fog-proxmox 0.13.0 → 0.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6c14d0c2b9706b9ccf13d70fb4b3f06496d74ab2469c93eed134e9ec1beffb37
-  data.tar.gz: d7919eb9e2d9dff9a92f4377ef9bb0b101b5994b8e459b36443bb1881b6a3387
+  metadata.gz: 2e153a5fb10f314d09cc54eec5e8b2a6733120fe5c82ab6a809f203d2211fbfa
+  data.tar.gz: 7f2aa37e3830abb05c6717dc3f9e1705bfb8aebfa6cf52b2726a81a430ce1ac9
 SHA512:
-  metadata.gz: d4fe53a4bd62f5a3664287d9b3a7683379537bddf315a907e8ee80ead4f2c00e76168e9da34c9fb4cdd2a1ad3b31aba4adc465622ca691d7f4db870a5c80755b
-  data.tar.gz: 77cc6f9f1da87e845ddc442372fe827c58684aab525acf5f4c97fc2793e6f1ae4050cbbbfb3465f7e1e5b615b89c9ad521c1fdc56d143b37fa1a02086d347ef9
+  metadata.gz: 615ea980593082a11de74ad48d342df7ea3d5af4a39c9ae467280990ec6fcbc54c6589fe40e824b0ce7429f041707eb6953f71eb6bc3bcd23146ba37d3d98737
+  data.tar.gz: 73174f09ca4246a44b357d2f6c9b86daf01808623766877f04b59f210dcb581f056b32954aa9d2e919384d7a371bb0edbc720d3196867b9631cf8375d8f76e79

data/README.md

@@ -22,6 +22,7 @@ It is inspired by the great [fog-openstack](https://github.com/fog/fog-openstack
 |>=0.8|>=5.4|>=1.45|>=2.3|
 |>=0.9|>=6.0|>=2.1|>=2.3|
 |>=0.10|>=6.0|>=2.1|>=2.5|
+|>=0.14|>=6.2|>=2.1|>=2.5|
 
 ## Installation
 
@@ -58,7 +59,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 To record your VCR cassettes:
 
 ```shell
-PVE_URL=https://192.168.56.101:8006/api2/json DISABLE_PROXY=true SSL_VERIFY_PEER=false bundle exec rake spec
+PROXMOX_URL=https://192.168.56.101:8006/api2/json DISABLE_PROXY=true SSL_VERIFY_PEER=false bundle exec rake spec
 ```
 
 To replay your recorded tests:
@@ -67,6 +68,12 @@ To replay your recorded tests:
 USE_VCR=true bundle exec rake spec
 ```
 
+Code formatting:
+
+```shell
+bundle exec bin/rake rubocop  
+```
+
 ## Contributing
 
 You can reach the [contributors](.github/CONTRIBUTORS.md).

data/docs/compute.md

@@ -18,16 +18,32 @@ require 'fog/proxmox'
 
 ## Create compute service
 
+with access ticket:
+
+```ruby
+identity = Fog::Proxmox::Identity.new(
+	proxmox_url: 'https://localhost:8006/api2/json', 
+	proxmox_auth_method: 'access_ticket', 
+	proxmox_username: 'your_user@your_realm', 
+	proxmox_password: 'his_password',
+	connection_options: { ... }
+)      
+```
+
+with API user token:
+
 ```ruby
-compute = Fog::Proxmox::Compute.new(
-        pve_username: PVE_USERNAME, # your user name
-        pve_password: PVE_PASSWORD, # your password
-		pve_url: PVE_URL, # your server url
-		connection_options: {} # connection options
-)
+identity = Fog::Proxmox::Identity.new(
+	proxmox_url: 'https://localhost:8006/api2/json', 
+	proxmox_auth_method: 'user_token', 
+	proxmox_userid: 'your_user', 
+	proxmox_tokenid: 'his_tokenid',
+	proxmox_token: 'his_token',
+	connection_options: { ... }
+)      
 ```
 
-[connection_options](connection_parameters.md) are also available.
+[connection_options](connection_parameters.md) are also available and optional.
 
 ## Fog Abstractions
 

data/docs/identity.md

@@ -18,16 +18,32 @@ require 'fog/proxmox'
 
 ## Create identity service
 
+with access ticket:
+
+```ruby
+identity = Fog::Proxmox::Identity.new(
+	proxmox_url: 'https://localhost:8006/api2/json', 
+	proxmox_auth_method: 'access_ticket', 
+	proxmox_username: 'your_user@your_realm', 
+	proxmox_password: 'his_password',
+	connection_options: { ... }
+)      
+```
+
+with API user token:
+
 ```ruby
 identity = Fog::Proxmox::Identity.new(
-        pve_username: PVE_USERNAME, # your user name
-        pve_password: PVE_PASSWORD, # your password
-        pve_url: PVE_URL, # your server url
-		connection_options: {} # connection options
-)
+	proxmox_url: 'https://localhost:8006/api2/json', 
+	proxmox_auth_method: 'user_token', 
+	proxmox_userid: 'your_user@your_realm', 
+	proxmox_tokenid: 'his_tokenid',
+	proxmox_token: 'his_token',
+	connection_options: { ... }
+)      
 ```
 
-[connection_options](connection_parameters.md) are also available.
+[connection_options](connection_parameters.md) are also available and optional.
 
 ## Fog Abstractions
 
@@ -312,6 +328,15 @@ identity.permissions.remove({
     users: 'bobsinclar@pve'
 })
 ```
+
+User permissions:
+
+
+```ruby
+bob = identity.users.get 'bobsinclar@pve'
+bob.permissions
+```
+
 #### Pools management
 
 Proxmox supports pools management of VMs or storages. It eases managing permissions on these.

data/examples/compute.rb

@@ -19,22 +19,22 @@
 
 # There are basically two modes of operation for these specs.
 #
-# 1. ENV[PVE_URL] exists: talk to an actual Proxmox server and record HTTP
+# 1. ENV[PROXMOX_URL] exists: talk to an actual Proxmox server and record HTTP
 #    traffic in VCRs at "spec/debug" (credentials are read from the conventional
-#    environment variables: PVE_URL, PVE_USERNAME, PVE_PASSWORD)
+#    environment variables: PROXMOX_URL, PROXMOX_USERNAME, PROXMOX_PASSWORD)
 # 2. otherwise (Travis, etc): use VCRs at "spec/fixtures/proxmox/#{service}"
 
 require 'fog/proxmox'
 
-pve_url = 'https://172.26.49.146:8006/api2/json'
-pve_username = 'root@pam'
-pve_password = 'proxmox01'
+proxmox_url = 'https://172.26.49.146:8006/api2/json'
+proxmox_username = 'root@pam'
+proxmox_password = 'proxmox01'
 
 # Create service compute
 compute = Fog::Proxmox::Compute.new(
-  pve_url: pve_url,
-  pve_username: pve_username,
-  pve_password: pve_password
+  proxmox_url: proxmox_url,
+  proxmox_username: proxmox_username,
+  proxmox_password: proxmox_password
 )
 
 # Create pools
@@ -62,7 +62,7 @@ pool1.destroy
 # Create servers
 
 # Get node owner
-node_name = 'pve'
+node_name = 'proxmox'
 node = compute.nodes.get node_name
 
 # Get next free vmid
@@ -170,7 +170,7 @@ server.config.disks
 server.destroy
 
 # Create containers
-node_name = 'pve'
+node_name = 'proxmox'
 node = compute.nodes.get node_name
 ostemplate = 'local:vztmpl/alpine-3.7-default_20171211_amd64.tar.xz'
 container_hash = {
@@ -267,7 +267,7 @@ container.destroy
 
 # List 1 task
 filters = { limit: 1 }
-node = compute.nodes.get 'pve'
+node = compute.nodes.get 'proxmox'
 tasks = node.tasks.all(filters)
 # Get task
 upid = tasks[0].upid

data/examples/identity.rb

@@ -20,30 +20,40 @@
 
 # There are basically two modes of operation for these specs.
 #
-# 1. ENV[PVE_URL] exists: talk to an actual Proxmox server and record HTTP
+# 1. ENV[PROXMOX_URL] exists: talk to an actual Proxmox server and record HTTP
 #    traffic in VCRs at "spec/debug" (credentials are read from the conventional
-#    environment variables: PVE_URL, PVE_USERNAME, PVE_PASSWORD)
+#    environment variables: PROXMOX_URL, PROXMOX_USERNAME, PROXMOX_PASSWORD)
 # 2. otherwise (Travis, etc): use VCRs at "spec/fixtures/proxmox/#{service}"
 
 require 'fog/proxmox'
 
-pve_url = 'https://172.26.49.146:8006/api2/json'
-pve_username = 'root@pam'
-pve_password = 'proxmox01'
+proxmox_url = 'https://172.26.49.146:8006/api2/json'
+proxmox_username = 'root@pam'
+proxmox_password = 'proxmox01'
 
-# Create service identity
+# Create service identity with access ticket
 identity = Fog::Proxmox::Identity.new(
-  pve_url: pve_url,
-  pve_username: pve_username,
-  pve_password: pve_password
+  proxmox_url: proxmox_url,
+  proxmox_auth_method: 'access_ticket',
+  proxmox_username: proxmox_username,
+  proxmox_password: proxmox_password
 )
 
+# or with a user token
+identity = Fog::Proxmox::Identity.new(
+	proxmox_url: proxmox_url, 
+	proxmox_auth_method: 'user_token', 
+	proxmox_userid: proxmox_username, 
+	proxmox_tokenid: 'root1',
+	proxmox_token: 'ed6402b4-641d-46b1-b20a-33ba9ba12f54'
+)      
+
 # Get proxmox version
 identity.read_version
 
 # Create a new user
 bob_hash = {
-  userid: 'bobsinclar@pve',
+  userid: 'bobsinclar@proxmox',
   password: 'bobsinclar1',
   firstname: 'Bob',
   lastname: 'Sinclar',
@@ -53,7 +63,7 @@ bob_hash = {
 identity.users.create(bob_hash)
 
 # Get a user by id
-bob = identity.users.get 'bobsinclar@pve'
+bob = identity.users.get 'bobsinclar@proxmox'
 
 # List all users
 identity.users.all
@@ -69,6 +79,9 @@ bob.comment = 'novelist'
 bob.groups = %w[group1]
 bob.update
 
+# List user permissions
+bob.permissions
+
 # Delete user
 bob.destroy
 
@@ -117,8 +130,8 @@ end
 role1.destroy
 
 # Create a new domain (authentication server)
-# Three types: PAM, PVE, LDAP and ActiveDirectory
-# PAM and PVE already exist by default
+# Three types: PAM, PROXMOX, LDAP and ActiveDirectory
+# PAM and PROXMOX already exist by default
 # LDAP sample:
 ldap_hash = {
   realm: 'LDAP',
@@ -165,14 +178,14 @@ ldap.destroy
 permission_hash = {
   type: 'user'
   path: '/access',
-  roleid: 'PVEUserAdmin',
+  roleid: 'PROXMOXUserAdmin',
   ugid: bob_hash[:userid]
 }
 # Add a group permission
 # permission_hash = {
 #   type: 'group'
 #   path: '/access',
-#   roleid: 'PVEUserAdmin',
+#   roleid: 'PROXMOXUserAdmin',
 #   ugid: 'group1'
 # }
 permission = identity.permissions.create(permission_hash)

data/fog-proxmox.gemspec

@@ -40,6 +40,7 @@ Gem::Specification.new do |spec|
   spec.rubygems_version = '~> 2.6'
 
   spec.add_development_dependency 'bundler', '~> 2.1'
+  spec.add_development_dependency 'bundler-audit', '~> 0.6'
   spec.add_development_dependency 'debase', '~> 0.2.2'
   spec.add_development_dependency 'debride', '~> 1.8'
   spec.add_development_dependency 'fasterer', '~> 0.3'
@@ -55,7 +56,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'simplecov', '0.17'
   spec.add_development_dependency 'vcr', '~> 4.0'
   spec.add_development_dependency 'webmock', '~> 3.5'
-  spec.add_development_dependency 'bundler-audit', '~> 0.6'
 
   spec.add_dependency 'fog-core',  '~> 2.1'
   spec.add_dependency 'fog-json',  '~> 1.2'

data/lib/fog/proxmox.rb

@@ -18,98 +18,38 @@
 
 # frozen_string_literal: true
 
-require 'fog/proxmox/version'
-require 'fog/proxmox/core'
-require 'fog/proxmox/json'
 require 'fog/core'
 require 'fog/json'
 
 module Fog
   # Proxmox module
   module Proxmox
+
+    require 'fog/proxmox/auth/token'
+
+    autoload :Core, 'fog/proxmox/core'
+    autoload :Errors, 'fog/proxmox/errors'
+    autoload :Identity, 'fog/proxmox/identity'
+    autoload :Compute, 'fog/proxmox/compute'
+    autoload :Storage, 'fog/proxmox/storage'
+    autoload :Network, 'fog/proxmox/network'
+
     extend Fog::Provider
-    autoload :Identity, File.expand_path('identity/proxmox', __dir__)
-    autoload :Compute, File.expand_path('compute/proxmox', __dir__)
-    autoload :Storage, File.expand_path('storage/proxmox', __dir__)
-    autoload :Network, File.expand_path('network/proxmox', __dir__)
+    
     service(:identity, 'Identity')
     service(:compute, 'Compute')
     service(:storage, 'Storage')
     service(:network, 'Network')
 
-    @credentials = {}
+    @token_cache = {}
 
     class << self
-      attr_reader :credentials
-      attr_reader :version
-    end
-
-    def self.clear_credentials
-      @credentials = {}
-    end
-
-    def self.authenticate(options, connection_options = {})
-      get_credentials(options, connection_options)
-      self
-    end
-
-    def self.authenticated?
-      !@credentials.empty?
-    end
-
-    def self.credentials_has_expired?
-      authenticated? && @credentials[:deadline] < Time.now
-    end
-
-    def self.extract_password(options)
-      ticket = options[:pve_ticket]
-      ticket ? ticket : options[:pve_password].to_s
-    end
-
-    def self.get_credentials(options, connection_options = {})
-      pve_ticket_lifetime   = options[:pve_ticket_lifetime]
-      # Default lifetime ticket is 2 hours
-      ticket_lifetime = pve_ticket_lifetime ? pve_ticket_lifetime : 2 * 60 * 60
-      username          = options[:pve_username].to_s
-      password          = extract_password(options)
-      url               = options[:pve_url]
-      uri = URI.parse(url)
-      @api_path = uri.path
-      connection_options = connection_options.merge(path_prefix: @api_path)
-      password = @credentials[:ticket] if credentials_has_expired?
-      request_credentials(uri, connection_options, username, password, ticket_lifetime)
-    end
-
-    def self.request_credentials(uri, connection_options, username, password, ticket_lifetime)
-      request = {
-        expects: [200, 204],
-        headers: { 'Accept' => 'application/json' },
-        body: URI.encode_www_form(username: username, password: password),
-        method: 'POST',
-        path: 'access/ticket'
-      }
-      connection = Fog::Core::Connection.new(
-        uri.to_s,
-        false,
-        connection_options
-      )
-      response  = connection.request(request)
-      data      = Json.get_data(response)
-      ticket    = data['ticket']
-      username  = data['username']
-      csrftoken = data['CSRFPreventionToken']
-      epoch = Time.now.to_i + ticket_lifetime
-      deadline = Time.at(epoch)
-      save_credentials(username, ticket, csrftoken, deadline)
+      attr_accessor :token_cache
     end
 
-    def self.save_credentials(username, ticket, csrftoken, deadline)
-      @credentials = {
-        username: username,
-        ticket: ticket,
-        csrftoken: csrftoken,
-        deadline: deadline
-      }
+    def self.clear_token_cache
+      Fog::Proxmox.token_cache = {}
     end
+    
   end
 end

data/lib/fog/proxmox/auth/token.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+# Copyright 2018 Tristan Robert
+
+# This file is part of Fog::Proxmox.
+
+# Fog::Proxmox is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# Fog::Proxmox is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with Fog::Proxmox. If not, see <http://www.gnu.org/licenses/>.
+
+require 'fog/json'
+require 'fog/core'
+require 'fog/proxmox/variables'
+require 'fog/proxmox/json'
+
+module Fog
+    module Proxmox
+        # Core module
+        module Auth
+            module Token
+
+                autoload :AccessTicket, 'fog/proxmox/auth/token/access_ticket'
+                autoload :UserToken, 'fog/proxmox/auth/token/user_token'
+
+                attr_reader :userid, :token, :expires, :data
+
+                class ExpiryError < RuntimeError; end
+                class URLError < RuntimeError; end
+
+                def initialize(proxmox_options, options = {})
+                    raise URLError, 'No proxmox_url provided' if proxmox_options[:proxmox_url].nil? || proxmox_options[:proxmox_url].empty?                    
+                    @token ||= ''
+                    @token_id ||= ''
+                    @userid ||= ''                
+                    @data = authenticate(proxmox_options, options)    
+                    build_credentials(proxmox_options, data)
+                end
+
+                def self.build(proxmox_options, options)
+                    raise ArgumentError, "Missing required proxmox_auth_method in options." unless proxmox_options.key? :proxmox_auth_method
+                    auth_method = proxmox_options[:proxmox_auth_method]
+                    if auth_method == Fog::Proxmox::Auth::Token::AccessTicket::NAME
+                        Fog::Proxmox::Auth::Token::AccessTicket.new(proxmox_options, options)
+                    elsif auth_method == Fog::Proxmox::Auth::Token::UserToken::NAME
+                        Fog::Proxmox::Auth::Token::UserToken.new(proxmox_options, options)
+                    else
+                        raise ArgumentError, "Unkown authentication method: #{auth_method}. Only #{Fog::Proxmox::Auth::Token::AccessTicket::NAME} or #{Fog::Proxmox::Auth::Token::UserToken::NAME} are accepted."
+                    end
+                end
+
+                def authenticate(proxmox_options, connection_options = {})
+                    uri = URI.parse(proxmox_options[:proxmox_url])
+                    request = {
+                        expects: [200, 201],
+                        headers: headers(auth_method, proxmox_options, { Accept: 'application/json' }),
+                        body: auth_body(proxmox_options),
+                        method: auth_method,
+                        path: uri.path + auth_path(proxmox_options)
+                    }
+                    connection = Fog::Core::Connection.new(
+                        uri.to_s,
+                        false,
+                        connection_options
+                    )
+                    response  = connection.request(request)
+                    Json.get_data(response)
+                end
+
+                def expired?
+                    if @expires.nil? || @expires.empty?
+                        raise ExpiryError, 'Missing token expiration data'
+                    end
+                    Time.at(@expires) < Time.now.utc
+                end
+                
+            end
+        end
+    end
+end