[openstack] Refactor Openstack Authentication

Signed-off-by: Nelvin Driz <nelvindriz@live.com>

lib/fog/openstack.rb

@@ -72,44 +72,20 @@ module Fog
 
     # Keystone Style Auth
     def self.authenticate_v2(options, connection_options = {})
-      uri = options[:openstack_auth_uri]
-      connection = Fog::Connection.new(uri.to_s, false, connection_options)
-      @openstack_api_key  = options[:openstack_api_key]
-      @openstack_username = options[:openstack_username]
-      @openstack_tenant   = options[:openstack_tenant]
-      @openstack_auth_token = options[:openstack_auth_token]
-      @service_name         = options[:openstack_service_name]
-      @identity_service_name = options[:openstack_identity_service_name]
-      @endpoint_type         = options[:openstack_endpoint_type] || 'publicURL'
-      @openstack_region      = options[:openstack_region]
+      uri                   = options[:openstack_auth_uri]
+      tenant_name           = options[:openstack_tenant]
+      service_name          = options[:openstack_service_name]
+      identity_service_name = options[:openstack_identity_service_name]
+      endpoint_type         = (options[:openstack_endpoint_type] || 'publicURL').to_s
+      openstack_region      = options[:openstack_region]
 
-      if @openstack_auth_token
-        req_body = {
-          'auth' => {
-            'token' => {
-              'id' => @openstack_auth_token
-            }
-          }
-        }
-      else
-        req_body = {
-          'auth' => {
-            'passwordCredentials'  => {
-              'username' => @openstack_username.to_s,
-              'password' => @openstack_api_key.to_s
-            }
-          }
-        }
-      end
-      req_body['auth']['tenantName'] = @openstack_tenant if @openstack_tenant
 
-      body = retrieve_tokens_v2(connection, req_body, uri)
+      body = retrieve_tokens_v2(options, connection_options)
+      service = body['access']['serviceCatalog'].
+        detect {|s| service_name.include?(s['type']) }
 
-      svc = body['access']['serviceCatalog'].
-        detect{|x| @service_name.include?(x['type']) }
-
-      unless svc
-        unless @openstack_tenant
+      unless service
+        unless tenant_name
           response = Fog::Connection.new(
             "#{uri.scheme}://#{uri.host}:#{uri.port}/v2.0/tenants", false, connection_options).request({
             :expects => [200, 204],
@@ -124,53 +100,72 @@ module Fog
           if body['tenants'].empty?
             raise Errors::NotFound.new('No Tenant Found')
           else
-            req_body['auth']['tenantName'] = body['tenants'].first['name']
+            options[:openstack_tenant] = body['tenants'].first['name']
           end
         end
 
-        body = retrieve_tokens_v2(connection, req_body, uri)
-        if body['access']['token']['tenant'].nil?
-          raise Errors::NotFound.new("Invalid Tenant '#{@openstack_tenant}'")
-        end
-        svc = body['access']['serviceCatalog'].
-          detect{|x| @service_name.include?(x['type']) }
+        body = retrieve_tokens_v2(options, connection_options)
+        service = body['access']['serviceCatalog'].
+          detect{|s| service_name.include?(s['type']) }
       end
 
-      svc['endpoints'] = svc['endpoints'].select{ |x| x['region'] == @openstack_region } if @openstack_region
-      if svc['endpoints'].count > 1
+      service['endpoints'] = service['endpoints'].select do |endpoint|
+        endpoint['region'] == openstack_region
+      end if openstack_region
+
+      if service['endpoints'].count > 1
          regions = svc["endpoints"].map { |x| x['region'] }.uniq.join(',')
          raise Errors::NotFound.new("Multiple regions available choose one of these '#{regions}'")
       end
 
-      identity_svc = body['access']['serviceCatalog'].
-        detect{|x| @identity_service_name.include?(x['type']) } if @identity_service_name
+      identity_service = body['access']['serviceCatalog'].
+        detect{|x| identity_service_name.include?(x['type']) } if identity_service_name
       tenant = body['access']['token']['tenant']
       user = body['access']['user']
 
-      mgmt_url = svc['endpoints'].detect{|x| x[@endpoint_type]}[@endpoint_type]
-      identity_url = identity_svc['endpoints'].detect{|x| x['publicURL']}['publicURL'] if identity_svc
-      token = body['access']['token']['id']
-      expires = body['access']['token']['expires']
+      management_url = service['endpoints'].detect{|s| s[endpoint_type]}[endpoint_type]
+      identity_url   = identity_service['endpoints'].detect{|s| s['publicURL']}['publicURL'] if identity_service
 
       {
         :user                     => user,
         :tenant                   => tenant,
-        :token                    => token,
-        :expires                  => expires,
-        :server_management_url    => mgmt_url,
         :identity_public_endpoint => identity_url,
+        :server_management_url    => management_url,
+        :token                    => body['access']['token']['id'],
+        :expires                  => body['access']['token']['expires'],
         :current_user_id          => body['access']['user']['id']
       }
     end
 
-    def self.retrieve_tokens_v2(connection, request_body, uri)
+    def self.retrieve_tokens_v2(options, connection_options = {})
+      api_key     = options[:openstack_api_key].to_s
+      username    = options[:openstack_username].to_s
+      tenant_name = options[:openstack_tenant].to_s
+      auth_token  = options[:openstack_auth_token]
+      uri         = options[:openstack_auth_uri]
+
+      connection = Fog::Connection.new(uri.to_s, false, connection_options)
+      request_body = {:auth => Hash.new}
+
+      if auth_token
+        request_body[:auth][:token] = {
+          :id => auth_token
+        }
+      else
+        request_body[:auth][:passwordCredentials] = {
+          :username => username,
+          :password => api_key
+        }
+      end
+      request_body[:auth][:tenantName] = tenant_name if tenant_name
+
       response = connection.request({
         :expects  => [200, 204],
         :headers  => {'Content-Type' => 'application/json'},
         :body     => Fog::JSON.encode(request_body),
         :host     => uri.host,
         :method   => 'POST',
-        :path     =>  (uri.path and not uri.path.empty?) ? uri.path : 'v2.0'
+        :path     => (uri.path and not uri.path.empty?) ? uri.path : 'v2.0'
       })
 
       Fog::JSON.decode(response.body)

lib/fog/openstack/compute.rb

@@ -249,9 +249,10 @@ module Fog
 
         def initialize(options={})
           @openstack_auth_token = options[:openstack_auth_token]
+          @auth_token        = options[:openstack_auth_token]
           @openstack_identity_public_endpoint = options[:openstack_identity_endpoint]
 
-          unless @openstack_auth_token
+          unless @auth_token
             missing_credentials = Array.new
             @openstack_api_key  = options[:openstack_api_key]
             @openstack_username = options[:openstack_username]
@@ -334,14 +335,14 @@ module Fog
         private
 
         def authenticate
-          if @openstack_must_reauthenticate || @openstack_auth_token.nil?
+          if !@openstack_management_url || @openstack_must_reauthenticate
             options = {
-              :openstack_api_key  => @openstack_api_key,
-              :openstack_username => @openstack_username,
-              :openstack_auth_token => @openstack_auth_token,
-              :openstack_auth_uri => @openstack_auth_uri,
-              :openstack_region   => @openstack_region,
-              :openstack_tenant   => @openstack_tenant,
+              :openstack_api_key    => @openstack_api_key,
+              :openstack_username   => @openstack_username,
+              :openstack_auth_token => @auth_token,
+              :openstack_auth_uri   => @openstack_auth_uri,
+              :openstack_region     => @openstack_region,
+              :openstack_tenant     => @openstack_tenant,
               :openstack_service_name => @openstack_service_name,
               :openstack_identity_service_name => @openstack_identity_service_name
             }
@@ -360,12 +361,9 @@ module Fog
             @auth_token_expiration    = credentials[:expires]
             @openstack_management_url = credentials[:server_management_url]
             @openstack_identity_public_endpoint  = credentials[:identity_public_endpoint]
-            uri = URI.parse(@openstack_management_url)
-          else
-            @auth_token = @openstack_auth_token
-            uri = URI.parse(@openstack_management_url)
           end
 
+          uri = URI.parse(@openstack_management_url)
           @host   = uri.host
           @path, @tenant_id = uri.path.scan(/(\/.*)\/(.*)/).flatten
 

lib/fog/openstack/identity.rb

@@ -166,7 +166,7 @@ module Fog
           end
 
           @openstack_tenant   = options[:openstack_tenant]
-          @openstack_auth_uri   = URI.parse(options[:openstack_auth_url])
+          @openstack_auth_uri = URI.parse(options[:openstack_auth_url])
           @openstack_management_url       = options[:openstack_management_url]
           @openstack_must_reauthenticate  = false
           @openstack_service_name = options[:openstack_service_name] || ['identity']

lib/fog/openstack/requests/identity/create_role.rb

@@ -21,7 +21,7 @@ module Fog
       class Mock
         def create_role(name)
           data = {
-            'id'   => Fog::Mock.random_numbers(6).to_s,
+            'id'   => Fog::Mock.random_base64(64),
             'name' => name
           }
           self.data[:roles][data['id']] = data