occi-api 4.3.5 → 4.3.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c1058d8ebbfc4c35fe0dc5a59725ce4ff6af5578
-  data.tar.gz: 752bd8e01cc6afc49434261bad1c3d3a3be92f1f
+  metadata.gz: d5e457c71d021773fd57e1632882d438166cf935
+  data.tar.gz: 9afa187517fd7ef0facc4295085a10a7b9bf1f97
 SHA512:
-  metadata.gz: dcb9d62289f0f17212e65645e7f68ed5df18792ec51f39e82757b9cc47e21ac905ac80e7ea4a06597e5e507d767d1861862dfbdf4e4b6bc9e123275dff9dad94
-  data.tar.gz: 23d10f55966a9457cd02e6e7edc80d2f6c798db37fecb8b27ee3f3f62052ba9cc4827887d7d3f7adf6474efc64f63205c3b73081e23c94c5ab200a2bd75e1ce1
+  metadata.gz: 5d531511b8d1fa3d5d2c3658ad9fbb1d29c3c08430779d36ae3b471179443f8afe8b5fc2fd11df0e52df52707a6d09c08dfe9e4919ac86b94759798c855c5bb8
+  data.tar.gz: 2ab2461149750834ea980da58f36892366d5872cd55c35809cf873231d86fb24ce81e9ccb0be9bf778b049d09cc440960709a635ec88d19f5b36a60efcfd97e1

data/.travis.yml

@@ -4,36 +4,14 @@ rvm:
   - 1.9.3
   - 2.0.0
   - 2.1
+  - 2.2
+  - 2.3
   - ruby-head
-  - jruby-19mode
-  - jruby-head
-
-jdk:
-  - openjdk7
-  - oraclejdk7
-  - openjdk6
 
 matrix:
   allow_failures:
+    - rvm: 2.3
     - rvm: ruby-head
-    - rvm: jruby-head
-  exclude:
-    - rvm: 1.9.3
-      jdk: openjdk7
-    - rvm: 1.9.3
-      jdk: oraclejdk7
-    - rvm: 2.0.0
-      jdk: openjdk7
-    - rvm: 2.0.0
-      jdk: oraclejdk7
-    - rvm: 2.1
-      jdk: openjdk7
-    - rvm: 2.1
-      jdk: oraclejdk7
-    - rvm: ruby-head
-      jdk: openjdk7
-    - rvm: ruby-head
-      jdk: oraclejdk7
   fast_finish: true
 
 branches:
@@ -43,3 +21,10 @@ branches:
     - 4.1.x
     - 4.2.x
     - 4.3.x
+
+install: 'gem install bundler -v ">= 1.7.12" && bundle install --retry=10'
+
+env:
+  - ON_TRAVIS_CI=yes
+
+sudo: false

data/lib/occi/api/client/client_http.rb

@@ -78,10 +78,10 @@ module Occi::Api::Client
       )
 
       response_msg = response_message(response)
-      raise "HTTP GET failed! #{response_msg}" unless response.code == 200
+      raise "HTTP GET failed! #{response_msg}" unless [200, 204].include?(response.code)
 
       # TODO: remove the gsub OCCI-OS hack as soon as they stop using 'uri:'
-      response.body.gsub(/\# uri:\/(compute|storage|network)\/[\n]?/, '').split("\n").compact
+      (response.body || '').gsub(/\# uri:\/(compute|storage|network)\/[\n]?/, '').split("\n").compact
     end
 
     # @see Occi::Api::Client::ClientBase

data/lib/occi/api/client/http/authn_plugins/keystone.rb

@@ -5,20 +5,14 @@ module Occi::Api::Client
       class Keystone < Base
 
         KEYSTONE_URI_REGEXP = /^(Keystone|snf-auth) uri='(.+)'$/
+        KEYSTONE_VERSION_REGEXP = /^v([0-9]).*$/
 
         def setup(options = {})
           # get Keystone URL if possible
           set_keystone_base_url
 
-          if !ENV['ROCCI_CLIENT_KEYSTONE_TENANT'].blank?
-            # get a scoped token for the specified tenant directly
-            set_auth_token ENV['ROCCI_CLIENT_KEYSTONE_TENANT']
-          else
-            # get an unscoped token, use the unscoped token
-            # for tenant discovery and get a scoped token
-            set_auth_token
-            get_first_working_tenant
-          end
+          # discover Keystone API version
+          set_auth_token ENV['ROCCI_CLIENT_KEYSTONE_TENANT']
 
           raise ::Occi::Api::Client::Errors::AuthnError,
                 "Unable to get a tenant from Keystone, fallback failed!" if @env_ref.class.headers['X-Auth-Token'].blank?
@@ -56,12 +50,73 @@ module Occi::Api::Client
           raise ::Occi::Api::Client::Errors::AuthnError,
                 "Unable to get Keystone's URL from the response, fallback failed!" unless match && match[2]
 
-          @keystone_url = match[2].chomp('/').chomp('/v2.0')
+          @keystone_url = match[2]
+        end
+
+        def set_auth_token(tenant = nil)
+          response = @env_ref.class.get @keystone_url
+          Occi::Api::Log.debug response.inspect
+
+          raise ::Occi::Api::Client::Errors::AuthnError,
+                "Unable to get Keystone API version from the response, fallback failed!" if (400..599).include?(response.code)
+
+          # multiple choices, sort them by version id
+          if response.code == 300
+            versions = response['versions']['values'].sort_by { |v| v['id']}
+          else
+            # assume a single version
+            versions = [response['version']]
+          end
+
+          versions.each do |v|
+            match = KEYSTONE_VERSION_REGEXP.match(v['id'])
+            raise ::Occi::Api::Client::Errors::AuthnError,
+                  "Unable to get Keystone API version from the response, fallback failed!" unless match && match[1]
+            if match[1] == '2'
+              handler_class = KeystoneV2
+            elsif match[1] == '3'
+              handler_class = KeystoneV3
+            end
+            v['links'].each do |link|
+              begin
+                if link['rel'] == 'self'
+                 keystone_url = link['href'].chomp('/')
+                 keystone_handler = handler_class.new(keystone_url, @env_ref, @options)
+                 token = keystone_handler.set_auth_token(tenant)
+                 # found a working keystone, stop looking
+                 return
+                end
+              rescue ::Occi::Api::Client::Errors::AuthnError
+                # ignore and try with next link
+              end
+            end
+          end
+        end
+
+      end
+
+      class KeystoneV2
+        def initialize(base_url, env_ref, options = {})
+          @base_url = base_url
+          @env_ref = env_ref
+          @options = options
         end
 
         def set_auth_token(tenant = nil)
+          if !tenant.blank?
+            # get a scoped token for the specified tenant directly
+            authenticate ENV['ROCCI_CLIENT_KEYSTONE_TENANT']
+          else
+            # get an unscoped token, use the unscoped token
+            # for tenant discovery and get a scoped token
+            authenticate
+            get_first_working_tenant
+          end
+        end
+
+        def authenticate(tenant = nil)
           response = @env_ref.class.post(
-            "#{@keystone_url}/v2.0/tokens",
+            "#{@base_url}/tokens",
             :body => get_keystone_req(tenant),
             :headers => get_req_headers
           )
@@ -99,7 +154,7 @@ module Occi::Api::Client
 
         def get_first_working_tenant
           response = @env_ref.class.get(
-            "#{@keystone_url}/v2.0/tenants",
+            "#{@base_url}/tenants",
             :headers => get_req_headers
           )
           Occi::Api::Log.debug response.inspect
@@ -110,7 +165,7 @@ module Occi::Api::Client
           response['tenants'].each do |tenant|
             begin
               Occi::Api::Log.debug "Authenticating for tenant #{tenant['name'].inspect}"
-              set_auth_token(tenant['name'])
+              authenticate(tenant['name'])
 
               # found a working tenant, stop looking
               break
@@ -120,6 +175,115 @@ module Occi::Api::Client
           end
         end
 
+        def get_req_headers
+          headers = @env_ref.class.headers.clone
+          headers['Content-Type'] = "application/json"
+          headers['Accept'] = headers['Content-Type']
+
+          headers
+        end
+      end
+
+      class KeystoneV3
+        def initialize(base_url, env_ref, options = {})
+          @base_url = base_url
+          @env_ref = env_ref
+          @options = options
+        end
+
+        def set_auth_token(tenant = nil)
+          if @options[:original_type] == "x509"
+            voms_authenticate(tenant)
+          elsif @options[:username] && @options[:password]
+            passwd_authenticate(tenant)
+          else
+            raise ::Occi::Api::Client::Errors::AuthnError,
+                  "Unable to request a token from Keystone! Chosen " \
+                  "AuthN is not supported, fallback failed!"
+          end
+        end
+
+        def passwd_authenticate(tenant = nil)
+          raise ::Occi::Api::Client::Errors::AuthnError,
+                "Needs to be implemented, check http://developer.openstack.org/api-ref-identity-v3.html#authenticatePasswordUnscoped"
+        end
+
+        def voms_authenticate(tenant = nil)
+          set_voms_unscoped_token
+
+          if !tenant.blank?
+            set_scoped_token(tenant)
+          else
+            get_first_working_project
+          end
+        end
+
+        def set_voms_unscoped_token
+          response = @env_ref.class.post(
+            # egi.eu and voms below should be configurable
+            "#{@base_url}/OS-FEDERATION/identity_providers/egi.eu/protocols/mapped/voms",
+          )
+          Occi::Api::Log.debug response.inspect
+
+          if response.success?
+            @env_ref.class.headers['X-Auth-Token'] = response.headers['x-subject-token']
+          else
+            raise ::Occi::Api::Client::Errors::AuthnError,
+                  "Unable to get a token from Keystone, fallback failed!"
+          end
+        end
+
+        def get_first_working_project
+          response = @env_ref.class.get(
+            "#{@base_url}/projects",
+            :headers => get_req_headers
+          )
+          Occi::Api::Log.debug response.inspect
+
+          raise ::Occi::Api::Client::Errors::AuthnError,
+                "Keystone didn't return any projects, fallback failed!" if response['projects'].blank?
+
+          response['projects'].each do |project|
+            begin
+              Occi::Api::Log.debug "Authenticating for project #{project['name'].inspect}"
+              set_scoped_token(project['id'])
+
+              # found a working project, stop looking
+              break
+            rescue ::Occi::Api::Client::Errors::AuthnError
+              # ignoring and trying the next tenant
+            end
+          end
+        end
+
+        def set_scoped_token(project)
+          body = {
+            "auth" => {
+              "identity" => {
+                "methods" => ["token"],
+                "token" => {"id" => @env_ref.class.headers['X-Auth-Token'] }
+              },
+              "scope" => {
+                "project" => {"id" => project}
+              }
+            }
+          }
+          response = @env_ref.class.post(
+            "#{@base_url}/auth/tokens",
+            :body => body,
+            :headers => get_req_headers
+          )
+
+          Occi::Api::Log.debug response.inspect
+
+          if response.success?
+            @env_ref.class.headers['X-Auth-Token'] = response.headers['x-subject-token']
+          else
+            raise ::Occi::Api::Client::Errors::AuthnError,
+                  "Unable to get a token from Keystone, fallback failed!"
+          end
+        end
+
         def get_req_headers
           headers = @env_ref.class.headers.clone
           headers['Content-Type'] = "application/json"

data/lib/occi/api/version.rb

@@ -1,5 +1,5 @@
 module Occi
   module Api
-    VERSION = "4.3.5" unless defined?(::Occi::Api::VERSION)
+    VERSION = "4.3.6" unless defined?(::Occi::Api::VERSION)
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: occi-api
 version: !ruby/object:Gem::Version
-  version: 4.3.5
+  version: 4.3.6
 platform: ruby
 authors:
 - Florian Feldhaus
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-10 00:00:00.000000000 Z
+date: 2016-06-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: occi-core