fog-openstack 0.1.31 → 0.2.0

data/lib/fog/openstack/auth/catalog.rb

@@ -0,0 +1,64 @@
+module Fog
+  module OpenStack
+    module Auth
+      module Catalog
+        attr_reader :payload
+
+        class CatalogError < RuntimeError; end
+        class EndpointError < RuntimeError; end
+        class ServiceTypeError < RuntimeError; end
+
+        def initialize(payload)
+          @payload = payload
+        end
+
+        def get_endpoint_url(names, interfaces, region = nil)
+          # TODO: Inject OpenStack Service Types Authority
+          names_list = if names.kind_of?(String)
+                         [names]
+                       else
+                         names
+                       end
+          entries = get_by_type(names_list)
+          raise ServiceTypeError, 'No endpoint match' if entries.empty?
+
+          interfaces_list = if interfaces.kind_of?(String)
+                              [interfaces]
+                            else
+                              interfaces
+                            end
+
+          list = []
+          interfaces_list.each do |interface|
+            val = get_endpoint(entries, interface, region)
+            list << val if val
+          end
+
+          raise EndpointError, 'No endpoint found' if list.empty?
+          list[0]
+        end
+
+        private
+
+        def get_by_type(names)
+          raise CatalogError, 'Empty content' unless @payload
+          @payload.select do |e|
+            names.include?(e['type'])
+          end
+        end
+
+        def get_endpoint(entries, interface, region)
+          list = []
+          entries.each do |type|
+            next unless type.key?('endpoints')
+            type['endpoints'].each do |endpoint|
+              list << endpoint_url(endpoint, interface) if endpoint_match?(endpoint, interface, region)
+            end
+          end
+          raise EndpointError, 'Multiple endpoints found' if list.size > 1
+          list[0]
+        end
+      end
+    end
+  end
+end

data/lib/fog/openstack/auth/catalog/v2.rb

@@ -0,0 +1,23 @@
+require 'fog/openstack/auth/catalog'
+
+module Fog
+  module OpenStack
+    module Auth
+      module Catalog
+        class V2
+          include Fog::OpenStack::Auth::Catalog
+
+          def endpoint_match?(endpoint, interface, region)
+            if endpoint.key?("#{interface}URL")
+              true unless !region.nil? && endpoint['region'] != region
+            end
+          end
+
+          def endpoint_url(endpoint, interface)
+            endpoint["#{interface}URL"]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/fog/openstack/auth/catalog/v3.rb

@@ -0,0 +1,23 @@
+require 'fog/openstack/auth/catalog'
+
+module Fog
+  module OpenStack
+    module Auth
+      module Catalog
+        class V3
+          include Fog::OpenStack::Auth::Catalog
+
+          def endpoint_match?(endpoint, interface, region)
+            if endpoint['interface'] == interface
+              true unless !region.nil? && endpoint['region'] != region
+            end
+          end
+
+          def endpoint_url(endpoint, _)
+            endpoint['url']
+          end
+        end
+      end
+    end
+  end
+end

data/lib/fog/openstack/auth/name.rb

@@ -0,0 +1,65 @@
+module Fog
+  module OpenStack
+    module Auth
+      class CredentialsError < RuntimeError; end
+
+      module Domain
+        attr_accessor :domain
+
+        def identity
+          data = {}
+          if !id.nil?
+            data.merge!(to_h(:id))
+          elsif !name.nil? && !domain.nil?
+            data.merge!(to_h(:name))
+            data[:domain] = @domain.identity
+          else
+            raise Fog::OpenStack::Auth::CredentialsError,
+                  "#{self.class}: An Id, or a name with its domain, must be provided"
+          end
+          data
+        end
+      end
+
+      Name = Struct.new(:id, :name)
+      class Name
+        def identity
+          return to_h(:id) unless id.nil?
+          return to_h(:name) unless name.nil?
+          raise Fog::OpenStack::Auth::CredentialsError, "#{self.class}: No available id or name"
+        end
+
+        def to_h(var)
+          {var => send(var)}
+        end
+      end
+
+      class DomainScope < Name
+        def identity
+          {:domain => super}
+        end
+      end
+
+      class ProjectScope < Name
+        include Fog::OpenStack::Auth::Domain
+
+        def identity
+          {:project => super}
+        end
+      end
+
+      class User < Name
+        include Fog::OpenStack::Auth::Domain
+
+        attr_accessor :password
+
+        def identity
+          data = super
+          raise CredentialsError, "#{self.class}: No password available" if password.nil?
+          data.merge!(to_h(:password))
+          {:user => data}
+        end
+      end
+    end
+  end
+end

data/lib/fog/openstack/auth/token.rb

@@ -0,0 +1,69 @@
+require 'fog/openstack/auth/token/v2'
+require 'fog/openstack/auth/token/v3'
+require 'fog/openstack/auth/catalog/v2'
+require 'fog/openstack/auth/catalog/v3'
+
+module Fog
+  module OpenStack
+    module Auth
+      module Token
+        attr_reader :catalog, :expires, :tenant, :token, :user, :data
+
+        class ExpiryError < RuntimeError; end
+        class StandardError < RuntimeError; end
+        class URLError < RuntimeError; end
+
+        def self.build(auth)
+          if auth[:openstack_tenant_id] || auth[:openstack_tenant]
+            Fog::OpenStack::Auth::Token::V2.new(auth)
+          else
+            Fog::OpenStack::Auth::Token::V3.new(auth)
+          end
+        end
+
+        def initialize(auth)
+          raise URLError, 'No URL provided' if auth[:openstack_auth_url].nil? || auth[:openstack_auth_url].empty?
+          @creds = {
+            :data => build_credentials(auth),
+            :uri  => URI.parse(auth[:openstack_auth_url])
+          }
+          response = authenticate(@creds)
+          set(response)
+        end
+
+        def get
+          set(authenticate(@creds)) if expired?
+          @token
+        end
+
+        private
+
+        def authenticate(creds)
+          connection_options = {}
+          connection = Fog::Core::Connection.new(creds[:uri].to_s, false, connection_options)
+
+          request = {
+            :expects => [200, 201],
+            :headers => {'Content-Type' => 'application/json'},
+            :body    => Fog::JSON.encode(creds[:data]),
+            :method  => 'POST',
+            :path    => creds[:uri].path + path
+          }
+
+          connection.request(request)
+        end
+
+        def expired?
+          if @expires.nil? || @expires.empty?
+            raise ExpiryError, 'Missing token expiration data'
+          end
+          Time.parse(@expires) < Time.now.utc
+        end
+
+        def refresh
+          raise StandardError, "__method__ not implemented yet!"
+        end
+      end
+    end
+  end
+end

data/lib/fog/openstack/auth/token/v2.rb

@@ -0,0 +1,70 @@
+require 'fog/openstack/auth/token'
+require 'fog/openstack/auth/name'
+
+module Fog
+  module OpenStack
+    module Auth
+      module Token
+        class CredentialsError < RuntimeError; end
+
+        class V2
+          include Fog::OpenStack::Auth::Token
+          attr_reader :tenant
+
+          def credentials
+            if @token
+              identity = {'token' => {'id' => @token}}
+            else
+              raise CredentialsError, "#{self.class}: User name is required" if @user.name.nil?
+              raise CredentialsError, "#{self.class}: User password is required" if @user.password.nil?
+              identity = {'passwordCredentials' => user_credentials}
+            end
+
+            if @tenant.id
+              identity['tenantId'] = @tenant.id
+            elsif @tenant.name
+              identity['tenantName'] = @tenant.name
+            else
+              raise CredentialsError, "#{self.class}: No tenant available"
+            end
+
+            {'auth' => identity}
+          end
+
+          def path
+            '/v2.0/tokens'
+          end
+
+          def user_credentials
+            {
+              'username' => @user.name,
+              'password' => @user.password
+            }
+          end
+
+          def set(response)
+            @data = Fog::JSON.decode(response.body)
+            @token   = @data['access']['token']['id']
+            @expires = @data['access']['token']['expires']
+            @tenant = @data['access']['token']['tenant']
+            @user = @data['access']['user']
+            catalog = @data['access']['serviceCatalog']
+            @catalog = Fog::OpenStack::Auth::Catalog::V2.new(catalog) if catalog
+          end
+
+          def build_credentials(auth)
+            if auth[:openstack_auth_token]
+              @token = auth[:openstack_auth_token]
+            else
+              @user = Fog::OpenStack::Auth::User.new(auth[:openstack_userid], auth[:openstack_username])
+              @user.password = auth[:openstack_api_key]
+            end
+
+            @tenant = Fog::OpenStack::Auth::Name.new(auth[:openstack_tenant_id], auth[:openstack_tenant])
+            credentials
+          end
+        end
+      end
+    end
+  end
+end

data/lib/fog/openstack/auth/token/v3.rb

@@ -0,0 +1,116 @@
+require 'fog/openstack/auth/token'
+require 'fog/openstack/auth/name'
+
+module Fog
+  module OpenStack
+    module Auth
+      module Token
+        class V3
+          include Fog::OpenStack::Auth::Token
+          attr_reader :domain, :project
+
+          # Default Domain ID
+          DOMAIN_ID = 'default'.freeze
+
+          def credentials
+            identity = if @token
+                         {
+                           'methods' => ['token'],
+                           'token'   => {'id' => @token}
+                         }
+                       else
+                         {
+                           'methods'  => ['password'],
+                           'password' => @user.identity
+                         }
+                       end
+
+            if scope
+              {
+                'auth' => {
+                  'identity' => identity,
+                  'scope'    => scope
+                }
+              }
+            else
+              {'auth' => {'identity' => identity}}
+            end
+          end
+
+          def path
+            '/v3/auth/tokens'
+          end
+
+          def scope
+            return @project.identity if @project
+            return @domain.identity if @domain
+          end
+
+          def set(response)
+            @data = Fog::JSON.decode(response.body)
+            @token = response.headers['x-subject-token']
+            @expires = @data['token']['expires_at']
+            @tenant = @data['token']['project']
+            @user = @data['token']['user']
+            catalog = @data['token']['catalog']
+            if catalog
+              @catalog = Fog::OpenStack::Auth::Catalog::V3.new(catalog)
+            end
+          end
+
+          def build_credentials(auth)
+            if auth[:openstack_project_id] || auth[:openstack_project_name]
+              # project scoped
+              @project = Fog::OpenStack::Auth::ProjectScope.new(
+                auth[:openstack_project_id],
+                auth[:openstack_project_name]
+              )
+              @project.domain = if auth[:openstack_project_domain_id] || auth[:openstack_project_domain_name]
+                                  Fog::OpenStack::Auth::Name.new(
+                                    auth[:openstack_project_domain_id],
+                                    auth[:openstack_project_domain_name]
+                                  )
+                                elsif auth[:openstack_domain_id] || auth[:openstack_domain_name]
+                                  Fog::OpenStack::Auth::Name.new(
+                                    auth[:openstack_domain_id],
+                                    auth[:openstack_domain_name]
+                                  )
+                                else
+                                  Fog::OpenStack::Auth::Name.new(DOMAIN_ID, nil)
+                                end
+            elsif auth[:openstack_domain_id] || auth[:openstack_domain_name]
+              # domain scoped
+              @domain = Fog::OpenStack::Auth::DomainScope.new(
+                auth[:openstack_domain_id],
+                auth[:openstack_domain_name]
+              )
+            end
+
+            if auth[:openstack_auth_token]
+              @token = auth[:openstack_auth_token]
+            else
+              @user = Fog::OpenStack::Auth::User.new(auth[:openstack_userid], auth[:openstack_username])
+              @user.password = auth[:openstack_api_key]
+
+              @user.domain = if auth[:openstack_user_domain_id] || auth[:openstack_user_domain_name]
+                               Fog::OpenStack::Auth::Name.new(
+                                 auth[:openstack_user_domain_id],
+                                 auth[:openstack_user_domain_name]
+                               )
+                             elsif auth[:openstack_domain_id] || auth[:openstack_domain_name]
+                               Fog::OpenStack::Auth::Name.new(
+                                 auth[:openstack_domain_id],
+                                 auth[:openstack_domain_name]
+                               )
+                             else
+                               Fog::OpenStack::Auth::Name.new(DOMAIN_ID, nil)
+                             end
+            end
+
+            credentials
+          end
+        end
+      end
+    end
+  end
+end

data/lib/fog/openstack/core.rb

@@ -15,56 +15,22 @@ module Fog
       attr_reader :openstack_user_domain_id
       attr_reader :openstack_project_id
       attr_reader :openstack_project_domain_id
-      attr_reader :openstack_identity_prefix
+      attr_reader :openstack_identity_api_version
 
       # fallback
       def self.not_found_class
         Fog::Compute::OpenStack::NotFound
       end
 
-      def initialize_identity(options)
-        # Create @openstack_* instance variables from all :openstack_* options
-        options.select { |x| x.to_s.start_with? 'openstack' }.each do |openstack_param, value|
-          instance_variable_set "@#{openstack_param}".to_sym, value
-        end
-
-        @auth_token ||= options[:openstack_auth_token]
-        @openstack_identity_public_endpoint = options[:openstack_identity_endpoint]
-
-        @openstack_auth_uri = URI.parse(options[:openstack_auth_url])
-        @openstack_must_reauthenticate = false
-        @openstack_endpoint_type = options[:openstack_endpoint_type] || 'publicURL'
-
-        @openstack_cache_ttl = options[:openstack_cache_ttl] || 0
-
-        if @auth_token
-          @openstack_can_reauthenticate = false
-        else
-          missing_credentials = []
-
-          missing_credentials << :openstack_api_key unless @openstack_api_key
-          unless @openstack_username || @openstack_userid
-            missing_credentials << 'openstack_username or openstack_userid'
-          end
-          raise ArgumentError, "Missing required arguments: #{missing_credentials.join(', ')}" unless missing_credentials.empty?
-          @openstack_can_reauthenticate = true
-        end
-
-        @current_user    = options[:current_user]
-        @current_user_id = options[:current_user_id]
-        @current_tenant  = options[:current_tenant]
-      end
-
       def credentials
         options = {
-          :provider                    => 'openstack',
-          :openstack_auth_url          => @openstack_auth_uri.to_s,
-          :openstack_auth_token        => @auth_token,
-          :openstack_identity_endpoint => @openstack_identity_public_endpoint,
-          :current_user                => @current_user,
-          :current_user_id             => @current_user_id,
-          :current_tenant              => @current_tenant,
-          :unscoped_token              => @unscoped_token
+          :provider             => 'openstack',
+          :openstack_auth_url   => @openstack_auth_uri.to_s,
+          :openstack_auth_token => @auth_token,
+          :current_user         => @current_user,
+          :current_user_id      => @current_user_id,
+          :current_tenant       => @current_tenant,
+          :unscoped_token       => @unscoped_token
         }
         openstack_options.merge options
       end
@@ -73,21 +39,28 @@ module Fog
         @connection.reset
       end
 
+      def initialize(options = {})
+        setup(options)
+        authenticate
+        @connection = Fog::Core::Connection.new(@openstack_management_url, @persistent, @connection_options)
+      end
+
       private
 
       def request(params, parse_json = true)
         retried = false
         begin
-          response = @connection.request(params.merge(
-                                           :headers => headers(params.delete(:headers)),
-                                           :path    => "#{@path}/#{params[:path]}"
-          ))
+          response = @connection.request(
+            params.merge(
+              :headers => headers(params.delete(:headers)),
+              :path    => "#{@path}/#{params[:path]}"
+            )
+          )
         rescue Excon::Errors::Unauthorized => error
           # token expiration and token renewal possible
           if error.response.body != 'Bad username or password' && @openstack_can_reauthenticate && !retried
             @openstack_must_reauthenticate = true
             authenticate
-            set_api_path
             retried = true
             retry
           # bad credentials or token renewal not possible
@@ -111,10 +84,6 @@ module Fog
         response
       end
 
-      def set_api_path
-        # if the service supports multiple versions, do the selection here
-      end
-
       def set_microversion
         @microversion_key          ||= 'Openstack-API-Version'.freeze
         @microversion_service_type ||= @openstack_service_type.first
@@ -172,44 +141,99 @@ module Fog
         options
       end
 
-      def authenticate
-        if !@openstack_management_url || @openstack_must_reauthenticate
+      def api_path_prefix
+        path = ''
+        if @openstack_management_uri && @openstack_management_uri.path != '/'
+          path = @openstack_management_uri.path
+        end
+        unless default_path_prefix.empty?
+          path << '/' + default_path_prefix
+        end
+        path
+      end
 
-          options = openstack_options
+      def default_endpoint_type
+        'public'
+      end
 
-          options[:openstack_auth_token] = @openstack_must_reauthenticate ? nil : @openstack_auth_token
+      def default_path_prefix
+        ''
+      end
 
-          credentials = Fog::OpenStack.authenticate(options, @connection_options)
+      def setup(options)
+        if options.respond_to?(:config_service?) && options.config_service?
+          configure(options)
+          return
+        end
 
-          @current_user = credentials[:user]
-          @current_user_id = credentials[:current_user_id]
-          @current_tenant = credentials[:tenant]
+        # Create @openstack_* instance variables from all :openstack_* options
+        options.select { |x| x.to_s.start_with? 'openstack' }.each do |openstack_param, value|
+          instance_variable_set "@#{openstack_param}".to_sym, value
+        end
 
+        @auth_token ||= options[:openstack_auth_token]
+        @openstack_must_reauthenticate = false
+        @openstack_endpoint_type = options[:openstack_endpoint_type] || 'public'
+        @openstack_cache_ttl = options[:openstack_cache_ttl] || 0
+
+        if @auth_token
+          @openstack_can_reauthenticate = false
+        else
+          missing_credentials = []
+
+          missing_credentials << :openstack_api_key unless @openstack_api_key
+          unless @openstack_username || @openstack_userid
+            missing_credentials << 'openstack_username or openstack_userid'
+          end
+          unless missing_credentials.empty?
+            raise ArgumentError, "Missing required arguments: #{missing_credentials.join(', ')}"
+          end
+          @openstack_can_reauthenticate = true
+        end
+
+        @current_user    = options[:current_user]
+        @current_user_id = options[:current_user_id]
+        @current_tenant  = options[:current_tenant]
+
+        @openstack_service_type = options[:openstack_service_type] || default_service_type
+        @openstack_endpoint_type = options[:openstack_endpoint_type] || default_endpoint_type
+        @openstack_endpoint_type.gsub!(/URL/, '')
+        @connection_options = options[:connection_options] || {}
+        @persistent = options[:persistent] || false
+      end
+
+      def authenticate
+        if !@openstack_management_url || @openstack_must_reauthenticate
+          @openstack_auth_token = nil if @openstack_must_reauthenticate
+
+          token = Fog::OpenStack::Auth::Token.build(openstack_options)
+
+          @openstack_management_url = if token.catalog
+                                        token.catalog.get_endpoint_url(
+                                          @openstack_service_type,
+                                          @openstack_endpoint_type,
+                                          @openstack_region
+                                        )
+                                      else
+                                        @openstack_auth_url
+                                      end
+
+          @current_user = token.user['name']
+          @current_user_id          = token.user['id']
+          @current_tenant           = token.tenant
+          @expires                  = token.expires
+          @auth_token               = token.token
+          @unscoped_token           = token.token
           @openstack_must_reauthenticate = false
-          @auth_token = credentials[:token]
-          @openstack_management_url = credentials[:server_management_url]
-          @unscoped_token = credentials[:unscoped_token]
         else
           @auth_token = @openstack_auth_token
         end
-        @openstack_management_uri = URI.parse(@openstack_management_url)
 
-        @host   = @openstack_management_uri.host
-        @path   = @openstack_management_uri.path
-        @path.sub!(%r{/$}, '')
-        @port   = @openstack_management_uri.port
-        @scheme = @openstack_management_uri.scheme
-
-        # Not all implementations have identity service in the catalog
-        if @openstack_identity_public_endpoint || @openstack_management_url
-          @identity_connection = Fog::Core::Connection.new(
-            @openstack_identity_public_endpoint || @openstack_management_url,
-            false, @connection_options
-          )
-        end
+        @openstack_management_uri = URI.parse(@openstack_management_url)
 
         # both need to be set in service's initialize for microversions to work
         set_microversion if @supported_microversion && @supported_versions
+        @path = api_path_prefix
 
         true
       end