotFound
|
||||
return false
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
def roles
|
||||
requires :id, :domain_id
|
||||
service.list_domain_group_roles(self.domain_id, self.id).body['roles']
|
||||
end
|
||||
|
||||
def grant_role(role_id)
|
||||
requires :id, :domain_id
|
||||
service.grant_domain_group_role(self.domain_id, self.id, role_id)
|
||||
end
|
||||
|
||||
def check_role(role_id)
|
||||
requires :id, :domain_id
|
||||
begin
|
||||
service.check_domain_group_role(self.domain_id, self.id, role_id)
|
||||
rescue Fog::Identity::OpenStack::NotFound
|
||||
return false
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
def revoke_role(role_id)
|
||||
requires :id, :domain_id
|
||||
service.revoke_domain_group_role(self.domain_id, self.id, role_id)
|
||||
end
|
||||
|
||||
def users(attr = {})
|
||||
requires :id
|
||||
service.list_group_users(self.id, attr).body['users']
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,31 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/group'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Groups < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::Group
|
||||
|
||||
def all params={}
|
||||
load(service.list_groups(params).body['groups'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
cached_group = self.find { |group| group.id == id }
|
||||
return cached_group if cached_group
|
||||
group_hash = service.get_group(id).body['group']
|
||||
Fog::Identity::OpenStack::V3::group.new(
|
||||
group_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
group = self.find_by_id(id)
|
||||
group.destroy
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,73 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class OsCredential < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :project_id
|
||||
attribute :type
|
||||
attribute :blob
|
||||
attribute :user_id
|
||||
attribute :links
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_os_credential(self.id)
|
||||
@parsed_blob = nil
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_os_credential(self.id, attr || attributes).body['credential'])
|
||||
@parsed_blob = nil
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :blob, :type
|
||||
@parsed_blob = nil
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_os_credential(attributes).body['credential'])
|
||||
@parsed_blob = nil
|
||||
self
|
||||
end
|
||||
|
||||
def parsed_blob
|
||||
@parsed_blob = ::JSON.parse(blob) unless @parsed_blob
|
||||
@parsed_blob
|
||||
end
|
||||
|
||||
def name
|
||||
parsed_blob['name'] if blob
|
||||
end
|
||||
|
||||
def public_key
|
||||
parsed_blob['public_key'] if blob
|
||||
end
|
||||
|
||||
def fingerprint
|
||||
parsed_blob['fingerprint'] if blob
|
||||
end
|
||||
|
||||
def private_key
|
||||
parsed_blob['private_key'] if blob
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,31 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/os_credential'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class OsCredentials < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::OsCredential
|
||||
|
||||
def all params={}
|
||||
load(service.list_os_credentials(params).body['credentials'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
cached_credential = self.find { |credential| credential.id == id }
|
||||
return cached_credential if cached_credential
|
||||
credential_hash = service.get_os_credential(id).body['credential']
|
||||
Fog::Identity::OpenStack::V3::Credential.new(
|
||||
credential_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
credential = self.find_by_id(id)
|
||||
credential.destroy
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,31 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/policy'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Policies < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::Policy
|
||||
|
||||
def all params={}
|
||||
load(service.list_policies(params).body['policies'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
cached_policy = self.find { |policy| policy.id == id }
|
||||
return cached_policy if cached_policy
|
||||
policy_hash = service.get_policy(id).body['policy']
|
||||
Fog::Identity::OpenStack::V3::Policy.new(
|
||||
policy_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
policy = self.find_by_id(id)
|
||||
policy.destroy
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,46 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Policy < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :type
|
||||
attribute :blob
|
||||
attribute :links
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_policy(self.id)
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_policy(self.id, attr || attributes).body['policy'])
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :blob, :type
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_policy(attributes).body['policy'])
|
||||
self
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,98 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Project < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :domain_id
|
||||
attribute :description
|
||||
attribute :enabled
|
||||
attribute :name
|
||||
attribute :links
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_project(self.id)
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_project(self.id, attr || attributes).body['project'])
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :name
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_project(attributes).body['project'])
|
||||
self
|
||||
end
|
||||
|
||||
def user_roles(user_id)
|
||||
requires :id
|
||||
service.list_project_user_roles(self.id, user_id).body['roles']
|
||||
end
|
||||
|
||||
def grant_role_to_user(role_id, user_id)
|
||||
requires :id
|
||||
service.grant_project_user_role(self.id, user_id, role_id)
|
||||
end
|
||||
|
||||
def check_user_role(user_id, role_id)
|
||||
requires :id
|
||||
begin
|
||||
service.check_project_user_role(self.id, user_id, role_id)
|
||||
rescue Fog::Identity::OpenStack::NotFound
|
||||
return false
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
def revoke_role_from_user(role_id, user_id)
|
||||
requires :id
|
||||
service.revoke_project_user_role(self.id, user_id, role_id)
|
||||
end
|
||||
|
||||
def group_roles(group_id)
|
||||
requires :id
|
||||
service.list_project_group_roles(self.id, group_id).body['roles']
|
||||
end
|
||||
|
||||
def grant_role_to_group(role_id, group_id)
|
||||
requires :id
|
||||
service.grant_project_group_role(self.id, group_id, role_id)
|
||||
end
|
||||
|
||||
def check_group_role(group_id, role_id)
|
||||
requires :id
|
||||
begin
|
||||
service.check_project_group_role(self.id, group_id, role_id)
|
||||
rescue Fog::Identity::OpenStack::NotFound
|
||||
return false
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
def revoke_role_from_group(role_id, group_id)
|
||||
requires :id
|
||||
service.revoke_project_group_role(self.id, group_id, role_id)
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,31 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/project'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Projects < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::Project
|
||||
|
||||
def all params={}
|
||||
load(service.list_projects(params).body['projects'])
|
||||
end
|
||||
|
||||
def auth_projects params={}
|
||||
load(service.auth_projects(params).body['projects'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
cached_project = self.find { |project| project.id == id }
|
||||
return cached_project if cached_project
|
||||
project_hash = service.get_project(id).body['project']
|
||||
Fog::Identity::OpenStack::V3::Project.new(
|
||||
project_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,45 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Role < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :name
|
||||
attribute :links
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_role(self.id)
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_role(self.id, attr || attributes).body['role'])
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :name
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_role(attributes).body['role'])
|
||||
self
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,22 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class RoleAssignment < Fog::Model
|
||||
attribute :scope
|
||||
attribute :role
|
||||
attribute :user
|
||||
attribute :group
|
||||
attribute :links
|
||||
|
||||
def to_s
|
||||
self.links['assignment']
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,22 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/role'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class RoleAssignments < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::RoleAssignment
|
||||
|
||||
def all
|
||||
filter_by {}
|
||||
end
|
||||
|
||||
def filter_by params={}
|
||||
load(service.list_role_assignments(params).body['role_assignments'])
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,35 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/role'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Roles < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::Role
|
||||
|
||||
def all params={}
|
||||
load(service.list_roles(params).body['roles'])
|
||||
end
|
||||
|
||||
def assignments params={}
|
||||
load(service.list_role_assignments(params).body['role_assignments'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
cached_role = self.find { |role| role.id == id }
|
||||
return cached_role if cached_role
|
||||
role_hash = service.get_role(id).body['role']
|
||||
Fog::Identity::OpenStack::V3::role.new(
|
||||
role_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
role = self.find_by_id(id)
|
||||
role.destroy
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,47 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Service < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :description
|
||||
attribute :type
|
||||
attribute :name
|
||||
attribute :links
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_service(self.id)
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_service(self.id, attr || attributes).body['service'])
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :name
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_service(attributes).body['service'])
|
||||
self
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,31 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/service'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Services < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::Service
|
||||
|
||||
def all params={}
|
||||
load(service.list_services(params).body['services'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
cached_service = self.find { |service| service.id == id }
|
||||
return cached_service if cached_service
|
||||
service_hash = service.get_service(id).body['service']
|
||||
Fog::Identity::OpenStack::V3::Service.new(
|
||||
service_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
service = self.find_by_id(id)
|
||||
service.destroy
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,26 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Token < Fog::Model
|
||||
|
||||
attribute :value
|
||||
attribute :catalog
|
||||
attribute :expires_at
|
||||
attribute :issued_at
|
||||
attribute :methods
|
||||
attribute :project
|
||||
attribute :roles
|
||||
attribute :user
|
||||
|
||||
def to_s
|
||||
self.value
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,40 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/service'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Tokens < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::Token
|
||||
|
||||
|
||||
def authenticate(auth)
|
||||
response = service.token_authenticate(auth)
|
||||
token_hash = response.body['token']
|
||||
Fog::Identity::OpenStack::V3::Token.new(
|
||||
token_hash.merge(:service => service, :value => response.headers['X-Subject-Token']))
|
||||
end
|
||||
|
||||
def validate(subject_token)
|
||||
response = service.token_validate(subject_token)
|
||||
token_hash = response.body['token']
|
||||
Fog::Identity::OpenStack::V3::Token.new(
|
||||
token_hash.merge(:service => service, :value => response.headers['X-Subject-Token']))
|
||||
end
|
||||
|
||||
def check(subject_token)
|
||||
service.token_check(subject_token)
|
||||
return true
|
||||
end
|
||||
|
||||
def revoke(subject_token)
|
||||
service.token_revoke(subject_token)
|
||||
return true
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,87 @@
|
|||
require 'fog/core/model'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class User < Fog::Model
|
||||
identity :id
|
||||
|
||||
attribute :default_project_id
|
||||
attribute :description
|
||||
attribute :domain_id
|
||||
attribute :email
|
||||
attribute :enabled
|
||||
attribute :name
|
||||
attribute :links
|
||||
attribute :password
|
||||
|
||||
def to_s
|
||||
self.name
|
||||
end
|
||||
|
||||
def groups
|
||||
requires :id
|
||||
service.list_user_groups(self.id).body['groups']
|
||||
end
|
||||
|
||||
def projects
|
||||
requires :id
|
||||
service.list_user_projects(self.id).body['projects']
|
||||
end
|
||||
|
||||
def roles
|
||||
requires :id, :domain_id
|
||||
service.list_domain_user_roles(self.domain_id, self.id).body['roles']
|
||||
end
|
||||
|
||||
def grant_role(role_id)
|
||||
requires :id, :domain_id
|
||||
service.grant_domain_user_role(self.domain_id, self.id, role_id)
|
||||
end
|
||||
|
||||
def check_role(role_id)
|
||||
requires :id, :domain_id
|
||||
begin
|
||||
service.check_domain_user_role(self.domain_id, self.id, role_id)
|
||||
rescue Fog::Identity::OpenStack::NotFound
|
||||
return false
|
||||
end
|
||||
return true
|
||||
end
|
||||
|
||||
def revoke_role(role_id)
|
||||
requires :id, :domain_id
|
||||
service.revoke_domain_user_role(self.domain_id, self.id, role_id)
|
||||
end
|
||||
|
||||
def destroy
|
||||
requires :id
|
||||
service.delete_user(self.id)
|
||||
true
|
||||
end
|
||||
|
||||
def update(attr = nil)
|
||||
requires :id
|
||||
merge_attributes(
|
||||
service.update_user(self.id, attr || attributes).body['user'])
|
||||
self
|
||||
end
|
||||
|
||||
def save
|
||||
requires :name
|
||||
identity ? update : create
|
||||
end
|
||||
|
||||
def create
|
||||
merge_attributes(
|
||||
service.create_user(attributes).body['user'])
|
||||
self
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,35 @@
|
|||
require 'fog/core/collection'
|
||||
require 'fog/openstack/models/identity_v3/domain'
|
||||
|
||||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V3
|
||||
class Users < Fog::Collection
|
||||
model Fog::Identity::OpenStack::V3::User
|
||||
|
||||
def all params={}
|
||||
load(service.list_users(params).body['users'])
|
||||
end
|
||||
|
||||
def find_by_id(id)
|
||||
cached_user = self.find { |user| user.id == id }
|
||||
return cached_user if cached_user
|
||||
user_hash = service.get_user(id).body['user']
|
||||
Fog::Identity::OpenStack::V3::User.new(
|
||||
user_hash.merge(:service => service))
|
||||
end
|
||||
|
||||
def find_by_name(name)
|
||||
load(service.list_users(:name => name).body['users'])
|
||||
end
|
||||
|
||||
def destroy(id)
|
||||
user = self.find_by_id(id)
|
||||
user.destroy
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -337,15 +337,7 @@ module Fog
|
|||
:openstack_region => @openstack_region
|
||||
}
|
||||
|
||||
case @openstack_auth_uri.path
|
||||
when %r{/v2.0}
|
||||
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
|
||||
when %r{/v3}
|
||||
credentials = Fog::OpenStack.authenticate_v3(options, @connection_options)
|
||||
else
|
||||
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
|
||||
end
|
||||
|
||||
credentials = Fog::OpenStack.authenticate(options, @connection_options)
|
||||
|
||||
@current_user = credentials[:user]
|
||||
@current_tenant = credentials[:tenant]
|
||||
|
|
|
@ -232,12 +232,7 @@ module Fog
|
|||
:openstack_endpoint_type => @openstack_endpoint_type
|
||||
}
|
||||
|
||||
if @openstack_auth_uri.path =~ /\/v2.0\//
|
||||
|
||||
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
|
||||
else
|
||||
credentials = Fog::OpenStack.authenticate_v1(options, @connection_options)
|
||||
end
|
||||
credentials = Fog::OpenStack.authenticate(options, @connection_options)
|
||||
|
||||
@current_user = credentials[:user]
|
||||
@current_tenant = credentials[:tenant]
|
||||
|
|
|
@ -185,7 +185,7 @@ module Fog
|
|||
:openstack_endpoint_type => @openstack_endpoint_type
|
||||
}
|
||||
|
||||
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
|
||||
credentials = Fog::OpenStack.authenticate(options, @connection_options)
|
||||
|
||||
@current_user = credentials[:user]
|
||||
@current_tenant = credentials[:tenant]
|
||||
|
|
|
@ -22,7 +22,7 @@ module Fog
|
|||
class Mock
|
||||
def create_security_group(name, description)
|
||||
Fog::Identity::OpenStack.new(:openstack_auth_url => credentials[:openstack_auth_url])
|
||||
tenant_id = Fog::Identity::OpenStack::Mock.data[current_tenant][:tenants].keys.first
|
||||
tenant_id = Fog::Identity::OpenStack::V2::Mock.data[current_tenant][:tenants].keys.first
|
||||
security_group_id = Fog::Mock.random_numbers(2).to_i + 1
|
||||
self.data[:security_groups][security_group_id.to_s] = {
|
||||
'tenant_id' => tenant_id,
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def add_user_to_tenant(tenant_id, user_id, role_id)
|
||||
request(
|
||||
:expects => 200,
|
||||
:method => 'PUT',
|
||||
:path => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
|
||||
)
|
||||
end
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def add_user_to_tenant(tenant_id, user_id, role_id)
|
||||
role = self.data[:roles][role_id]
|
||||
self.data[:user_tenant_membership][tenant_id] ||= {}
|
||||
self.data[:user_tenant_membership][tenant_id][user_id] ||= []
|
||||
self.data[:user_tenant_membership][tenant_id][user_id].push(role['id']).uniq!
|
||||
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
response.body = {
|
||||
'role' => {
|
||||
'id' => role['id'],
|
||||
'name' => role['name']
|
||||
}
|
||||
}
|
||||
response
|
||||
end # def add_user_to_tenant
|
||||
end # class Mock
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end
|
|
@ -1,20 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def check_token(token_id, tenant_id=nil)
|
||||
request(
|
||||
:expects => [200, 203],
|
||||
:method => 'HEAD',
|
||||
:path => "tokens/#{token_id}"+(tenant_id ? "?belongsTo=#{tenant_id}" : '')
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def check_token(token_id, tenant_id=nil)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,57 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
##
|
||||
# Create an EC2 credential for a user in a tenant. Requires
|
||||
# administrator credentials.
|
||||
#
|
||||
# ==== Parameters
|
||||
# * user_id<~String>: The id of the user to create an EC2 credential
|
||||
# for
|
||||
# * tenant_id<~String>: The id of the tenant to create the credential
|
||||
# in
|
||||
#
|
||||
# ==== Returns
|
||||
# * response<~Excon::Response>:
|
||||
# * body<~Hash>:
|
||||
# * 'credential'<~Hash>: Created EC2 credential
|
||||
# * 'access'<~String>: The access key
|
||||
# * 'secret'<~String>: The secret key
|
||||
# * 'user_id'<~String>: The user id
|
||||
# * 'tenant_id'<~String>: The tenant id
|
||||
|
||||
def create_ec2_credential(user_id, tenant_id)
|
||||
data = { 'tenant_id' => tenant_id }
|
||||
|
||||
request(
|
||||
:body => Fog::JSON.encode(data),
|
||||
:expects => [200, 202],
|
||||
:method => 'POST',
|
||||
:path => "users/#{user_id}/credentials/OS-EC2"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def create_ec2_credential(user_id, tenant_id)
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
|
||||
data = {
|
||||
'access' => Fog::Mock.random_hex(32),
|
||||
'secret' => Fog::Mock.random_hex(32),
|
||||
'tenant_id' => tenant_id,
|
||||
'user_id' => user_id,
|
||||
}
|
||||
|
||||
self.data[:ec2_credentials][user_id][data['access']] = data
|
||||
|
||||
response.body = { 'credential' => data }
|
||||
|
||||
response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,36 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def create_role(name)
|
||||
data = {
|
||||
'role' => {
|
||||
'name' => name
|
||||
}
|
||||
}
|
||||
|
||||
request(
|
||||
:body => Fog::JSON.encode(data),
|
||||
:expects => [200, 202],
|
||||
:method => 'POST',
|
||||
:path => '/OS-KSADM/roles'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def create_role(name)
|
||||
data = {
|
||||
'id' => Fog::Mock.random_hex(32),
|
||||
'name' => name
|
||||
}
|
||||
self.data[:roles][data['id']] = data
|
||||
Excon::Response.new(
|
||||
:body => { 'role' => data },
|
||||
:status => 202
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,32 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def create_tenant(attributes)
|
||||
request(
|
||||
:expects => [200],
|
||||
:method => 'POST',
|
||||
:path => "tenants",
|
||||
:body => Fog::JSON.encode({ 'tenant' => attributes })
|
||||
)
|
||||
end # def create_tenant
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def create_tenant(attributes)
|
||||
response = Excon::Response.new
|
||||
response.status = [200, 204][rand(1)]
|
||||
response.body = {
|
||||
'tenant' => {
|
||||
'id' => "df9a815161eba9b76cc748fd5c5af73e",
|
||||
'description' => attributes[:description] || 'normal tenant',
|
||||
'enabled' => true,
|
||||
'name' => attributes[:name] || 'default'
|
||||
}
|
||||
}
|
||||
response
|
||||
end # def create_tenant
|
||||
end # class Mock
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,43 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def create_user(name, password, email, tenantId=nil, enabled=true)
|
||||
data = {
|
||||
'user' => {
|
||||
'name' => name,
|
||||
'password' => password,
|
||||
'tenantId' => tenantId,
|
||||
'email' => email,
|
||||
'enabled' => enabled,
|
||||
}
|
||||
}
|
||||
|
||||
request(
|
||||
:body => Fog::JSON.encode(data),
|
||||
:expects => [200, 202],
|
||||
:method => 'POST',
|
||||
:path => '/users'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def create_user(name, password, email, tenantId=nil, enabled=true)
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
data = {
|
||||
'id' => Fog::Mock.random_hex(32),
|
||||
'name' => name,
|
||||
'email' => email,
|
||||
'tenantId' => tenantId,
|
||||
'enabled' => enabled
|
||||
}
|
||||
self.data[:users][data['id']] = data
|
||||
response.body = { 'user' => data }
|
||||
response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,24 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def create_user_role(tenant_id, user_id, role_id)
|
||||
request(
|
||||
:expects => 200,
|
||||
:method => 'PUT',
|
||||
:path => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def create_user_role(tenant_id, user_id, role_id)
|
||||
Excon::Response.new(
|
||||
:body => { 'role' => self.data[:roles][role_id] },
|
||||
:status => 200
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,42 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
##
|
||||
# Destroy an EC2 credential for a user. Requires administrator
|
||||
# credentials.
|
||||
#
|
||||
# ==== Parameters
|
||||
# * user_id<~String>: The id of the user to delete the credential
|
||||
# for
|
||||
# * access<~String>: The access key of the credential to destroy
|
||||
#
|
||||
# ==== Returns
|
||||
# * response<~Excon::Response>:
|
||||
# * body<~String>: Empty string
|
||||
|
||||
def delete_ec2_credential(user_id, access)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'DELETE',
|
||||
:path => "users/#{user_id}/credentials/OS-EC2/#{access}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def delete_ec2_credential(user_id, access)
|
||||
raise Fog::Identity::OpenStack::NotFound unless
|
||||
self.data[:ec2_credentials][user_id][access]
|
||||
|
||||
self.data[:ec2_credentials][user_id].delete access
|
||||
|
||||
response = Excon::Response.new
|
||||
response.status = 204
|
||||
response
|
||||
rescue
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,28 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def delete_role(role_id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'DELETE',
|
||||
:path => "/OS-KSADM/roles/#{role_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def delete_role(role_id)
|
||||
response = Excon::Response.new
|
||||
if self.data[:roles][role_id]
|
||||
self.data[:roles].delete(role_id)
|
||||
response.status = 204
|
||||
response
|
||||
else
|
||||
raise Fog::Identity::OpenStack::NotFound
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,31 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def delete_tenant(id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'DELETE',
|
||||
:path => "tenants/#{id}"
|
||||
)
|
||||
end # def create_tenant
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def delete_tenant(attributes)
|
||||
response = Excon::Response.new
|
||||
response.status = [200, 204][rand(1)]
|
||||
response.body = {
|
||||
'tenant' => {
|
||||
'id' => '1',
|
||||
'description' => 'Has access to everything',
|
||||
'enabled' => true,
|
||||
'name' => 'admin'
|
||||
}
|
||||
}
|
||||
response
|
||||
end # def create_tenant
|
||||
end # class Mock
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,28 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def delete_user(user_id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'DELETE',
|
||||
:path => "users/#{user_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def delete_user(user_id)
|
||||
self.data[:users].delete(
|
||||
list_users.body['users'].find {|x| x['id'] == user_id }['id'])
|
||||
|
||||
response = Excon::Response.new
|
||||
response.status = 204
|
||||
response
|
||||
rescue
|
||||
raise Fog::Identity::OpenStack::NotFound
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,23 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def delete_user_role(tenant_id, user_id, role_id)
|
||||
request(
|
||||
:expects => 204,
|
||||
:method => 'DELETE',
|
||||
:path => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def delete_user_role(tenant_id, user_id, role_id)
|
||||
response = Excon::Response.new
|
||||
response.status = 204
|
||||
response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,48 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
##
|
||||
# Retrieves an EC2 credential for a user. Requires administrator
|
||||
# credentials.
|
||||
#
|
||||
# ==== Parameters
|
||||
# * user_id<~String>: The id of the user to retrieve the credential
|
||||
# for
|
||||
# * access<~String>: The access key of the credential to retrieve
|
||||
#
|
||||
# ==== Returns
|
||||
# * response<~Excon::Response>:
|
||||
# * body<~Hash>:
|
||||
# * 'credential'<~Hash>: The EC2 credential
|
||||
# * 'access'<~String>: The access key
|
||||
# * 'secret'<~String>: The secret key
|
||||
# * 'user_id'<~String>: The user id
|
||||
# * 'tenant_id'<~String>: The tenant id
|
||||
|
||||
def get_ec2_credential(user_id, access)
|
||||
request(
|
||||
:expects => [200, 202],
|
||||
:method => 'GET',
|
||||
:path => "users/#{user_id}/credentials/OS-EC2/#{access}"
|
||||
)
|
||||
rescue Excon::Errors::Unauthorized
|
||||
raise Fog::Identity::OpenStack::NotFound
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def get_ec2_credential(user_id, access)
|
||||
ec2_credential = self.data[:ec2_credentials][user_id][access]
|
||||
|
||||
raise Fog::OpenStack::Identity::NotFound unless ec2_credential
|
||||
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
response.body = { 'credential' => ec2_credential }
|
||||
response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,28 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def get_role(id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'GET',
|
||||
:path => "/OS-KSADM/roles/#{id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def get_role(id)
|
||||
response = Excon::Response.new
|
||||
if data = self.data[:roles][id]
|
||||
response.status = 200
|
||||
response.body = { 'role' => data }
|
||||
response
|
||||
else
|
||||
raise Fog::Identity::OpenStack::NotFound
|
||||
end
|
||||
end
|
||||
end # class Mock
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,31 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def get_tenant(id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'GET',
|
||||
:path => "tenants/#{id}"
|
||||
)
|
||||
end
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def get_tenant(id)
|
||||
response = Excon::Response.new
|
||||
response.status = [200, 204][rand(1)]
|
||||
response.body = {
|
||||
'tenant' => {
|
||||
'id' => id,
|
||||
'description' => 'Has access to everything',
|
||||
'enabled' => true,
|
||||
'name' => 'admin'
|
||||
}
|
||||
}
|
||||
response
|
||||
end # def list_tenants
|
||||
end # class Mock
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,18 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def get_tenants_by_id(tenant_id)
|
||||
request(
|
||||
:expects => [200],
|
||||
:method => 'GET',
|
||||
:path => "tenants/#{tenant_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,18 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def get_tenants_by_name(name)
|
||||
request(
|
||||
:expects => [200],
|
||||
:method => 'GET',
|
||||
:path => "tenants?name=#{name}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,32 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def get_user_by_id(user_id)
|
||||
request(
|
||||
:expects => [200, 203],
|
||||
:method => 'GET',
|
||||
:path => "users/#{user_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def get_user_by_id(user_id)
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
|
||||
existing_user = self.data[:users].find do |u|
|
||||
u[0] == user_id || u[1]['name'] == 'mock'
|
||||
end
|
||||
existing_user = existing_user[1] if existing_user
|
||||
|
||||
response.body = {
|
||||
'user' => existing_user || create_user('mock', 'mock', 'mock@email.com').body['user']
|
||||
}
|
||||
response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,27 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def get_user_by_name(name)
|
||||
request(
|
||||
:expects => [200, 203],
|
||||
:method => 'GET',
|
||||
:path => "users?name=#{name}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def get_user_by_name(name)
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
user = self.data[:users].values.select {|user| user['name'] == name}[0]
|
||||
response.body = {
|
||||
'user' => user
|
||||
}
|
||||
response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,43 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
##
|
||||
# List EC2 credentials for a user. Requires administrator
|
||||
# credentials.
|
||||
#
|
||||
# ==== Parameters
|
||||
# * user_id<~String>: The id of the user to retrieve the credential
|
||||
# for
|
||||
#
|
||||
# ==== Returns
|
||||
# * response<~Excon::Response>:
|
||||
# * body<~Hash>:
|
||||
# * 'credentials'<~Array>: The user's EC2 credentials
|
||||
# * 'access'<~String>: The access key
|
||||
# * 'secret'<~String>: The secret key
|
||||
# * 'user_id'<~String>: The user id
|
||||
# * 'tenant_id'<~String>: The tenant id
|
||||
|
||||
def list_ec2_credentials(user_id)
|
||||
request(
|
||||
:expects => [200, 202],
|
||||
:method => 'GET',
|
||||
:path => "users/#{user_id}/credentials/OS-EC2"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def list_ec2_credentials(user_id)
|
||||
ec2_credentials = self.data[:ec2_credentials][user_id].values
|
||||
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
response.body = { 'credentials' => ec2_credentials }
|
||||
response
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,18 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def list_endpoints_for_token(token_id)
|
||||
request(
|
||||
:expects => [200, 203],
|
||||
:method => 'HEAD',
|
||||
:path => "tokens/#{token_id}/endpoints"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,31 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def list_roles
|
||||
request(
|
||||
:expects => 200,
|
||||
:method => 'GET',
|
||||
:path => '/OS-KSADM/roles'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def list_roles
|
||||
if self.data[:roles].empty?
|
||||
['admin', 'Member'].each do |name|
|
||||
id = Fog::Mock.random_hex(32)
|
||||
self.data[:roles][id] = {'id' => id, 'name' => name}
|
||||
end
|
||||
end
|
||||
|
||||
Excon::Response.new(
|
||||
:body => { 'roles' => self.data[:roles].values },
|
||||
:status => 200
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,30 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def list_roles_for_user_on_tenant(tenant_id, user_id)
|
||||
request(
|
||||
:expects => [200],
|
||||
:method => 'GET',
|
||||
:path => "tenants/#{tenant_id}/users/#{user_id}/roles"
|
||||
)
|
||||
end # def list_roles_for_user_on_tenant
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def list_roles_for_user_on_tenant(tenant_id, user_id)
|
||||
self.data[:user_tenant_membership][tenant_id] ||= {}
|
||||
self.data[:user_tenant_membership][tenant_id][user_id] ||= []
|
||||
roles = self.data[:user_tenant_membership][tenant_id][user_id].map do |role_id|
|
||||
self.data[:roles][role_id]
|
||||
end
|
||||
|
||||
Excon::Response.new(
|
||||
:body => { 'roles' => roles },
|
||||
:status => 200
|
||||
)
|
||||
end # def list_roles_for_user_on_tenant
|
||||
end # class Mock
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,45 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def list_tenants(limit = nil, marker = nil)
|
||||
params = Hash.new
|
||||
params['limit'] = limit if limit
|
||||
params['marker'] = marker if marker
|
||||
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'GET',
|
||||
:path => "tenants",
|
||||
:query => params
|
||||
)
|
||||
end
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def list_tenants
|
||||
Excon::Response.new(
|
||||
:body => {
|
||||
'tenants_links' => [],
|
||||
'tenants' => [
|
||||
{'id' => '1',
|
||||
'description' => 'Has access to everything',
|
||||
'enabled' => true,
|
||||
'name' => 'admin'},
|
||||
{'id' => '2',
|
||||
'description' => 'Normal tenant',
|
||||
'enabled' => true,
|
||||
'name' => 'default'},
|
||||
{'id' => '3',
|
||||
'description' => 'Disabled tenant',
|
||||
'enabled' => false,
|
||||
'name' => 'disabled'}
|
||||
]
|
||||
},
|
||||
:status => [200, 204][rand(1)]
|
||||
)
|
||||
end # def list_tenants
|
||||
end # class Mock
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,18 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def list_user_global_roles(user_id)
|
||||
request(
|
||||
:expects => [200],
|
||||
:method => 'GET',
|
||||
:path => "users/#{user_id}/roles"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,33 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def list_users(tenant_id = nil)
|
||||
path = tenant_id ? "tenants/#{tenant_id}/users" : 'users'
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'GET',
|
||||
:path => path
|
||||
)
|
||||
end
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def list_users(tenant_id = nil)
|
||||
users = self.data[:users].values
|
||||
|
||||
if tenant_id
|
||||
users = users.select {
|
||||
|user| user['tenantId'] == tenant_id
|
||||
}
|
||||
end
|
||||
|
||||
Excon::Response.new(
|
||||
:body => { 'users' => users },
|
||||
:status => 200
|
||||
)
|
||||
end
|
||||
end # class Mock
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,20 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def remove_user_from_tenant(tenant_id, user_id, role_id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'DELETE',
|
||||
:path => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
|
||||
)
|
||||
end
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def remove_user_from_tenant(tenant_id, user_id, role_id)
|
||||
end # def remove_user_from_tenant
|
||||
end # class Mock
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end
|
|
@ -1,19 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def set_tenant(tenant)
|
||||
@openstack_must_reauthenticate = true
|
||||
@openstack_tenant = tenant.to_s
|
||||
authenticate
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def set_tenant(tenant)
|
||||
true
|
||||
end
|
||||
end
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,28 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def update_tenant(id, attributes)
|
||||
request(
|
||||
:expects => [200],
|
||||
:method => 'PUT',
|
||||
:path => "tenants/#{id}",
|
||||
:body => Fog::JSON.encode({ 'tenant' => attributes })
|
||||
)
|
||||
end # def create_tenant
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def update_tenant(id, attributes)
|
||||
response = Excon::Response.new
|
||||
response.status = [200, 204][rand(1)]
|
||||
attributes = {'enabled' => true, 'id' => '1'}.merge(attributes)
|
||||
response.body = {
|
||||
'tenant' => attributes
|
||||
}
|
||||
response
|
||||
end # def create_tenant
|
||||
end # class Mock
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -1,32 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def update_user(user_id, options = {})
|
||||
url = options.delete('url') || "/users/#{user_id}"
|
||||
request(
|
||||
:body => Fog::JSON.encode({ 'user' => options }),
|
||||
:expects => 200,
|
||||
:method => 'PUT',
|
||||
:path => url
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def update_user(user_id, options)
|
||||
response = Excon::Response.new
|
||||
if user = self.data[:users][user_id]
|
||||
if options['name']
|
||||
user['name'] = options['name']
|
||||
end
|
||||
response.status = 200
|
||||
response
|
||||
else
|
||||
raise Fog::Identity::OpenStack::NotFound
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,20 +0,0 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class Real
|
||||
def validate_token(token_id, tenant_id=nil)
|
||||
request(
|
||||
:expects => [200, 203],
|
||||
:method => 'GET',
|
||||
:path => "tokens/#{token_id}"+(tenant_id ? "?belongsTo=#{tenant_id}" : '')
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def validate_token(token_id, tenant_id=nil)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,36 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def add_user_to_tenant(tenant_id, user_id, role_id)
|
||||
request(
|
||||
:expects => 200,
|
||||
:method => 'PUT',
|
||||
:path => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
|
||||
)
|
||||
end
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def add_user_to_tenant(tenant_id, user_id, role_id)
|
||||
role = self.data[:roles][role_id]
|
||||
self.data[:user_tenant_membership][tenant_id] ||= {}
|
||||
self.data[:user_tenant_membership][tenant_id][user_id] ||= []
|
||||
self.data[:user_tenant_membership][tenant_id][user_id].push(role['id']).uniq!
|
||||
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
response.body = {
|
||||
'role' => {
|
||||
'id' => role['id'],
|
||||
'name' => role['name']
|
||||
}
|
||||
}
|
||||
response
|
||||
end # def add_user_to_tenant
|
||||
end # class Mock
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end
|
|
@ -0,0 +1,22 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def check_token(token_id, tenant_id=nil)
|
||||
request(
|
||||
:expects => [200, 203],
|
||||
:method => 'HEAD',
|
||||
:path => "tokens/#{token_id}"+(tenant_id ? "?belongsTo=#{tenant_id}" : '')
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def check_token(token_id, tenant_id=nil)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,59 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
##
|
||||
# Create an EC2 credential for a user in a tenant. Requires
|
||||
# administrator credentials.
|
||||
#
|
||||
# ==== Parameters
|
||||
# * user_id<~String>: The id of the user to create an EC2 credential
|
||||
# for
|
||||
# * tenant_id<~String>: The id of the tenant to create the credential
|
||||
# in
|
||||
#
|
||||
# ==== Returns
|
||||
# * response<~Excon::Response>:
|
||||
# * body<~Hash>:
|
||||
# * 'credential'<~Hash>: Created EC2 credential
|
||||
# * 'access'<~String>: The access key
|
||||
# * 'secret'<~String>: The secret key
|
||||
# * 'user_id'<~String>: The user id
|
||||
# * 'tenant_id'<~String>: The tenant id
|
||||
|
||||
def create_ec2_credential(user_id, tenant_id)
|
||||
data = {'tenant_id' => tenant_id}
|
||||
|
||||
request(
|
||||
:body => Fog::JSON.encode(data),
|
||||
:expects => [200, 202],
|
||||
:method => 'POST',
|
||||
:path => "users/#{user_id}/credentials/OS-EC2"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def create_ec2_credential(user_id, tenant_id)
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
|
||||
data = {
|
||||
'access' => Fog::Mock.random_hex(32),
|
||||
'secret' => Fog::Mock.random_hex(32),
|
||||
'tenant_id' => tenant_id,
|
||||
'user_id' => user_id,
|
||||
}
|
||||
|
||||
self.data[:ec2_credentials][user_id][data['access']] = data
|
||||
|
||||
response.body = {'credential' => data}
|
||||
|
||||
response
|
||||
end
|
||||
end
|
||||
end # class V2
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,38 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def create_role(name)
|
||||
data = {
|
||||
'role' => {
|
||||
'name' => name
|
||||
}
|
||||
}
|
||||
|
||||
request(
|
||||
:body => Fog::JSON.encode(data),
|
||||
:expects => [200, 202],
|
||||
:method => 'POST',
|
||||
:path => '/OS-KSADM/roles'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def create_role(name)
|
||||
data = {
|
||||
'id' => Fog::Mock.random_hex(32),
|
||||
'name' => name
|
||||
}
|
||||
self.data[:roles][data['id']] = data
|
||||
Excon::Response.new(
|
||||
:body => {'role' => data},
|
||||
:status => 202
|
||||
)
|
||||
end
|
||||
end
|
||||
end # class V2
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,34 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def create_tenant(attributes)
|
||||
request(
|
||||
:expects => [200],
|
||||
:method => 'POST',
|
||||
:path => "tenants",
|
||||
:body => Fog::JSON.encode({'tenant' => attributes})
|
||||
)
|
||||
end # def create_tenant
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def create_tenant(attributes)
|
||||
response = Excon::Response.new
|
||||
response.status = [200, 204][rand(1)]
|
||||
response.body = {
|
||||
'tenant' => {
|
||||
'id' => "df9a815161eba9b76cc748fd5c5af73e",
|
||||
'description' => attributes[:description] || 'normal tenant',
|
||||
'enabled' => true,
|
||||
'name' => attributes[:name] || 'default'
|
||||
}
|
||||
}
|
||||
response
|
||||
end # def create_tenant
|
||||
end # class Mock
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -0,0 +1,45 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def create_user(name, password, email, tenantId=nil, enabled=true)
|
||||
data = {
|
||||
'user' => {
|
||||
'name' => name,
|
||||
'password' => password,
|
||||
'tenantId' => tenantId,
|
||||
'email' => email,
|
||||
'enabled' => enabled,
|
||||
}
|
||||
}
|
||||
|
||||
request(
|
||||
:body => Fog::JSON.encode(data),
|
||||
:expects => [200, 202],
|
||||
:method => 'POST',
|
||||
:path => '/users'
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def create_user(name, password, email, tenantId=nil, enabled=true)
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
data = {
|
||||
'id' => Fog::Mock.random_hex(32),
|
||||
'name' => name,
|
||||
'email' => email,
|
||||
'tenantId' => tenantId,
|
||||
'enabled' => enabled
|
||||
}
|
||||
self.data[:users][data['id']] = data
|
||||
response.body = {'user' => data}
|
||||
response
|
||||
end
|
||||
end
|
||||
end # class V2
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,26 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def create_user_role(tenant_id, user_id, role_id)
|
||||
request(
|
||||
:expects => 200,
|
||||
:method => 'PUT',
|
||||
:path => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def create_user_role(tenant_id, user_id, role_id)
|
||||
Excon::Response.new(
|
||||
:body => {'role' => self.data[:roles][role_id]},
|
||||
:status => 200
|
||||
)
|
||||
end
|
||||
end
|
||||
end # class V2
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,43 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
##
|
||||
# Destroy an EC2 credential for a user. Requires administrator
|
||||
# credentials.
|
||||
#
|
||||
# ==== Parameters
|
||||
# * user_id<~String>: The id of the user to delete the credential
|
||||
# for
|
||||
# * access<~String>: The access key of the credential to destroy
|
||||
#
|
||||
# ==== Returns
|
||||
# * response<~Excon::Response>:
|
||||
# * body<~String>: Empty string
|
||||
|
||||
def delete_ec2_credential(user_id, access)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'DELETE',
|
||||
:path => "users/#{user_id}/credentials/OS-EC2/#{access}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def delete_ec2_credential(user_id, access)
|
||||
raise Fog::Identity::OpenStack::NotFound unless self.data[:ec2_credentials][user_id][access]
|
||||
|
||||
self.data[:ec2_credentials][user_id].delete access
|
||||
|
||||
response = Excon::Response.new
|
||||
response.status = 204
|
||||
response
|
||||
rescue
|
||||
end
|
||||
end
|
||||
end # class V2
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,30 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def delete_role(role_id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'DELETE',
|
||||
:path => "/OS-KSADM/roles/#{role_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def delete_role(role_id)
|
||||
response = Excon::Response.new
|
||||
if self.data[:roles][role_id]
|
||||
self.data[:roles].delete(role_id)
|
||||
response.status = 204
|
||||
response
|
||||
else
|
||||
raise Fog::Identity::OpenStack::NotFound
|
||||
end
|
||||
end
|
||||
end
|
||||
end # class V2
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,33 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def delete_tenant(id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'DELETE',
|
||||
:path => "tenants/#{id}"
|
||||
)
|
||||
end # def create_tenant
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def delete_tenant(attributes)
|
||||
response = Excon::Response.new
|
||||
response.status = [200, 204][rand(1)]
|
||||
response.body = {
|
||||
'tenant' => {
|
||||
'id' => '1',
|
||||
'description' => 'Has access to everything',
|
||||
'enabled' => true,
|
||||
'name' => 'admin'
|
||||
}
|
||||
}
|
||||
response
|
||||
end # def create_tenant
|
||||
end # class Mock
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -0,0 +1,30 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def delete_user(user_id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'DELETE',
|
||||
:path => "users/#{user_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def delete_user(user_id)
|
||||
self.data[:users].delete(
|
||||
list_users.body['users'].find { |x| x['id'] == user_id }['id'])
|
||||
|
||||
response = Excon::Response.new
|
||||
response.status = 204
|
||||
response
|
||||
rescue
|
||||
raise Fog::Identity::OpenStack::NotFound
|
||||
end
|
||||
end
|
||||
end # class V2
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,25 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def delete_user_role(tenant_id, user_id, role_id)
|
||||
request(
|
||||
:expects => 204,
|
||||
:method => 'DELETE',
|
||||
:path => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def delete_user_role(tenant_id, user_id, role_id)
|
||||
response = Excon::Response.new
|
||||
response.status = 204
|
||||
response
|
||||
end
|
||||
end
|
||||
end # class V2
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,50 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
##
|
||||
# Retrieves an EC2 credential for a user. Requires administrator
|
||||
# credentials.
|
||||
#
|
||||
# ==== Parameters
|
||||
# * user_id<~String>: The id of the user to retrieve the credential
|
||||
# for
|
||||
# * access<~String>: The access key of the credential to retrieve
|
||||
#
|
||||
# ==== Returns
|
||||
# * response<~Excon::Response>:
|
||||
# * body<~Hash>:
|
||||
# * 'credential'<~Hash>: The EC2 credential
|
||||
# * 'access'<~String>: The access key
|
||||
# * 'secret'<~String>: The secret key
|
||||
# * 'user_id'<~String>: The user id
|
||||
# * 'tenant_id'<~String>: The tenant id
|
||||
|
||||
def get_ec2_credential(user_id, access)
|
||||
request(
|
||||
:expects => [200, 202],
|
||||
:method => 'GET',
|
||||
:path => "users/#{user_id}/credentials/OS-EC2/#{access}"
|
||||
)
|
||||
rescue Excon::Errors::Unauthorized
|
||||
raise Fog::Identity::OpenStack::NotFound
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def get_ec2_credential(user_id, access)
|
||||
ec2_credential = self.data[:ec2_credentials][user_id][access]
|
||||
|
||||
raise Fog::OpenStack::Identity::NotFound unless ec2_credential
|
||||
|
||||
response = Excon::Response.new
|
||||
response.status = 200
|
||||
response.body = {'credential' => ec2_credential}
|
||||
response
|
||||
end
|
||||
end
|
||||
end # class V2
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,30 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def get_role(id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'GET',
|
||||
:path => "/OS-KSADM/roles/#{id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
def get_role(id)
|
||||
response = Excon::Response.new
|
||||
if data = self.data[:roles][id]
|
||||
response.status = 200
|
||||
response.body = {'role' => data}
|
||||
response
|
||||
else
|
||||
raise Fog::Identity::OpenStack::NotFound
|
||||
end
|
||||
end
|
||||
end # class Mock
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -0,0 +1,33 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def get_tenant(id)
|
||||
request(
|
||||
:expects => [200, 204],
|
||||
:method => 'GET',
|
||||
:path => "tenants/#{id}"
|
||||
)
|
||||
end
|
||||
end # class Real
|
||||
|
||||
class Mock
|
||||
def get_tenant(id)
|
||||
response = Excon::Response.new
|
||||
response.status = [200, 204][rand(1)]
|
||||
response.body = {
|
||||
'tenant' => {
|
||||
'id' => id,
|
||||
'description' => 'Has access to everything',
|
||||
'enabled' => true,
|
||||
'name' => 'admin'
|
||||
}
|
||||
}
|
||||
response
|
||||
end # def list_tenants
|
||||
end # class Mock
|
||||
end # class V2
|
||||
end # class OpenStack
|
||||
end # module Identity
|
||||
end # module Fog
|
|
@ -0,0 +1,20 @@
|
|||
module Fog
|
||||
module Identity
|
||||
class OpenStack
|
||||
class V2
|
||||
class Real
|
||||
def get_tenants_by_id(tenant_id)
|
||||
request(
|
||||
:expects => [200],
|
||||
:method => 'GET',
|
||||
:path => "tenants/#{tenant_id}"
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
class Mock
|
||||
end
|
||||
end # class V2
|
||||
end
|
||||
end
|
||||
end
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue