fog-brightbox 1.4.2 → 1.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e093d1f19cc306dee85aed2df1cd8cdfd1103a4384732decce4a68855397bca5
-  data.tar.gz: 5672ef5e5d920037120861bfa1bda35ce4ffb6f1530cc62d61a0cb02aeb22d4e
+  metadata.gz: 4ed1e1f608af748e905cfeafeb9f1a72674074f11720c854988e324de9e1fa84
+  data.tar.gz: c078791baaf84d13fb09c1f0d8ff17b9c1116f247cfb8c73647b529b97ce3bea
 SHA512:
-  metadata.gz: cce99fc4e5978804b72374022bb42b43035709608012dbc4feb8791fa1b689d98aa2d7ee44289117986e457b8243453fe22a307b9012938a86c1485e5e43cd5d
-  data.tar.gz: df8c06dcc583f25291bf7bd89bea248ccd7f2f0e5675330bc82cb520e6d6ab946427bce9fbbd35ef4f279b165c06c4a4e7272060ae47e5a900b12b3447f3fcc6
+  metadata.gz: fbfd902483fc3bb101255c4915d8fec6e54c5edf2995f6aa1b0eebe510e210a0b6173b109aa19811fee8fabc1c5f05c294d36b49fbcc9b15056bedf22e1ebac2
+  data.tar.gz: e3b208fa57e74eca736fa8d53683cbfa78645a6aa75a15b680f59365bbd26538cbb373828f92ba4d6de7a79a867e2377500179c9ef18171c35748dd3fa759e17

data/CHANGELOG.md

@@ -1,3 +1,34 @@
+### 1.6.0 / 2022-07-25
+
+Changes:
+
+* Added support to opt-in to support Brightbox 2FA within clients.
+
+Two Factor Authentication (2FA) support:
+
+Passing `brightbox_support_two_factor` into a configuration will raise a new
+error when user authentication has failed BUT the presence of the
+`X-Brightbox-OTP: required` HTTP header is found.
+
+This new error `Fog::Brightbox::OAuth2::TwoFactorMissingError` can be handled
+differently by the client and the second factor can be prompted for or
+recovered from a secure keychain.
+
+Without opting in, the previous error `Excon::Errors::Unauthorized` is raised.
+
+To send the OTP, the `brightbox_one_time_password` can be passed into a
+configuration object or one_time_password can be passed to a credentials
+object.
+
+### 1.5.0 / 2022-06-09
+
+Changes:
+
+* Added support for `Volume` resources. These are dynamic, network attached
+  volumes. Servers with `nbs` (Network Block Storage) types can be created
+  from volumes. Additional volumes can be attached to a server. The volumes
+  can be quickly copied and resized.
+
 ### 1.4.2 / 2022-06-09
 
 Bug fixes:

data/lib/fog/brightbox/compute/shared.rb

@@ -39,21 +39,15 @@ module Fog
           @persistent          = @config.connection_persistent?
           @connection          = Fog::Core::Connection.new(@api_url, @persistent, @connection_options)
 
-          # Authentication options
-          client_id            = @config.client_id
-          client_secret        = @config.client_secret
-
-          username             = @config.username
-          password             = @config.password
           @configured_account  = @config.account
           # Request account can be changed at anytime and changes behaviour of future requests
           @scoped_account      = @configured_account
 
-          credential_options   = { :username => username, :password => password }
-          @credentials         = CredentialSet.new(client_id, client_secret, credential_options)
+          @two_factor          = @config.two_factor?
+          @one_time_password   = @config.one_time_password
 
           # If existing tokens have been cached, allow continued use of them in the service
-          @credentials.update_tokens(@config.cached_access_token, @config.cached_refresh_token)
+          credentials.update_tokens(@config.cached_access_token, @config.cached_refresh_token)
 
           @token_management    = @config.managed_tokens?
         end
@@ -73,6 +67,12 @@ module Fog
           @scoped_account = @configured_account
         end
 
+        def credentials
+          client_id = @config.client_id
+          client_secret = @config.client_secret
+          @credentials ||= CredentialSet.new(client_id, client_secret, credential_options)
+        end
+
         # Returns the scoped account being used for requests
         #
         # * For API clients this is the owning account
@@ -122,7 +122,7 @@ module Fog
         def get_access_token
           begin
             get_access_token!
-          rescue Excon::Errors::Unauthorized, Excon::Errors::BadRequest
+          rescue Fog::Brightbox::OAuth2::TwoFactorMissingError, Excon::Errors::Unauthorized, Excon::Errors::BadRequest
             @credentials.update_tokens(nil, nil)
           end
           @credentials.access_token
@@ -154,8 +154,24 @@ module Fog
           @default_image_id ||= (@config.default_image_id || select_default_image)
         end
 
+        def two_factor?
+          @two_factor || false
+        end
+
         private
 
+        # This returns a formatted set of options for the credentials for this service
+        #
+        # @return [Hash]
+        def credential_options
+          {
+            username: @config.username,
+            password: @config.password
+          }.tap do |opts|
+            opts[:one_time_password] = @one_time_password if two_factor?
+          end
+        end
+
         # This makes a request of the API based on the configured setting for
         # token management.
         #

data/lib/fog/brightbox/compute.rb

@@ -21,6 +21,10 @@ module Fog
       # Automatic token management
       recognizes :brightbox_token_management
 
+      # Two Factor Authentication support (2FA)
+      recognizes :brightbox_support_two_factor
+      recognizes :brightbox_one_time_password
+
       # Excon connection settings
       recognizes :persistent
 
@@ -63,6 +67,8 @@ module Fog
       model :user
       collection :user_collaborations
       model :user_collaboration
+      collection :volumes
+      model :volume
 
       request_path "fog/brightbox/requests/compute"
       request :accept_user_collaboration
@@ -72,7 +78,9 @@ module Fog
       request :add_servers_server_group
       request :apply_to_firewall_policy
       request :accept_user_collaboration
+      request :attach_volume
       request :remove_firewall_policy
+      request :copy_volume
       request :create_api_client
       request :create_application
       request :create_cloud_ip
@@ -84,6 +92,7 @@ module Fog
       request :create_database_server
       request :create_server
       request :create_server_group
+      request :create_volume
       request :delete_api_client
       request :delete_application
       request :delete_cloud_ip
@@ -97,6 +106,8 @@ module Fog
       request :delete_server
       request :delete_server_group
       request :delete_user_collaboration
+      request :delete_volume
+      request :detach_volume
       request :get_account
       request :get_api_client
       request :get_application
@@ -117,6 +128,7 @@ module Fog
       request :get_server_type
       request :get_user
       request :get_user_collaboration
+      request :get_volume
       request :get_zone
       request :list_accounts
       request :list_api_clients
@@ -135,12 +147,14 @@ module Fog
       request :list_servers
       request :list_users
       request :list_user_collaborations
+      request :list_volumes
       request :list_zones
       request :lock_resource_database_server
       request :lock_resource_database_snapshot
       request :lock_resource_image
       request :lock_resource_load_balancer
       request :lock_resource_server
+      request :lock_resource_volume
       request :map_cloud_ip
       request :move_servers_server_group
       request :reboot_server
@@ -156,6 +170,7 @@ module Fog
       request :reset_secret_application
       request :reset_server
       request :resend_collaboration
+      request :resize_volume
       request :reject_user_collaboration
       request :shutdown_server
       request :snapshot_database_server
@@ -167,6 +182,7 @@ module Fog
       request :unlock_resource_image
       request :unlock_resource_load_balancer
       request :unlock_resource_server
+      request :unlock_resource_volume
       request :unmap_cloud_ip
       request :update_account
       request :update_api_client
@@ -182,6 +198,7 @@ module Fog
       request :update_server
       request :update_server_group
       request :update_user
+      request :update_volume
 
       # The Mock Service allows you to run a fake instance of the Service
       # which makes no real connections.

data/lib/fog/brightbox/config.rb

@@ -33,6 +33,10 @@ module Fog
       #   Set to specify the client secret to use for requests.
       # @option options [String] :brightbox_token_management (true)
       #   Set to specify if the service should handle expired tokens or raise an error instead.
+      # @option options [Boolean] :brightbox_support_two_factor
+      #   Set to enable two factor authentication (2FA) for this configuration/user
+      # @option options [String] :brightbox_one_time_password
+      #   Set to pass through the current one time password when using 2FA
       # @option options [String] :brightbox_username
       #   Set to specify your user account. Either user identifier (+usr-12345+) or email address
       #   may be used.
@@ -226,6 +230,14 @@ module Fog
       def storage_temp_key
         @options[:brightbox_temp_url_key]
       end
+
+      def two_factor?
+        @options[:brightbox_support_two_factor] || false
+      end
+
+      def one_time_password
+        @options[:brightbox_one_time_password]
+      end
     end
   end
 end

data/lib/fog/brightbox/models/compute/server.rb

@@ -7,6 +7,8 @@ module Fog
         include Fog::Brightbox::ModelHelper
         include Fog::Brightbox::Compute::ResourceLocking
 
+        attr_accessor :volume_id
+
         identity :id
         attribute :resource_type
         attribute :url
@@ -38,6 +40,7 @@ module Fog
         attribute :cloud_ips
         attribute :interfaces
         attribute :server_groups
+        attribute :volumes
         attribute :zone
         attribute :server_type
 
@@ -181,7 +184,6 @@ module Fog
           raise Fog::Errors::Error.new("Resaving an existing object may create a duplicate") if persisted?
           requires :image_id
           options = {
-            :image => image_id,
             :name => name,
             :zone => zone_id,
             :user_data => user_data,
@@ -192,6 +194,12 @@ module Fog
           options.merge!(:cloud_ip => cloud_ip) unless cloud_ip.nil? || cloud_ip == ""
           options.merge!(:disk_encrypted => disk_encrypted) if disk_encrypted
 
+          if volume_id
+            options.merge!(:volumes => [:volume => volume_id])
+          else
+            options.merge!(:image => image_id)
+          end
+
           data = service.create_server(options)
           merge_attributes(data)
           true

data/lib/fog/brightbox/models/compute/volume.rb

@@ -0,0 +1,152 @@
+module Fog
+  module Brightbox
+    class Compute
+      class Volume < Fog::Brightbox::Model
+        include Fog::Brightbox::Compute::ResourceLocking
+
+        identity :id
+        attribute :url
+        attribute :resource_type
+
+        attribute :name
+        attribute :state, :aliases => "status"
+
+        attribute :description
+        attribute :filesystem_label
+        attribute :filesystem_type
+        attribute :serial
+        attribute :size
+        attribute :source
+        attribute :source_type
+        attribute :storage_type
+
+        attribute :boot
+        attribute :delete_with_server
+        attribute :encrypted
+
+        # Times
+        attribute :created_at, :type => :time
+        attribute :updated_at, :type => :time
+        attribute :deleted_at, :type => :time
+
+        # Links
+        attribute :account_id, :aliases => "account", :squash => "id"
+        attribute :image_id, :aliases => "image", :squash => "id"
+        attribute :server_id, :aliases => "server", :squash => "id"
+
+        def attach(server)
+          requires :identity
+          data = service.attach_volume(identity, server: server.id)
+          merge_attributes(data)
+          true
+        end
+
+        def attached?
+          state == "attached"
+        end
+
+        # @param [Hash] options
+        # @option options [Boolean] :delete_with_server Set +true+ the volume will be removed if attached to a server that is deleted
+        # @option options [String] :description
+        # @option options [String] :name
+        # @option options [String] :serial
+        #
+        # @return [Fog::Compute::Volume] a new model for the copy
+        def copy(options = {})
+          requires :identity
+          data = service.copy_volume(identity, options)
+          service.volumes.new(data)
+        end
+
+        def creating?
+          state == "creating"
+        end
+
+        def deleted?
+          state == "deleted"
+        end
+
+        def deleting?
+          state == "deleting"
+        end
+
+        def detach
+          requires :identity
+          data = service.detach_volume(identity)
+          merge_attributes(data)
+          true
+        end
+
+        def detached?
+          state == "detached"
+        end
+
+        def failed?
+          state == "failed"
+        end
+
+        def finished?
+          deleted? || failed?
+        end
+
+        def ready?
+          attached? || detached?
+        end
+
+        # @param [Hash] options
+        # @option options [Integer] :to The new size in MiB to change the volume to
+        def resize(options)
+          requires :identity
+
+          # The API requires the old "from" size to avoid acting on stale data
+          # We can merge this and if the API rejects the request, the model was out of sync
+          options.merge!(:from => size)
+
+          data = service.resize_volume(identity, options)
+          merge_attributes(data)
+          true
+        end
+
+        def save
+          if persisted?
+            options = {
+              :delete_with_server => delete_with_server,
+              :description => description,
+              :name => name,
+              :serial => serial
+            }.delete_if { |_k, v| v.nil? || v == "" }
+
+            data = service.update_volume(identity, options)
+          else
+            raise Fog::Errors::Error.new("'image_id' and 'filesystem_type' are mutually exclusive") if image_id && filesystem_type
+            raise Fog::Errors::Error.new("'image_id' or 'filesystem_type' is required") unless image_id || filesystem_type
+
+            options = {
+              :delete_with_server => delete_with_server,
+              :description => description,
+              :filesystem_label => filesystem_label,
+              :filesystem_type => filesystem_type,
+              :name => name,
+              :serial => serial,
+              :size => size
+            }.delete_if { |_k, v| v.nil? || v == "" }
+
+            options.merge!(:image => image_id) unless image_id.nil? || image_id == ""
+
+            data = service.create_volume(options)
+          end
+
+          merge_attributes(data)
+          true
+        end
+
+        def destroy
+          requires :identity
+          data = service.delete_volume(identity)
+          merge_attributes(data)
+          true
+        end
+      end
+    end
+  end
+end

data/lib/fog/brightbox/models/compute/volumes.rb

@@ -0,0 +1,23 @@
+require "fog/brightbox/models/compute/volume"
+
+module Fog
+  module Brightbox
+    class Compute
+      class Volumes < Fog::Collection
+        model Fog::Brightbox::Compute::Volume
+
+        def all
+          data = service.list_volumes
+          load(data)
+        end
+
+        def get(identifier)
+          data = service.get_volume(identifier)
+          new(data)
+        rescue Excon::Errors::NotFound
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/fog/brightbox/oauth2.rb

@@ -6,6 +6,10 @@ module Fog
     # @see http://tools.ietf.org/html/draft-ietf-oauth-v2-10
     #
     module OAuth2
+      TWO_FACTOR_HEADER = "X-Brightbox-OTP".freeze
+
+      class TwoFactorMissingError < StandardError; end
+
       # This builds the simplest form of requesting an access token
       # based on the arguments passed in
       #
@@ -13,16 +17,38 @@ module Fog
       # @param [CredentialSet] credentials
       #
       # @return [Excon::Response]
+      # @raise [Excon::Errors::Unauthorized] if the credentials are rejected by the server
+      # @raise [Fog::Brightbox::OAuth2::TwoFactorMissingError] if opted in to 2FA and server reports header is required
       def request_access_token(connection, credentials)
         token_strategy = credentials.best_grant_strategy
 
-        connection.request(
-          :path => "/token",
-          :expects  => 200,
-          :headers  => token_strategy.headers,
-          :method   => "POST",
-          :body     => Fog::JSON.encode(token_strategy.authorization_body_data)
-        )
+        if two_factor?
+          # When 2FA opt-in is set, we can expect 401 responses as well
+          response = connection.request(
+            :path => "/token",
+            :expects  => [200, 401],
+            :headers  => token_strategy.headers,
+            :method   => "POST",
+            :body     => Fog::JSON.encode(token_strategy.authorization_body_data)
+          )
+
+          if response.status == 401 && response.headers[Fog::Brightbox::OAuth2::TWO_FACTOR_HEADER] == "required"
+            raise TwoFactorMissingError
+          elsif response.status == 401
+            raise Excon::Errors.status_error({ expects: 200 }, status: 401)
+          else
+            response
+          end
+        else
+          # Use classic behaviour and return Excon::
+          connection.request(
+            :path => "/token",
+            :expects  => 200,
+            :headers  => token_strategy.headers,
+            :method   => "POST",
+            :body     => Fog::JSON.encode(token_strategy.authorization_body_data)
+          )
+        end
       end
 
       # Encapsulates credentials required to request access tokens from the
@@ -33,12 +59,14 @@ module Fog
       class CredentialSet
         attr_reader :client_id, :client_secret, :username, :password
         attr_reader :access_token, :refresh_token, :expires_in
+        attr_reader :one_time_password
         #
         # @param [String] client_id
         # @param [String] client_secret
         # @param [Hash] options
         # @option options [String] :username
         # @option options [String] :password
+        # @option options [String] :one_time_password One Time Password for Two Factor authentication
         #
         def initialize(client_id, client_secret, options = {})
           @client_id     = client_id
@@ -48,6 +76,7 @@ module Fog
           @access_token  = options[:access_token]
           @refresh_token = options[:refresh_token]
           @expires_in    = options[:expires_in]
+          @one_time_password = options[:one_time_password]
         end
 
         # Returns true if user details are available
@@ -142,6 +171,17 @@ module Fog
             "password"   => @credentials.password
           }
         end
+
+        def headers
+          {
+            "Authorization" => authorization_header,
+            "Content-Type" => "application/json"
+          }.tap do |headers|
+            if @credentials.one_time_password
+              headers[TWO_FACTOR_HEADER] = @credentials.one_time_password
+            end
+          end
+        end
       end
 
       # This strategy attempts to use a refresh_token gained during an earlier

data/lib/fog/brightbox/requests/compute/attach_volume.rb

@@ -0,0 +1,23 @@
+module Fog
+  module Brightbox
+    class Compute
+      class Real
+        # Attach a detached server to a nominated server
+        #
+        # @param [String] identifier Unique reference to identify the resource
+        # @param [Hash] options
+        # @option options [Boolean] :nested passed through with the API request. When true nested resources are expanded.
+        # @option options [String] :server The identifier of the server
+        # @option options [Boolean] :boot Set +true+ to attach as boot volume. Only when server is stopped
+        #
+        # @return [Hash] if successful Hash version of JSON object
+        # @return [NilClass] if no options were passed
+        #
+        def attach_volume(identifier, options)
+          return nil if identifier.nil? || identifier == ""
+          wrapped_request("post", "/1.0/volumes/#{identifier}/attach", [202], options)
+        end
+      end
+    end
+  end
+end

data/lib/fog/brightbox/requests/compute/copy_volume.rb

@@ -0,0 +1,25 @@
+module Fog
+  module Brightbox
+    class Compute
+      class Real
+        # Copy a volume and create a new one
+        #
+        # @param [String] identifier Unique reference to identify the resource
+        # @param [Hash] options
+        # @option options [Boolean] :nested passed through with the API request. When true nested resources are expanded.
+        # @option options [Boolean] :delete_with_server Set +true+ the volume will be removed if attached to a server that is deleted
+        # @option options [String] :description
+        # @option options [String] :name
+        # @option options [String] :serial
+        #
+        # @return [Hash] if successful Hash version of JSON object
+        # @return [NilClass] if no options were passed
+        #
+        def copy_volume(identifier, options)
+          return nil if identifier.nil? || identifier == ""
+          wrapped_request("post", "/1.0/volumes/#{identifier}/copy", [202], options)
+        end
+      end
+    end
+  end
+end

data/lib/fog/brightbox/requests/compute/create_volume.rb

@@ -0,0 +1,25 @@
+module Fog
+  module Brightbox
+    class Compute
+      class Real
+        # Create a new volume
+        #
+        # @param [String] identifier Unique reference to identify the resource
+        # @param [Hash] options
+        # @option options [Boolean] :nested passed through with the API request. When true nested resources are expanded.
+        # @option options [Boolean] :delete_with_server Set +true+ the volume will be removed if attached to a server that is deleted
+        # @option options [String] :description
+        # @option options [String] :name
+        # @option options [String] :serial
+        #
+        # @return [Hash] if successful Hash version of JSON object
+        # @return [NilClass] if no options were passed
+        #
+        def create_volume(options)
+          return nil if options.empty? || options.nil?
+          wrapped_request("post", "/1.0/volumes", [202], options)
+        end
+      end
+    end
+  end
+end

data/lib/fog/brightbox/requests/compute/delete_volume.rb

@@ -0,0 +1,20 @@
+module Fog
+  module Brightbox
+    class Compute
+      class Real
+        # Destroy the volume and free up the resources.
+        #
+        # @param [String] identifier Unique reference to identify the resource
+        # @param [Hash] options
+        # @option options [Boolean] :nested passed through with the API request. When true nested resources are expanded.
+        #
+        # @return [Hash] if successful Hash version of JSON object
+        #
+        def delete_volume(identifier, options = {})
+          return nil if identifier.nil? || identifier == ""
+          wrapped_request("delete", "/1.0/volumes/#{identifier}", [202], options)
+        end
+      end
+    end
+  end
+end

data/lib/fog/brightbox/requests/compute/detach_volume.rb

@@ -0,0 +1,21 @@
+module Fog
+  module Brightbox
+    class Compute
+      class Real
+        # Detach the volume from its server
+        #
+        # @param [String] identifier Unique reference to identify the resource
+        # @param [Hash] options
+        # @option options [Boolean] :nested passed through with the API request. When true nested resources are expanded.
+        #
+        # @return [Hash] if successful Hash version of JSON object
+        # @return [NilClass] if no options were passed
+        #
+        def detach_volume(identifier, options = {})
+          return nil if identifier.nil? || identifier == ""
+          wrapped_request("post", "/1.0/volumes/#{identifier}/detach", [202], options)
+        end
+      end
+    end
+  end
+end

data/lib/fog/brightbox/requests/compute/get_volume.rb

@@ -0,0 +1,20 @@
+module Fog
+  module Brightbox
+    class Compute
+      class Real
+        # Get full details of the volume.
+        #
+        # @param [String] identifier Unique reference to identify the resource
+        # @param [Hash] options
+        # @option options [Boolean] :nested passed through with the API request. When true nested resources are expanded.
+        #
+        # @return [Hash] if successful Hash version of JSON object
+        #
+        def get_volume(identifier, options = {})
+          return nil if identifier.nil? || identifier == ""
+          wrapped_request("get", "/1.0/volumes/#{identifier}", [200], options)
+        end
+      end
+    end
+  end
+end