| package gophercloud |
| |
| /* |
| AuthOptions stores information needed to authenticate to an OpenStack cluster. |
| You can populate one manually, or use a provider's AuthOptionsFromEnv() function |
| to read relevant information from the standard environment variables. Pass one |
| to a provider's AuthenticatedClient function to authenticate and obtain a |
| ProviderClient representing an active session on that provider. |
| |
| Its fields are the union of those recognized by each identity implementation and |
| provider. |
| */ |
| type AuthOptions struct { |
| // IdentityEndpoint specifies the HTTP endpoint that is required to work with |
| // the Identity API of the appropriate version. While it's ultimately needed by |
| // all of the identity services, it will often be populated by a provider-level |
| // function. |
| IdentityEndpoint string `json:"-"` |
| |
| // Username is required if using Identity V2 API. Consult with your provider's |
| // control panel to discover your account's username. In Identity V3, either |
| // UserID or a combination of Username and DomainID or DomainName are needed. |
| Username string `json:"username,omitempty"` |
| UserID string `json:"id,omitempty"` |
| |
| Password string `json:"password,omitempty"` |
| |
| // At most one of DomainID and DomainName must be provided if using Username |
| // with Identity V3. Otherwise, either are optional. |
| DomainID string `json:"id,omitempty"` |
| DomainName string `json:"name,omitempty"` |
| |
| // The TenantID and TenantName fields are optional for the Identity V2 API. |
| // Some providers allow you to specify a TenantName instead of the TenantId. |
| // Some require both. Your provider's authentication policies will determine |
| // how these fields influence authentication. |
| TenantID string `json:"tenantId,omitempty"` |
| TenantName string `json:"tenantName,omitempty"` |
| |
| // AllowReauth should be set to true if you grant permission for Gophercloud to |
| // cache your credentials in memory, and to allow Gophercloud to attempt to |
| // re-authenticate automatically if/when your token expires. If you set it to |
| // false, it will not cache these settings, but re-authentication will not be |
| // possible. This setting defaults to false. |
| // |
| // NOTE: The reauth function will try to re-authenticate endlessly if left unchecked. |
| // The way to limit the number of attempts is to provide a custom HTTP client to the provider client |
| // and provide a transport that implements the RoundTripper interface and stores the number of failed retries. |
| // For an example of this, see here: https://github.com/rackspace/rack/blob/1.0.0/auth/clients.go#L311 |
| AllowReauth bool |
| |
| // TokenID allows users to authenticate (possibly as another user) with an |
| // authentication token ID. |
| TokenID string |
| } |
| |
| // ToTokenV2CreateMap allows AuthOptions to satisfy the AuthOptionsBuilder |
| // interface in the v2 tokens package |
| func (opts AuthOptions) ToTokenV2CreateMap() (map[string]interface{}, error) { |
| // Populate the request map. |
| authMap := make(map[string]interface{}) |
| |
| if opts.Username != "" { |
| if opts.Password != "" { |
| authMap["passwordCredentials"] = map[string]interface{}{ |
| "username": opts.Username, |
| "password": opts.Password, |
| } |
| } else { |
| return nil, ErrMissingInput{Argument: "Password"} |
| } |
| } else if opts.TokenID != "" { |
| authMap["token"] = map[string]interface{}{ |
| "id": opts.TokenID, |
| } |
| } else { |
| return nil, ErrMissingInput{Argument: "Username"} |
| } |
| |
| if opts.TenantID != "" { |
| authMap["tenantId"] = opts.TenantID |
| } |
| if opts.TenantName != "" { |
| authMap["tenantName"] = opts.TenantName |
| } |
| |
| return map[string]interface{}{"auth": authMap}, nil |
| } |