mirror of
https://github.com/fog/fog.git
synced 2022-11-09 13:51:43 -05:00
Merge pull request #3507 from mikezuniga/master
Added support to request V3 tokens
This commit is contained in:
Wesley Beary
commit
f75b11be52
2 changed files with 168 additions and 7 deletions
|
|
@ -250,6 +250,7 @@ module Fog
|
|||
|
||||
def initialize(options={})
|
||||
@openstack_username = options[:openstack_username]
|
||||
@openstack_domain = options[:openstack_domain]
|
||||
@openstack_auth_uri = URI.parse(options[:openstack_auth_url])
|
||||
|
||||
@current_tenant = options[:openstack_tenant]
|
||||
|
|
@ -289,6 +290,7 @@ module Fog
|
|||
attr_reader :auth_token_expiration
|
||||
attr_reader :current_user
|
||||
attr_reader :current_tenant
|
||||
attr_reader :openstack_domain
|
||||
|
||||
def initialize(options={})
|
||||
@openstack_auth_token = options[:openstack_auth_token]
|
||||
|
|
@ -299,6 +301,7 @@ module Fog
|
|||
missing_credentials = Array.new
|
||||
@openstack_api_key = options[:openstack_api_key]
|
||||
@openstack_username = options[:openstack_username]
|
||||
@openstack_domain = options[:openstack_domain]
|
||||
|
||||
missing_credentials << :openstack_api_key unless @openstack_api_key
|
||||
missing_credentials << :openstack_username unless @openstack_username
|
||||
|
|
@ -306,6 +309,7 @@ module Fog
|
|||
end
|
||||
|
||||
@openstack_tenant = options[:openstack_tenant]
|
||||
@openstack_domain = options[:openstack_domain] || 'Default'
|
||||
@openstack_auth_uri = URI.parse(options[:openstack_auth_url])
|
||||
@openstack_management_url = options[:openstack_management_url]
|
||||
@openstack_must_reauthenticate = false
|
||||
|
|
@ -328,6 +332,7 @@ module Fog
|
|||
|
||||
def credentials
|
||||
{ :provider => 'openstack',
|
||||
:openstack_domain => @openstack_domain,
|
||||
:openstack_auth_url => @openstack_auth_uri.to_s,
|
||||
:openstack_auth_token => @auth_token,
|
||||
:openstack_management_url => @openstack_management_url,
|
||||
|
|
@ -383,6 +388,7 @@ module Fog
|
|||
options = {
|
||||
:openstack_api_key => @openstack_api_key,
|
||||
:openstack_username => @openstack_username,
|
||||
:openstack_domain => @openstack_domain,
|
||||
:openstack_auth_token => @openstack_must_reauthenticate ? nil : @auth_token,
|
||||
:openstack_auth_uri => @openstack_auth_uri,
|
||||
:openstack_region => @openstack_region,
|
||||
|
|
@ -396,6 +402,8 @@ module Fog
|
|||
if @openstack_auth_uri.path =~ /\/v2.0/
|
||||
|
||||
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
|
||||
elsif @openstack_auth_uri.path =~ /\/v3/
|
||||
credentials = Fog::OpenStack.authenticate_v3(options, @connection_options)
|
||||
else
|
||||
credentials = Fog::OpenStack.authenticate_v1(options, @connection_options)
|
||||
end
|
||||
|
|
@ -415,7 +423,7 @@ module Fog
|
|||
@path, @tenant_id = uri.path.scan(/(\/.*)\/(.*)/).flatten
|
||||
|
||||
@path.sub!(/\/$/, '')
|
||||
unless @path.match(/1\.1|v2/)
|
||||
unless @path.match(/1\.1|v2|v3/)
|
||||
raise Fog::OpenStack::Errors::ServiceUnavailable.new(
|
||||
"OpenStack binding only supports version 2 (a.k.a. 1.1)")
|
||||
end
|
||||
|
|
|
|||
|
|
@ -57,6 +57,10 @@ module Fog
|
|||
case options[:openstack_auth_uri].path
|
||||
when /v1(\.\d+)?/
|
||||
authenticate_v1(options, connection_options)
|
||||
when /v2(\.\d+)?/
|
||||
authenticate_v2(options, connection_options)
|
||||
when /v3(\.\d+)?/
|
||||
authenticate_v3(options, connection_options)
|
||||
else
|
||||
authenticate_v2(options, connection_options)
|
||||
end
|
||||
|
|
@ -169,13 +173,113 @@ module Fog
|
|||
}
|
||||
end
|
||||
|
||||
def self.get_service(body, service_type=[], service_name=nil)
|
||||
body['access']['serviceCatalog'].find do |s|
|
||||
if service_name.nil? or service_name.empty?
|
||||
service_type.include?(s['type'])
|
||||
else
|
||||
service_type.include?(s['type']) and s['name'] == service_name
|
||||
# Keystone Style Auth
|
||||
def self.authenticate_v3(options, connection_options = {})
|
||||
uri = options[:openstack_auth_uri]
|
||||
tenant_name = options[:openstack_tenant]
|
||||
service_type = options[:openstack_service_type]
|
||||
service_name = options[:openstack_service_name]
|
||||
identity_service_type = options[:openstack_identity_service_type]
|
||||
endpoint_type = (options[:openstack_endpoint_type] || 'public').to_s
|
||||
openstack_region = options[:openstack_region]
|
||||
domain_name = options[:openstack_domain]
|
||||
|
||||
body, token_headers = retrieve_tokens_v3(options, connection_options)
|
||||
|
||||
service = get_service(body, service_type, service_name)
|
||||
|
||||
options[:unscoped_token] = token_headers['X-Subject-Token']
|
||||
|
||||
unless service
|
||||
unless tenant_name
|
||||
response = Fog::Core::Connection.new(
|
||||
"#{uri.scheme}://#{uri.host}:#{uri.port}/v3/projects", false, connection_options).request({
|
||||
:expects => [200, 204],
|
||||
:headers => {'Content-Type' => 'application/json',
|
||||
'Accept' => 'application/json',
|
||||
'X-Auth-Token' => token_headers['X-Subject-Token']},
|
||||
:method => 'GET'
|
||||
})
|
||||
body = Fog::JSON.decode(response.body)
|
||||
if body['projects'].empty?
|
||||
raise Fog::Errors::NotFound.new('No Tenant Found')
|
||||
else
|
||||
options[:openstack_tenant] = body['projects'].first['name']
|
||||
end
|
||||
|
||||
end
|
||||
body, token_headers = retrieve_tokens_v3(options, connection_options)
|
||||
service = get_service(body, service_type, service_name)
|
||||
end
|
||||
|
||||
service['endpoints'] = service['endpoints'].select do |endpoint|
|
||||
endpoint['region'] == openstack_region
|
||||
end if openstack_region
|
||||
|
||||
if service['endpoints'].empty?
|
||||
raise Fog::Errors::NotFound.new("No endpoints available for region '#{openstack_region}'")
|
||||
end if openstack_region
|
||||
|
||||
unless service
|
||||
available = body['token']['catalog'].map { |endpoint|
|
||||
endpoint['type']
|
||||
}.sort.join ', '
|
||||
|
||||
missing = service_type.join ', '
|
||||
|
||||
message = "Could not find service #{missing}. Have #{available}"
|
||||
|
||||
raise Fog::Errors::NotFound, message
|
||||
end
|
||||
|
||||
admin = false
|
||||
body['token']['roles'].each do |r|
|
||||
admin = true if r["name"] == "admin"
|
||||
end
|
||||
|
||||
if service['endpoints'].count > 1 and not admin
|
||||
regions = service["endpoints"].map{ |e| e['region'] }.uniq.join(',')
|
||||
raise Fog::Errors::NotFound.new("Multiple regions available choose one of these '#{regions}'")
|
||||
end
|
||||
|
||||
identity_service = get_service(body, identity_service_type) if identity_service_type
|
||||
tenant = body['token']['project']['name']
|
||||
user = body['token']['user']['name']
|
||||
endpoint_type = 'public'
|
||||
|
||||
management_url = service['endpoints'].find{|s| s["interface"][endpoint_type]}["url"]
|
||||
identity_url = identity_service['endpoints'].find{|s| s["interface"]["public"]}["url"] if identity_service
|
||||
{
|
||||
:user => user,
|
||||
:tenant => tenant,
|
||||
:identity_public_endpoint => identity_url,
|
||||
:server_management_url => management_url,
|
||||
:token => token_headers['X-Subject-Token'],
|
||||
:expires => body['token']['expires_at'],
|
||||
:current_user_id => body['token']['user']['id'],
|
||||
:unscoped_token => options[:unscoped_token]
|
||||
}
|
||||
end
|
||||
|
||||
|
||||
def self.get_service(body, service_type=[], service_name=nil)
|
||||
if not body['access'].nil?
|
||||
body['access']['serviceCatalog'].find do |s|
|
||||
if service_name.nil? or service_name.empty?
|
||||
service_type.include?(s['type'])
|
||||
else
|
||||
service_type.include?(s['type']) and s['name'] == service_name
|
||||
end
|
||||
end
|
||||
elsif not body['token']['catalog'].nil?
|
||||
body['token']['catalog'].find do |s|
|
||||
if service_name.nil? or service_name.empty?
|
||||
service_type.include?(s['type'])
|
||||
else
|
||||
service_type.include?(s['type']) and s['name'] == service_name
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
|
|
@ -212,6 +316,55 @@ module Fog
|
|||
Fog::JSON.decode(response.body)
|
||||
end
|
||||
|
||||
def self.retrieve_tokens_v3(options, connection_options = {})
|
||||
api_key = options[:openstack_api_key].to_s
|
||||
username = options[:openstack_username].to_s
|
||||
tenant_name = options[:openstack_tenant].to_s
|
||||
auth_token = options[:openstack_auth_token] || options[:unscoped_token]
|
||||
uri = options[:openstack_auth_uri]
|
||||
domain = options[:openstack_domain]
|
||||
|
||||
connection = Fog::Core::Connection.new(uri.to_s, false, connection_options)
|
||||
request_body = {:auth => Hash.new}
|
||||
|
||||
if auth_token
|
||||
request_body[:auth][:token] = {
|
||||
:id => auth_token
|
||||
}
|
||||
else
|
||||
request_body[:auth][:identity] = {
|
||||
:methods => ["password"],
|
||||
:password => {
|
||||
:user => {
|
||||
:domain => {
|
||||
:name => domain
|
||||
},
|
||||
:name => username,
|
||||
:password => api_key
|
||||
}
|
||||
}
|
||||
}
|
||||
request_body[:auth][:scope] = {
|
||||
:project => {
|
||||
:domain => {
|
||||
:name => domain
|
||||
},
|
||||
:id => tenant_name
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
response = connection.request({
|
||||
:expects => [201],
|
||||
:headers => {'Content-Type' => 'application/json'},
|
||||
:body => Fog::JSON.encode(request_body),
|
||||
:method => 'POST',
|
||||
:path => (uri.path and not uri.path.empty?) ? uri.path : 'v3'
|
||||
})
|
||||
|
||||
return Fog::JSON.decode(response.body), response.headers
|
||||
end
|
||||
|
||||
def self.get_supported_version(supported_versions, uri, auth_token, connection_options = {})
|
||||
connection = Fog::Core::Connection.new("#{uri.scheme}://#{uri.host}:#{uri.port}", false, connection_options)
|
||||
response = connection.request({
|
||||
|
|
|
|||
Loading…
Reference in a new issue