Class: Occi::Api::Client::Http::AuthnPlugins::KeystoneV3

Inherits:

Object

• Object
• Occi::Api::Client::Http::AuthnPlugins::KeystoneV3

Defined in:

lib/occi/api/client/http/authn_plugins/keystone.rb

Instance Method Summary

• #get_first_working_project ⇒ Object
• #get_req_headers ⇒ Object
• #initialize(base_url, env_ref, options = {}) ⇒ KeystoneV3 constructor

  A new instance of KeystoneV3.

• #passwd_authenticate ⇒ Object
• #set_auth_token(tenant = nil) ⇒ Object
• #set_oauth2_unscoped_token ⇒ Object
• #set_scoped_token(project) ⇒ Object
• #set_voms_unscoped_token ⇒ Object

Constructor Details

#initialize(base_url, env_ref, options = {}) ⇒ KeystoneV3

Returns a new instance of KeystoneV3.

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 194

def initialize(base_url, env_ref, options = {})
  @base_url = base_url
  @env_ref = env_ref
  @options = options
end

Instance Method Details

#get_first_working_project ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 254

def get_first_working_project
  response = @env_ref.class.get(
    "#{@base_url}/auth/projects",
    :headers => get_req_headers
  )
  Occi::Api::Log.debug response.inspect

  if !response.success? || response['projects'].blank?
    raise ::Occi::Api::Client::Errors::AuthnError,
          "Keystone didn't return any projects, fallback failed!"
  end

  response['projects'].each do |project|
    begin
      Occi::Api::Log.debug "Authenticating for project #{project['name'].inspect}"
      set_scoped_token project['id']
      break # found a working project, stop looking
    rescue ::Occi::Api::Client::Errors::AuthnError
      # ignoring and trying the next tenant
    end
  end
end

#get_req_headers ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 305

def get_req_headers
  headers = @env_ref.class.headers.clone
  headers['Content-Type'] = 'application/json'
  headers['Accept'] = headers['Content-Type']

  headers
end

#passwd_authenticate ⇒ Object

Raises:

• (::Occi::Api::Client::Errors::AuthnError)

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 215

def passwd_authenticate
  raise ::Occi::Api::Client::Errors::AuthnError,
        "Needs to be implemented, check http://developer.openstack.org/api-ref-identity-v3.html#authenticatePasswordUnscoped"
end

#set_auth_token(tenant = nil) ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 200

def set_auth_token(tenant = nil)
  if @options[:original_type] == "x509"
    set_voms_unscoped_token
  elsif @options[:type] == "oauth2"
    set_oauth2_unscoped_token
  elsif @options[:username] && @options[:password]
    passwd_authenticate
  else
    raise ::Occi::Api::Client::Errors::AuthnError,
          "Unable to request a token from Keystone! Chosen AuthN is not supported, fallback failed!"
  end

  tenant.blank? ? get_first_working_project : set_scoped_token(tenant)
end

#set_oauth2_unscoped_token ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 236

def set_oauth2_unscoped_token
  headers = get_req_headers
  headers['Authorization'] = "Bearer #{@options[:token]}"
  response = @env_ref.class.get(
    # FIXME(enolfc) egi.eu and oidc below should be configurable
    "#{@base_url}/OS-FEDERATION/identity_providers/egi.eu/protocols/oidc/auth",
    :headers => headers
  )
  Occi::Api::Log.debug response.inspect

  if !response.success? || response.headers['x-subject-token'].blank?
    raise ::Occi::Api::Client::Errors::AuthnError,
          "Unable to get a token from Keystone, fallback failed!"
  end

  @env_ref.class.headers['X-Auth-Token'] = response.headers['x-subject-token']
end

#set_scoped_token(project) ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 277

def set_scoped_token(project)
  body = {
    "auth" => {
      "identity" => {
        "methods" => ["token"],
        "token" => { "id" => @env_ref.class.headers['X-Auth-Token'] }
      },
      "scope" => {
        "project" => { "id" => project }
      }
    }
  }

  response = @env_ref.class.post(
    "#{@base_url}/auth/tokens",
    :body => body.to_json,
    :headers => get_req_headers
  )
  Occi::Api::Log.debug response.inspect

  if !response.success? || response.headers['x-subject-token'].blank?
    raise ::Occi::Api::Client::Errors::AuthnError,
          "Unable to get a token from Keystone, fallback failed!"
  end

  @env_ref.class.headers['X-Auth-Token'] = response.headers['x-subject-token']
end

#set_voms_unscoped_token ⇒ Object

# File 'lib/occi/api/client/http/authn_plugins/keystone.rb', line 220

def set_voms_unscoped_token
  response = @env_ref.class.get(
    # FIXME(enolfc) egi.eu and mapped below should be configurable
    "#{@base_url}/OS-FEDERATION/identity_providers/egi.eu/protocols/mapped/auth",
    :headers => get_req_headers
  )
  Occi::Api::Log.debug response.inspect

  if !response.success? || response.headers['x-subject-token'].blank?
    raise ::Occi::Api::Client::Errors::AuthnError,
          "Unable to get a token from Keystone, fallback failed!"
  end

  @env_ref.class.headers['X-Auth-Token'] = response.headers['x-subject-token']
end