Class: Occi::Api::Client::Http::AuthnPlugins::KeystoneV2

Inherits:

Object

• Object
• Occi::Api::Client::Http::AuthnPlugins::KeystoneV2

Defined in:

lib/occi/api/client/http/authn_plugins/keystone.rb

Instance Method Summary

• #authenticate(tenant = nil) ⇒ Object
• #get_first_working_tenant ⇒ Object
• #get_keystone_req(tenant = nil) ⇒ Object
• #get_req_headers ⇒ Object
• #initialize(base_url, env_ref, options = {}) ⇒ KeystoneV2 constructor

  A new instance of KeystoneV2.

• #set_auth_token(tenant = nil) ⇒ Object

Constructor Details

#initialize(base_url, env_ref, options = {}) ⇒ KeystoneV2

Returns a new instance of KeystoneV2.

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 106

def initialize(base_url, env_ref, options = {})
  @base_url = base_url
  @env_ref = env_ref
  @options = options
end

Instance Method Details

#authenticate(tenant = nil) ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 123

def authenticate(tenant = nil)
  response = @env_ref.class.post(
    "#{@base_url}/tokens",
    :body => get_keystone_req(tenant),
    :headers => get_req_headers
  )
  Occi::Api::Log.debug response.inspect

  if !response.success? || response['access'].blank?
    raise ::Occi::Api::Client::Errors::AuthnError,
          "Unable to get a token from Keystone, fallback failed!"
  end

  @env_ref.class.headers['X-Auth-Token'] = response['access']['token']['id']
end

#get_first_working_tenant ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 161

def get_first_working_tenant
  response = @env_ref.class.get(
    "#{@base_url}/tenants",
    :headers => get_req_headers
  )
  Occi::Api::Log.debug response.inspect

  if !response.success? || response['tenants'].blank?
    raise ::Occi::Api::Client::Errors::AuthnError,
          "Keystone didn't return any tenants, fallback failed!"
  end

  response['tenants'].each do |tenant|
    begin
      Occi::Api::Log.debug "Authenticating for tenant #{tenant['name'].inspect}"
      authenticate tenant['name']
      break # found a working tenant, stop looking
    rescue ::Occi::Api::Client::Errors::AuthnError
      # ignoring and trying the next tenant
    end
  end
end

#get_keystone_req(tenant = nil) ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 139

def get_keystone_req(tenant = nil)
  if @options[:original_type] == "x509"
    body = { "auth" => { "voms" => true } }
  elsif @options[:username] && @options[:password]
    body = {
      "auth" => {
        "passwordCredentials" => {
          "username" => @options[:username],
          "password" => @options[:password]
        }
      }
    }
  else
    raise ::Occi::Api::Client::Errors::AuthnError,
          "Unable to request a token from Keystone! Chosen " \
          "AuthN is not supported, fallback failed!"
  end

  body['auth']['tenantName'] = tenant unless tenant.blank?
  body.to_json
end

#get_req_headers ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 184

def get_req_headers
  headers = @env_ref.class.headers.clone
  headers['Content-Type'] = "application/json"
  headers['Accept'] = headers['Content-Type']

  headers
end

#set_auth_token(tenant = nil) ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 112

def set_auth_token(tenant = nil)
  if tenant.blank?
    # get an unscoped token, use the unscoped token
    # for tenant discovery and get a scoped token
    authenticate
    get_first_working_tenant
  else
    authenticate tenant
  end
end