1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00

[openstack|storage] Added support to impersonate other accounts

The patch would allow to impersonate other accounts if you have
an admin role:

     require 'fog'
     require 'pp'

     auth_url = 'https://identity.test.lan/v2.0/tokens'
     user = 'admin@test.lan'
     password = 'secret'

     id = Fog::Identity.new :provider => 'OpenStack',
                            :openstack_auth_url => auth_url,
                            :openstack_username => user,
                            :openstack_api_key  => password

     st = Fog::Storage.new :provider => 'OpenStack',
                           :openstack_auth_url => auth_url,
                           :openstack_username => user,
                           :openstack_api_key  => password

     id.tenants.each do |t|
       puts "Changing account to #{t.name}"
       st.change_account "AUTH_#{t.id}"
       # list account containers
       pp st.directories
       # We could also head the account and get usage information
       pp st.request :method => 'HEAD'
     end
This commit is contained in:
Sergio Rubio 2013-03-05 18:46:11 +01:00
parent 2f30de2ab3
commit ac9c0ceb40
2 changed files with 65 additions and 0 deletions

View file

@ -84,6 +84,52 @@ module Fog
@connection.reset
end
# Change the current account while re-using the auth token.
#
# This is usefull when you have an admin role and you're able
# to HEAD other user accounts, set quotas, list files, etc.
#
# For example:
#
# # List current user account details
# service = Fog::Storage[:openstack]
# service.request :method => 'HEAD'
#
# Would return something like:
#
# Account: AUTH_1234
# Date: Tue, 05 Mar 2013 16:50:52 GMT
# X-Account-Bytes-Used: 0 (0.00 Bytes)
# X-Account-Container-Count: 0
# X-Account-Object-Count: 0
#
# Now let's change the account
#
# service.change_account('AUTH_3333')
# service.request :method => 'HEAD'
#
# Would return something like:
#
# Account: AUTH_3333
# Date: Tue, 05 Mar 2013 16:51:53 GMT
# X-Account-Bytes-Used: 23423433
# X-Account-Container-Count: 2
# X-Account-Object-Count: 10
#
# If we wan't to go back to our original admin account:
#
# service.reset_account_name
#
def change_account(account)
@original_path ||= @path
version_string = @path.split('/')[1]
@path = "/#{version_string}/#{account}"
end
def reset_account_name
@path = @original_path
end
def request(params, parse_json = true, &block)
begin
response = @connection.request(params.merge({

View file

@ -0,0 +1,19 @@
Shindo.tests('Fog::Storage[:openstack]', ['openstack', 'storage']) do
storage = Fog::Storage[:openstack]
original_path = storage.instance_variable_get :@path
tests("account changes") do
test("#change_account") do
new_account = 'AUTH_1234567890'
storage.change_account new_account
storage.instance_variable_get(:@path) != original_path
end
test("#reset_account_name") do
storage.reset_account_name
storage.instance_variable_get(:@path) == original_path
end
end
end