kotovalexarian-likes-github/fog--fog
1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00
Code Releases Activity
fog--fog/lib/fog/openstack/identity.rb
Dan Prince ba26129001 OpenStack auth updates to select by service name. 
This patch updates the OpenStack auth implementation so that
it supports selecting API service by both 'name' and 'type'.

Previously the implementation was confusing because it
used a config param called :openstack_service_name to
select the service 'type' from the catalog. This patch
swaps it so that :openstack_service_name actually selects
by 'name'.

The previous logic to select service by type ('compute' for example)
has been preserved in a new :openstack_service_type parameter.
This option is used just as it was before for backwards compatability.

This change is potentially breaking for anyone previously using
:openstack_service_name (which I don't think is that common but is
possible). As such we should probably make a release note saying
that previous users of :openstack_service_name should migrate to
use :openstack_service_type instead.
2012-12-10 07:55:54 -05:00

296 lines
9.9 KiB
Ruby
Raw Blame History

require 'fog/openstack'
module Fog
module Identity
class OpenStack < Fog::Service
requires :openstack_auth_url
recognizes :openstack_auth_token, :openstack_management_url, :persistent,
:openstack_service_type, :openstack_service_name, :openstack_tenant,
:openstack_api_key, :openstack_username, :openstack_current_user_id,
:current_user, :current_tenant
model_path 'fog/openstack/models/identity'
model :tenant
collection :tenants
model :user
collection :users
model :role
collection :roles
model :ec2_credential
collection :ec2_credentials
request_path 'fog/openstack/requests/identity'
request :check_token
request :validate_token
request :list_tenants
request :create_tenant
request :get_tenant
request :get_tenants_by_id
request :get_tenants_by_name
request :update_tenant
request :delete_tenant
request :list_users
request :create_user
request :update_user
request :delete_user
request :get_user_by_id
request :get_user_by_name
request :add_user_to_tenant
request :remove_user_from_tenant
request :list_endpoints_for_token
request :list_roles_for_user_on_tenant
request :list_user_global_roles
request :create_role
request :delete_role
request :delete_user_role
request :create_user_role
request :get_role
request :list_roles
request :set_tenant
request :create_ec2_credential
request :delete_ec2_credential
request :get_ec2_credential
request :list_ec2_credentials
class Mock
attr_reader :auth_token
attr_reader :unscoped_token
attr_reader :auth_token_expiration
attr_reader :current_user
attr_reader :current_tenant
attr_reader :unscoped_token
def self.data
@users ||= {}
@roles ||= {}
@tenants ||= {}
@ec2_credentials ||= Hash.new { |hash, key| hash[key] = {} }
@user_tenant_membership ||= {}
@data ||= Hash.new do |hash, key|
hash[key] = {
:users => @users,
:roles => @roles,
:tenants => @tenants,
:ec2_credentials => @ec2_credentials,
:user_tenant_membership => @user_tenant_membership
}
end
end
def self.reset!
@data = nil
@users = nil
@roles = nil
@tenants = nil
@ec2_credentials = nil
end
def initialize(options={})
require 'multi_json'
@openstack_username = options[:openstack_username] || 'admin'
@openstack_tenant = options[:openstack_tenant] || 'admin'
@openstack_auth_uri = URI.parse(options[:openstack_auth_url])
@openstack_management_url = @openstack_auth_uri.to_s
@auth_token = Fog::Mock.random_base64(64)
@auth_token_expiration = (Time.now.utc + 86400).iso8601
@admin_tenant = self.data[:tenants].values.find do |u|
u['name'] == 'admin'
end
if @openstack_tenant
@current_tenant = self.data[:tenants].values.find do |u|
u['name'] == @openstack_tenant
end
unless @current_tenant
@current_tenant_id = Fog::Mock.random_hex(32)
@current_tenant = self.data[:tenants][@current_tenant_id] = {
'id' => @current_tenant_id,
'name' => @openstack_tenant
}
else
@current_tenant_id = @current_tenant['id']
end
else
@current_tenant = @admin_tenant
end
@current_user = self.data[:users].values.find do |u|
u['name'] == @openstack_username
end
@current_tenant_id = Fog::Mock.random_hex(32)
unless @current_user
@current_user_id = Fog::Mock.random_hex(32)
@current_user = self.data[:users][@current_user_id] = {
'id' => @current_user_id,
'name' => @openstack_username,
'email' => "#{@openstack_username}@mock.com",
'tenantId' => Fog::Mock.random_numbers(6).to_s,
'enabled' => true
}
else
@current_user_id = @current_user['id']
end
end
def data
self.class.data[@openstack_username]
end
def reset_data
self.class.data.delete(@openstack_username)
end
def credentials
{ :provider => 'openstack',
:openstack_auth_url => @openstack_auth_uri.to_s,
:openstack_auth_token => @auth_token,
:openstack_management_url => @openstack_management_url,
:openstack_current_user_id => @openstack_current_user_id,
:current_user => @current_user,
:current_tenant => @current_tenant}
end
end
class Real
attr_reader :current_user
attr_reader :current_tenant
attr_reader :unscoped_token
def initialize(options={})
@openstack_auth_token = options[:openstack_auth_token]
unless @openstack_auth_token
missing_credentials = Array.new
@openstack_api_key = options[:openstack_api_key]
@openstack_username = options[:openstack_username]
missing_credentials << :openstack_api_key unless @openstack_api_key
missing_credentials << :openstack_username unless @openstack_username
raise ArgumentError, "Missing required arguments: #{missing_credentials.join(', ')}" unless missing_credentials.empty?
end
@openstack_tenant = options[:openstack_tenant]
@openstack_auth_uri = URI.parse(options[:openstack_auth_url])
@openstack_management_url = options[:openstack_management_url]
@openstack_must_reauthenticate = false
@openstack_service_type = options[:openstack_service_type] || ['identity']
@openstack_service_name = options[:openstack_service_name]
@connection_options = options[:connection_options] || {}
@openstack_current_user_id = options[:openstack_current_user_id]
@current_user = options[:current_user]
@current_tenant = options[:current_tenant]
authenticate
@persistent = options[:persistent] || false
@connection = Fog::Connection.new("#{@scheme}://#{@host}:#{@port}", @persistent, @connection_options)
end
def credentials
{ :provider => 'openstack',
:openstack_auth_url => @openstack_auth_uri.to_s,
:openstack_auth_token => @auth_token,
:openstack_management_url => @openstack_management_url,
:openstack_current_user_id => @openstack_current_user_id,
:current_user => @current_user,
:current_tenant => @current_tenant }
end
def reload
@connection.reset
end
def request(params)
retried = false
begin
response = @connection.request(params.merge({
:headers => {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'X-Auth-Token' => @auth_token
}.merge!(params[:headers] || {}),
:host => @host,
:path => "#{@path}/#{params[:path]}"#,
# Causes errors for some requests like tenants?limit=1
# :query => ('ignore_awful_caching' << Time.now.to_i.to_s)
}))
rescue Excon::Errors::Unauthorized => error
raise if retried
retried = true
@openstack_must_reauthenticate = true
authenticate
retry
rescue Excon::Errors::HTTPStatusError => error
raise case error
when Excon::Errors::NotFound
Fog::Identity::OpenStack::NotFound.slurp(error)
else
error
end
end
unless response.body.empty?
response.body = MultiJson.decode(response.body)
end
response
end
private
def authenticate
if !@openstack_management_url || @openstack_must_reauthenticate
options = {
:openstack_api_key => @openstack_api_key,
:openstack_username => @openstack_username,
:openstack_auth_token => @openstack_auth_token,
:openstack_auth_uri => @openstack_auth_uri,
:openstack_tenant => @openstack_tenant,
:openstack_service_type => @openstack_service_type,
:openstack_service_name => @openstack_service_name,
:openstack_endpoint_type => 'adminURL'
}
credentials = Fog::OpenStack.authenticate_v2(options, @connection_options)
@current_user = credentials[:user]
@current_tenant = credentials[:tenant]
@openstack_must_reauthenticate = false
@auth_token = credentials[:token]
@openstack_management_url = credentials[:server_management_url]
@openstack_current_user_id = credentials[:current_user_id]
@unscoped_token = credentials[:unscoped_token]
uri = URI.parse(@openstack_management_url)
else
@auth_token = @openstack_auth_token
uri = URI.parse(@openstack_management_url)
end
@host = uri.host
@path = uri.path
@path.sub!(/\/$/, '')
@port = uri.port
@scheme = uri.scheme
true
end
end
end
end
end
View git blame Copy permalink