Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 1 | package identity |
| 2 | |
| 3 | import ( |
| 4 | "github.com/racker/perigee" |
| 5 | ) |
| 6 | |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 7 | // AuthResults encapsulates the raw results from an authentication request. |
| 8 | // As OpenStack allows extensions to influence the structure returned in |
| 9 | // ways that Gophercloud cannot predict at compile-time, you should use |
| 10 | // type-safe accessors to work with the data represented by this type, |
| 11 | // such as ServiceCatalog() and Token(). |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 12 | type AuthResults map[string]interface{} |
| 13 | |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 14 | // AuthOptions lets anyone calling Authenticate() supply the required access |
| 15 | // credentials. At present, only Identity V2 API support exists; therefore, |
| 16 | // only Username, Password, and optionally, TenantId are provided. If future |
| 17 | // Identity API versions become available, alternative fields unique to those |
| 18 | // versions may appear here. |
| 19 | // |
| 20 | // Endpoint specifies the HTTP endpoint offering the Identity V2 API. |
| 21 | // Required. |
| 22 | // |
| 23 | // Username is required if using Identity V2 API. Consult with your provider's |
| 24 | // control panel to discover your account's username. |
| 25 | // |
| 26 | // At most one of Password or ApiKey is required if using Identity V2 API. |
| 27 | // Consult with your provider's control panel to discover your account's |
| 28 | // preferred method of authentication. |
| 29 | // |
| 30 | // The TenantId and TenantName fields are optional for the Identity V2 API. |
| 31 | // Some providers allow you to specify a TenantName instead of the TenantId. |
| 32 | // Some require both. Your provider's authentication policies will determine |
| 33 | // how these fields influence authentication. |
| 34 | // |
| 35 | // AllowReauth should be set to true if you grant permission for Gophercloud to |
| 36 | // cache your credentials in memory, and to allow Gophercloud to attempt to |
| 37 | // re-authenticate automatically if/when your token expires. If you set it to |
| 38 | // false, it will not cache these settings, but re-authentication will not be |
| 39 | // possible. This setting defaults to false. |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 40 | type AuthOptions struct { |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 41 | Endpoint string |
| 42 | Username string |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 43 | Password, ApiKey string |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 44 | TenantId string |
| 45 | TenantName string |
| 46 | AllowReauth bool |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 47 | } |
| 48 | |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 49 | // Authenticate passes the supplied credentials to the OpenStack provider for authentication. |
| 50 | // If successful, the caller may use Token() to retrieve the authentication token, |
| 51 | // and ServiceCatalog() to retrieve the set of services available to the API user. |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 52 | func Authenticate(options AuthOptions) (AuthResults, error) { |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 53 | type AuthContainer struct { |
| 54 | Auth auth `json:"auth"` |
| 55 | } |
| 56 | |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 57 | var ar AuthResults |
| 58 | |
| 59 | if options.Endpoint == "" { |
| 60 | return nil, ErrEndpoint |
| 61 | } |
| 62 | |
| 63 | if (options.Username == "") || (options.Password == "" && options.ApiKey == "") { |
| 64 | return nil, ErrCredentials |
| 65 | } |
| 66 | |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 67 | url := options.Endpoint + "/tokens" |
| 68 | err := perigee.Post(url, perigee.Options{ |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 69 | ReqBody: &AuthContainer{ |
| 70 | Auth: getAuthCredentials(options), |
| 71 | }, |
| 72 | Results: &ar, |
| 73 | }) |
| 74 | return ar, err |
| 75 | } |
| 76 | |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 77 | func getAuthCredentials(options AuthOptions) auth { |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 78 | if options.ApiKey == "" { |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 79 | return auth{ |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 80 | PasswordCredentials: &struct { |
| 81 | Username string `json:"username"` |
| 82 | Password string `json:"password"` |
| 83 | }{ |
| 84 | Username: options.Username, |
| 85 | Password: options.Password, |
| 86 | }, |
| 87 | TenantId: options.TenantId, |
| 88 | TenantName: options.TenantName, |
| 89 | } |
| 90 | } else { |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 91 | return auth{ |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 92 | ApiKeyCredentials: &struct { |
| 93 | Username string `json:"username"` |
| 94 | ApiKey string `json:"apiKey"` |
| 95 | }{ |
| 96 | Username: options.Username, |
| 97 | ApiKey: options.ApiKey, |
| 98 | }, |
| 99 | TenantId: options.TenantId, |
| 100 | TenantName: options.TenantName, |
| 101 | } |
| 102 | } |
| 103 | } |
| 104 | |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 105 | type auth struct { |
Samuel A. Falvo II | 8a549ef | 2014-01-24 15:20:54 -0800 | [diff] [blame] | 106 | PasswordCredentials interface{} `json:"passwordCredentials,omitempty"` |
| 107 | ApiKeyCredentials interface{} `json:"RAX-KSKEY:apiKeyCredentials,omitempty"` |
| 108 | TenantId string `json:"tenantId,omitempty"` |
| 109 | TenantName string `json:"tenantName,omitempty"` |
| 110 | } |
Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame^] | 111 | |
| 112 | func GetExtensions(options AuthOptions) (ExtensionsResult, error) { |
| 113 | var exts ExtensionsResult |
| 114 | |
| 115 | url := options.Endpoint + "/extensions" |
| 116 | err := perigee.Get(url, perigee.Options{ |
| 117 | Results: &exts, |
| 118 | }) |
| 119 | return exts, err |
| 120 | } |