kotovalexarian-likes-github/fog--fog
1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00
Code Releases Activity

Merge pull request #1361 from dprince/auth_improvements

Browse source 
OpenStack: Auth improvements
This commit is contained in:
Dan Prince 2012-12-10 19:43:04 -08:00
commit de80a97d7b
7 changed files with 91 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
lib/fog/openstack.rb
View file

@ -26,9 +26,6 @@ module Fog
end end
end end
class InternalServerError < ServiceError; end
class Conflict < ServiceError; end
class NotFound < ServiceError; end
class ServiceUnavailable < ServiceError; end class ServiceUnavailable < ServiceError; end
class BadRequest < ServiceError class BadRequest < ServiceError
@ -77,15 +74,15 @@ module Fog
def self.authenticate_v2(options, connection_options = {}) def self.authenticate_v2(options, connection_options = {})
uri = options[:openstack_auth_uri] uri = options[:openstack_auth_uri]
tenant_name = options[:openstack_tenant] tenant_name = options[:openstack_tenant]
service_type = options[:openstack_service_type]
service_name = options[:openstack_service_name] service_name = options[:openstack_service_name]
identity_service_name = options[:openstack_identity_service_name] identity_service_type = options[:openstack_identity_service_type]
endpoint_type = (options[:openstack_endpoint_type] || 'publicURL').to_s endpoint_type = (options[:openstack_endpoint_type] || 'publicURL').to_s
openstack_region = options[:openstack_region] openstack_region = options[:openstack_region]
body = retrieve_tokens_v2(options, connection_options) body = retrieve_tokens_v2(options, connection_options)
service = body['access']['serviceCatalog']. service = get_service(body, service_type, service_name)
detect {|s| service_name.include?(s['type']) }
options[:unscoped_token] = body['access']['token']['id'] options[:unscoped_token] = body['access']['token']['id']
@ -103,15 +100,15 @@ module Fog
body = Fog::JSON.decode(response.body) body = Fog::JSON.decode(response.body)
if body['tenants'].empty? if body['tenants'].empty?
raise Errors::NotFound.new('No Tenant Found') raise Fog::Errors::NotFound.new('No Tenant Found')
else else
options[:openstack_tenant] = body['tenants'].first['name'] options[:openstack_tenant] = body['tenants'].first['name']
end end
end end
body = retrieve_tokens_v2(options, connection_options) body = retrieve_tokens_v2(options, connection_options)
service = body['access']['serviceCatalog']. service = get_service(body, service_type, service_name)
detect{|s| service_name.include?(s['type']) }
end end
service['endpoints'] = service['endpoints'].select do |endpoint| service['endpoints'] = service['endpoints'].select do |endpoint|
@ -127,20 +124,19 @@ module Fog
endpoint['type'] endpoint['type']
}.sort.join ', ' }.sort.join ', '
missing = service_name.join ', ' missing = service_type.join ', '
message = "Could not find service #{missing}. Have #{available}" message = "Could not find service #{missing}. Have #{available}"
raise Errors::NotFound, message raise Fog::Errors::NotFound, message
end end
if service['endpoints'].count > 1 if service['endpoints'].count > 1
regions = service["endpoints"].map{ |e| e['region'] }.uniq.join(',') regions = service["endpoints"].map{ |e| e['region'] }.uniq.join(',')
raise Errors::NotFound.new("Multiple regions available choose one of these '#{regions}'") raise Fog::Errors::NotFound.new("Multiple regions available choose one of these '#{regions}'")
end end
identity_service = body['access']['serviceCatalog']. identity_service = get_service(body, identity_service_type) if identity_service_type
detect{|x| identity_service_name.include?(x['type']) } if identity_service_name
tenant = body['access']['token']['tenant'] tenant = body['access']['token']['tenant']
user = body['access']['user'] user = body['access']['user']
@ -157,6 +153,17 @@ module Fog
:current_user_id => body['access']['user']['id'], :current_user_id => body['access']['user']['id'],
:unscoped_token => options[:unscoped_token] :unscoped_token => options[:unscoped_token]
} }
end
def self.get_service(body, service_type=[], service_name=nil)
body['access']['serviceCatalog'].detect do |s|
if service_name.nil? or service_name.empty?
service_type.include?(s['type'])
else
service_type.include?(s['type']) and s['name'] == service_name
end
end
end end
def self.retrieve_tokens_v2(options, connection_options = {}) def self.retrieve_tokens_v2(options, connection_options = {})

25
lib/fog/openstack/compute.rb
View file

@ -7,7 +7,8 @@ module Fog
requires :openstack_auth_url requires :openstack_auth_url
recognizes :openstack_auth_token, :openstack_management_url, recognizes :openstack_auth_token, :openstack_management_url,
:persistent, :openstack_service_name, :openstack_tenant, :persistent, :openstack_service_type, :openstack_service_name,
:openstack_tenant,
:openstack_api_key, :openstack_username, :openstack_identity_endpoint, :openstack_api_key, :openstack_username, :openstack_identity_endpoint,
:current_user, :current_tenant, :openstack_region :current_user, :current_tenant, :openstack_region
@ -290,8 +291,9 @@ module Fog
@openstack_auth_uri = URI.parse(options[:openstack_auth_url]) @openstack_auth_uri = URI.parse(options[:openstack_auth_url])
@openstack_management_url = options[:openstack_management_url] @openstack_management_url = options[:openstack_management_url]
@openstack_must_reauthenticate = false @openstack_must_reauthenticate = false
@openstack_service_name = options[:openstack_service_name] || ['nova', 'compute'] @openstack_service_type = options[:openstack_service_type] || ['nova', 'compute']
@openstack_identity_service_name = options[:openstack_identity_service_name] || 'identity' @openstack_service_name = options[:openstack_service_name]
@openstack_identity_service_type = options[:openstack_identity_service_type] || 'identity'
@openstack_region = options[:openstack_region] @openstack_region = options[:openstack_region]
@connection_options = options[:connection_options] || {} @connection_options = options[:connection_options] || {}
@ -367,11 +369,13 @@ module Fog
:openstack_auth_uri => @openstack_auth_uri, :openstack_auth_uri => @openstack_auth_uri,
:openstack_region => @openstack_region, :openstack_region => @openstack_region,
:openstack_tenant => @openstack_tenant, :openstack_tenant => @openstack_tenant,
:openstack_service_type => @openstack_service_type,
:openstack_service_name => @openstack_service_name, :openstack_service_name => @openstack_service_name,
:openstack_identity_service_name => @openstack_identity_service_name :openstack_identity_service_type => @openstack_identity_service_type
} }
if @openstack_auth_uri.path =~ /\/v2.0\// if @openstack_auth_uri.path =~ /\/v2.0\//
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options) credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
else else
credentials = Fog::OpenStack.authenticate_v1(options, @connection_options) credentials = Fog::OpenStack.authenticate_v1(options, @connection_options)
@ -393,15 +397,20 @@ module Fog
@path.sub!(/\/$/, '') @path.sub!(/\/$/, '')
unless @path.match(/1\.1|v2/) unless @path.match(/1\.1|v2/)
raise Fog::Compute::OpenStack::ServiceUnavailable.new( raise Fog::OpenStack::Errors::ServiceUnavailable.new(
"OpenStack binding only supports version 2 (a.k.a. 1.1)") "OpenStack binding only supports version 2 (a.k.a. 1.1)")
end end
@port = uri.port @port = uri.port
@scheme = uri.scheme @scheme = uri.scheme
@identity_connection = Fog::Connection.new(
@openstack_identity_public_endpoint, # Not all implementations have identity service in the catalog
false, @connection_options) if @openstack_identity_public_endpoint
@identity_connection = Fog::Connection.new(
@openstack_identity_public_endpoint,
false, @connection_options)
end
true true
end end

6
lib/fog/openstack/identity.rb
View file

@ -6,7 +6,7 @@ module Fog
requires :openstack_auth_url requires :openstack_auth_url
recognizes :openstack_auth_token, :openstack_management_url, :persistent, recognizes :openstack_auth_token, :openstack_management_url, :persistent,
:openstack_service_name, :openstack_tenant, :openstack_service_type, :openstack_service_name, :openstack_tenant,
:openstack_api_key, :openstack_username, :openstack_current_user_id, :openstack_api_key, :openstack_username, :openstack_current_user_id,
:current_user, :current_tenant :current_user, :current_tenant
@ -186,7 +186,8 @@ module Fog
@openstack_auth_uri = URI.parse(options[:openstack_auth_url]) @openstack_auth_uri = URI.parse(options[:openstack_auth_url])
@openstack_management_url = options[:openstack_management_url] @openstack_management_url = options[:openstack_management_url]
@openstack_must_reauthenticate = false @openstack_must_reauthenticate = false
@openstack_service_name = options[:openstack_service_name] || ['identity'] @openstack_service_type = options[:openstack_service_type] || ['identity']
@openstack_service_name = options[:openstack_service_name]
@connection_options = options[:connection_options] || {} @connection_options = options[:connection_options] || {}
@ -260,6 +261,7 @@ module Fog
:openstack_auth_token => @openstack_auth_token, :openstack_auth_token => @openstack_auth_token,
:openstack_auth_uri => @openstack_auth_uri, :openstack_auth_uri => @openstack_auth_uri,
:openstack_tenant => @openstack_tenant, :openstack_tenant => @openstack_tenant,
:openstack_service_type => @openstack_service_type,
:openstack_service_name => @openstack_service_name, :openstack_service_name => @openstack_service_name,
:openstack_endpoint_type => 'adminURL' :openstack_endpoint_type => 'adminURL'
} }

6
lib/fog/openstack/image.rb
View file

@ -5,7 +5,7 @@ module Fog
class OpenStack < Fog::Service class OpenStack < Fog::Service
requires :openstack_auth_url requires :openstack_auth_url
recognizes :openstack_auth_token, :openstack_management_url, :persistent, recognizes :openstack_auth_token, :openstack_management_url, :persistent,
:openstack_service_name, :openstack_tenant, :openstack_service_type, :openstack_service_name, :openstack_tenant,
:openstack_api_key, :openstack_username, :openstack_api_key, :openstack_username,
:current_user, :current_tenant :current_user, :current_tenant
@ -109,7 +109,8 @@ module Fog
@openstack_auth_uri = URI.parse(options[:openstack_auth_url]) @openstack_auth_uri = URI.parse(options[:openstack_auth_url])
@openstack_management_url = options[:openstack_management_url] @openstack_management_url = options[:openstack_management_url]
@openstack_must_reauthenticate = false @openstack_must_reauthenticate = false
@openstack_service_name = options[:openstack_service_name] || ['image'] @openstack_service_type = options[:openstack_service_type] || ['image']
@openstack_service_name = options[:openstack_service_name]
@connection_options = options[:connection_options] || {} @connection_options = options[:connection_options] || {}
@ -179,6 +180,7 @@ module Fog
:openstack_username => @openstack_username, :openstack_username => @openstack_username,
:openstack_auth_uri => @openstack_auth_uri, :openstack_auth_uri => @openstack_auth_uri,
:openstack_auth_token => @openstack_auth_token, :openstack_auth_token => @openstack_auth_token,
:openstack_service_type => @openstack_service_type,
:openstack_service_name => @openstack_service_name, :openstack_service_name => @openstack_service_name,
:openstack_endpoint_type => 'adminURL' :openstack_endpoint_type => 'adminURL'
} }

8
lib/fog/openstack/network.rb
View file

@ -6,7 +6,7 @@ module Fog
requires :openstack_auth_url requires :openstack_auth_url
recognizes :openstack_auth_token, :openstack_management_url, :persistent, recognizes :openstack_auth_token, :openstack_management_url, :persistent,
:openstack_service_name, :openstack_tenant, :openstack_service_type, :openstack_service_name, :openstack_tenant,
:openstack_api_key, :openstack_username, :openstack_api_key, :openstack_username,
:current_user, :current_tenant :current_user, :current_tenant
@ -107,7 +107,8 @@ module Fog
@openstack_auth_uri = URI.parse(options[:openstack_auth_url]) @openstack_auth_uri = URI.parse(options[:openstack_auth_url])
@openstack_management_url = options[:openstack_management_url] @openstack_management_url = options[:openstack_management_url]
@openstack_must_reauthenticate = false @openstack_must_reauthenticate = false
@openstack_service_name = options[:openstack_service_name] || ['network'] @openstack_service_type = options[:openstack_service_type] || ['network']
@openstack_service_name = options[:openstack_service_name]
@connection_options = options[:connection_options] || {} @connection_options = options[:connection_options] || {}
@ -178,6 +179,7 @@ module Fog
:openstack_username => @openstack_username, :openstack_username => @openstack_username,
:openstack_auth_uri => @openstack_auth_uri, :openstack_auth_uri => @openstack_auth_uri,
:openstack_auth_token => @openstack_auth_token, :openstack_auth_token => @openstack_auth_token,
:openstack_service_type => @openstack_service_type,
:openstack_service_name => @openstack_service_name, :openstack_service_name => @openstack_service_name,
:openstack_endpoint_type => 'adminURL' :openstack_endpoint_type => 'adminURL'
} }
@ -231,4 +233,4 @@ module Fog
end end
end end
end end
end end

6
lib/fog/openstack/volume.rb
View file

@ -6,7 +6,7 @@ module Fog
requires :openstack_auth_url requires :openstack_auth_url
recognizes :openstack_auth_token, :openstack_management_url, :persistent, recognizes :openstack_auth_token, :openstack_management_url, :persistent,
:openstack_service_name, :openstack_tenant, :openstack_service_type, :openstack_service_name, :openstack_tenant,
:openstack_api_key, :openstack_username, :openstack_api_key, :openstack_username,
:current_user, :current_tenant :current_user, :current_tenant
@ -111,7 +111,8 @@ module Fog
@openstack_auth_uri = URI.parse(options[:openstack_auth_url]) @openstack_auth_uri = URI.parse(options[:openstack_auth_url])
@openstack_management_url = options[:openstack_management_url] @openstack_management_url = options[:openstack_management_url]
@openstack_must_reauthenticate = false @openstack_must_reauthenticate = false
@openstack_service_name = options[:openstack_service_name] || ['volume'] @openstack_service_type = options[:openstack_service_type] || ['volume']
@openstack_service_name = options[:openstack_service_name]
@connection_options = options[:connection_options] || {} @connection_options = options[:connection_options] || {}
@ -182,6 +183,7 @@ module Fog
:openstack_username => @openstack_username, :openstack_username => @openstack_username,
:openstack_auth_uri => @openstack_auth_uri, :openstack_auth_uri => @openstack_auth_uri,
:openstack_auth_token => @openstack_auth_token, :openstack_auth_token => @openstack_auth_token,
:openstack_service_type => @openstack_service_type,
:openstack_service_name => @openstack_service_name, :openstack_service_name => @openstack_service_name,
:openstack_endpoint_type => 'adminURL' :openstack_endpoint_type => 'adminURL'
} }

39
tests/openstack/authenticate_tests.rb
View file

@ -85,7 +85,7 @@ Shindo.tests('OpenStack | authenticate', ['openstack']) do
Fog::OpenStack.authenticate_v2( Fog::OpenStack.authenticate_v2(
:openstack_auth_uri => URI('http://example/v2.0/tokens'), :openstack_auth_uri => URI('http://example/v2.0/tokens'),
:openstack_tenant => 'admin', :openstack_tenant => 'admin',
:openstack_service_name => %w[compute]) :openstack_service_type => %w[compute])
end end
end end
@ -93,14 +93,47 @@ Shindo.tests('OpenStack | authenticate', ['openstack']) do
Excon.stub({ :method => 'POST', :path => "/v2.0/tokens" }, Excon.stub({ :method => 'POST', :path => "/v2.0/tokens" },
{ :status => 200, :body => Fog::JSON.encode(body) }) { :status => 200, :body => Fog::JSON.encode(body) })
raises(Fog::OpenStack::Errors::NotFound, raises(Fog::Errors::NotFound,
'Could not find service network. Have compute, image') do 'Could not find service network. Have compute, image') do
Fog::OpenStack.authenticate_v2( Fog::OpenStack.authenticate_v2(
:openstack_auth_uri => URI('http://example/v2.0/tokens'), :openstack_auth_uri => URI('http://example/v2.0/tokens'),
:openstack_tenant => 'admin', :openstack_tenant => 'admin',
:openstack_service_name => %w[network]) :openstack_service_type => %w[network])
end end
end end
tests("v2 auth with two compute services") do
body_clone = body.clone
body_clone["access"]["serviceCatalog"] <<
{
"endpoints" => [{
"adminURL" =>
"http://example2:8774/v2/#{tenant_token}",
"region" => "RegionOne",
"internalURL" =>
"http://example2:8774/v2/#{tenant_token}",
"id" => Fog::Mock.random_numbers(8).to_s,
"publicURL" =>
"http://example2:8774/v2/#{tenant_token}"
}],
"endpoints_links" => [],
"type" => "compute",
"name" => "nova2"
}
Excon.stub({ :method => 'POST', :path => "/v2.0/tokens" },
{ :status => 200, :body => Fog::JSON.encode(body_clone) })
returns("http://example2:8774/v2/#{tenant_token}") do
Fog::OpenStack.authenticate_v2(
:openstack_auth_uri => URI('http://example/v2.0/tokens'),
:openstack_tenant => 'admin',
:openstack_service_type => %w[compute],
:openstack_service_name => 'nova2')[:server_management_url]
end
end
ensure ensure
Excon.stubs.clear Excon.stubs.clear
Excon.defaults[:mock] = @old_mock_value Excon.defaults[:mock] = @old_mock_value