occi-api 4.3.13 → 4.3.14

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: eea00cabd97f5ec155984db2ac1f3c69c7461e11
-  data.tar.gz: 6b8d9f42712d77b0165396a580664449489d4536
+  metadata.gz: fce814d6c2a7c043db73c5541ea5c70b5fd2e288
+  data.tar.gz: bc4d4c17d48337edf1cedaa721ca77d99ba17931
 SHA512:
-  metadata.gz: 2cfc57efcf030120d74ed27c04bbef90c5c50211d005970e506b1fc0fd27b12119dcfe3b5bb3f37f693b1d45cadcf73a1faf0fa754236c123c6797707e961bc3
-  data.tar.gz: 36c0befdbd3f743ea3f2fb13e4fa1220fb58164390f70c63d2ba6a16328eac37f9629226ce167f673fbd3db279a6b7ec1e6fa9d68be36d9c0583f340d0dc02e7
+  metadata.gz: 0c0b46c1a5c0b70e73155194e663d75a43d2d3383d1d4b970398ac861b4b5559fb8e53425c7efe1b696e81465b7940b1b14313ad9eb6d80f5dad8a83b6685f6e
+  data.tar.gz: 2d5242472689a59d10574c7228151abfc538a234f8c0e70530a2f0e9aed91f38410c6172f7e8d07a8b056adce276d4beb4037f10f93e0a68802e0191e7413030

data/lib/occi/api/client/http/authn_plugins/keystone.rb

@@ -13,7 +13,10 @@ module Occi::Api::Client
 
           # discover Keystone API version
           @env_ref.class.headers.delete 'X-Auth-Token'
-          set_auth_token ENV['ROCCI_CLIENT_KEYSTONE_TENANT']
+          if @options[:type] == 'oauth2'
+            keystone_version = 3
+          end
+          set_auth_token ENV['ROCCI_CLIENT_KEYSTONE_TENANT'], keystone_version
 
           raise ::Occi::Api::Client::Errors::AuthnError,
                 "Unable to get a tenant from Keystone, fallback failed!" if @env_ref.class.headers['X-Auth-Token'].blank?
@@ -54,14 +57,14 @@ module Occi::Api::Client
           @keystone_url = match[3]
         end
 
-        def set_auth_token(tenant = nil)
+        def set_auth_token(tenant = nil, keystone_version = nil)
           response = @env_ref.class.get @keystone_url
           Occi::Api::Log.debug response.inspect
 
           raise ::Occi::Api::Client::Errors::AuthnError,
                 "Unable to get Keystone API version from the response, fallback failed!" if (400..599).include?(response.code)
 
-          # multiple choices, sort them by version id
+          # multiple choices, sort them by version id (preferred is v2)
           if response.code == 300
             versions = response['versions']['values'].sort_by { |v| v['id']}
           else
@@ -74,18 +77,28 @@ module Occi::Api::Client
             raise ::Occi::Api::Client::Errors::AuthnError,
                   "Unable to get Keystone API version from the response, fallback failed!" unless match && match[1]
             if match[1] == '2'
-              handler_class = KeystoneV2
+              if keystone_version == nil or keystone_version == 2
+                Occi::Api::Log.debug "Selecting Keystone V2 interface"
+                handler_class = KeystoneV2
+              else
+                next
+              end
             elsif match[1] == '3'
-              handler_class = KeystoneV3
+              if keystone_version == nil or keystone_version == 3
+                Occi::Api::Log.debug "Selecting Keystone V3 interface"
+                handler_class = KeystoneV3
+              else
+                next
+              end
             end
             v['links'].each do |link|
               begin
                 if link['rel'] == 'self'
-                 keystone_url = link['href'].chomp('/')
-                 keystone_handler = handler_class.new(keystone_url, @env_ref, @options)
-                 token = keystone_handler.set_auth_token(tenant)
-                 # found a working keystone, stop looking
-                 return
+                  keystone_url = link['href'].chomp('/')
+                  keystone_handler = handler_class.new(keystone_url, @env_ref, @options)
+                  token = keystone_handler.set_auth_token(tenant)
+                  # found a working keystone, stop looking
+                  return
                 end
               rescue ::Occi::Api::Client::Errors::AuthnError
                 # ignore and try with next link
@@ -194,35 +207,51 @@ module Occi::Api::Client
 
         def set_auth_token(tenant = nil)
           if @options[:original_type] == "x509"
-            voms_authenticate(tenant)
+            set_voms_unscoped_token
+          elsif @options[:type] == "oauth2"
+            set_oauth2_unscoped_token
           elsif @options[:username] && @options[:password]
-            passwd_authenticate(tenant)
+            passwd_authenticate
           else
             raise ::Occi::Api::Client::Errors::AuthnError,
                   "Unable to request a token from Keystone! Chosen " \
                   "AuthN is not supported, fallback failed!"
           end
+
+          if !tenant.blank?
+            set_scoped_token(tenant)
+          else
+            get_first_working_project
+          end
         end
 
-        def passwd_authenticate(tenant = nil)
+        def passwd_authenticate
           raise ::Occi::Api::Client::Errors::AuthnError,
                 "Needs to be implemented, check http://developer.openstack.org/api-ref-identity-v3.html#authenticatePasswordUnscoped"
         end
 
-        def voms_authenticate(tenant = nil)
-          set_voms_unscoped_token
+        def set_voms_unscoped_token
+          response = @env_ref.class.post(
+            # FIXME(enolfc) egi.eu and mapped below should be configurable
+            "#{@base_url}/OS-FEDERATION/identity_providers/egi.eu/protocols/mapped/auth",
+          )
+          Occi::Api::Log.debug response.inspect
 
-          if !tenant.blank?
-            set_scoped_token(tenant)
+          if response.success?
+            @env_ref.class.headers['X-Auth-Token'] = response.headers['x-subject-token']
           else
-            get_first_working_project
+            raise ::Occi::Api::Client::Errors::AuthnError,
+                  "Unable to get a token from Keystone, fallback failed!"
           end
         end
 
-        def set_voms_unscoped_token
+        def set_oauth2_unscoped_token
+          headers = get_req_headers
+          headers['Authorization'] = "Bearer #{@options[:token]}"
           response = @env_ref.class.post(
-            # egi.eu and mapped below should be configurable
-            "#{@base_url}/OS-FEDERATION/identity_providers/egi.eu/protocols/mapped/auth",
+            # FIXME(enolfc) egi.eu and oidc below should be configurable
+            "#{@base_url}/OS-FEDERATION/identity_providers/egi.eu/protocols/oidc/auth",
+            :headers => headers
           )
           Occi::Api::Log.debug response.inspect
 
@@ -287,7 +316,7 @@ module Occi::Api::Client
 
         def get_req_headers
           headers = @env_ref.class.headers.clone
-          headers['Content-Type'] = "application/json"
+          headers['Content-Type'] = 'application/json'
           headers['Accept'] = headers['Content-Type']
 
           headers

data/lib/occi/api/client/http/helpers.rb

@@ -30,6 +30,8 @@ module Occi::Api::Client
                           raise ::Occi::Api::Client::Errors::AuthnError,
                                 "This authN method is for fallback only!" unless fallback
                           Http::AuthnPlugins::Keystone.new self, auth_options
+                        when "oauth2"
+                          Http::AuthnPlugins::Keystone.new self, auth_options
                         when "none", nil
                           Http::AuthnPlugins::Dummy.new self
                         else

data/lib/occi/api/version.rb

@@ -1,5 +1,5 @@
 module Occi
   module Api
-    VERSION = "4.3.13" unless defined?(::Occi::Api::VERSION)
+    VERSION = "4.3.14" unless defined?(::Occi::Api::VERSION)
   end
 end

data/occi-api.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |gem|
   gem.test_files    = `git ls-files -- {test,spec}/*`.split("\n")
   gem.require_paths = ['lib']
 
-  gem.add_dependency 'occi-core', '>= 4.3.5', '< 5'
+  gem.add_dependency 'occi-core', '>= 4.3.6', '< 5'
   gem.add_dependency 'httparty', '>= 0.13.1', '< 1'
   gem.add_dependency 'json', '>= 1.8.1', '< 3'
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: occi-api
 version: !ruby/object:Gem::Version
-  version: 4.3.13
+  version: 4.3.14
 platform: ruby
 authors:
 - Florian Feldhaus
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-14 00:00:00.000000000 Z
+date: 2017-08-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: occi-core
@@ -18,7 +18,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.3.5
+        version: 4.3.6
     - - "<"
       - !ruby/object:Gem::Version
         version: '5'
@@ -28,7 +28,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.3.5
+        version: 4.3.6
     - - "<"
       - !ruby/object:Gem::Version
         version: '5'
@@ -463,7 +463,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.6.12
 signing_key: 
 specification_version: 4
 summary: OCCI development library providing a high-level client API