| Samuel A. Falvo II | 1d3fa66 | 2013-06-25 15:29:32 -0700 | [diff] [blame] | 1 | package gophercloud |
| 2 | |
| Samuel A. Falvo II | 5d0d74c | 2013-06-25 17:23:18 -0700 | [diff] [blame] | 3 | import ( |
| 4 | "github.com/racker/perigee" |
| 5 | ) |
| 6 | |
| Samuel A. Falvo II | 4e89518 | 2013-06-26 15:44:18 -0700 | [diff] [blame] | 7 | // AuthOptions lets anyone calling Authenticate() supply the required access credentials. |
| 8 | // At present, only Identity V2 API support exists; therefore, only Username, Password, |
| 9 | // and optionally, TenantId are provided. If future Identity API versions become available, |
| 10 | // alternative fields unique to those versions may appear here. |
| Samuel A. Falvo II | 1d3fa66 | 2013-06-25 15:29:32 -0700 | [diff] [blame] | 11 | type AuthOptions struct { |
| Samuel A. Falvo II | 4e89518 | 2013-06-26 15:44:18 -0700 | [diff] [blame] | 12 | // Username and Password are required if using Identity V2 API. |
| 13 | // Consult with your provider's control panel to discover your |
| 14 | // account's username and password. |
| 15 | Username, Password string |
| 16 | |
| 17 | // The TenantId field is optional for the Identity V2 API. |
| 18 | TenantId string |
| Samuel A. Falvo II | 1d3fa66 | 2013-06-25 15:29:32 -0700 | [diff] [blame] | 19 | } |
| 20 | |
| Samuel A. Falvo II | 4e89518 | 2013-06-26 15:44:18 -0700 | [diff] [blame] | 21 | // AuthContainer provides a JSON encoding wrapper for passing credentials to the Identity |
| 22 | // service. You will not work with this structure directly. |
| Samuel A. Falvo II | 5d0d74c | 2013-06-25 17:23:18 -0700 | [diff] [blame] | 23 | type AuthContainer struct { |
| 24 | Auth Auth `json:"auth"` |
| 25 | } |
| 26 | |
| Samuel A. Falvo II | 4e89518 | 2013-06-26 15:44:18 -0700 | [diff] [blame] | 27 | // Auth provides a JSON encoding wrapper for passing credentials to the Identity |
| 28 | // service. You will not work with this structure directly. |
| Samuel A. Falvo II | 5d0d74c | 2013-06-25 17:23:18 -0700 | [diff] [blame] | 29 | type Auth struct { |
| 30 | PasswordCredentials PasswordCredentials `json:"passwordCredentials"` |
| Samuel A. Falvo II | 839428e | 2013-06-25 18:02:24 -0700 | [diff] [blame] | 31 | TenantId string `json:"tenantId,omitempty"` |
| Samuel A. Falvo II | 5d0d74c | 2013-06-25 17:23:18 -0700 | [diff] [blame] | 32 | } |
| 33 | |
| Samuel A. Falvo II | 4e89518 | 2013-06-26 15:44:18 -0700 | [diff] [blame] | 34 | // PasswordCredentials provides a JSON encoding wrapper for passing credentials to the Identity |
| 35 | // service. You will not work with this structure directly. |
| Samuel A. Falvo II | 5d0d74c | 2013-06-25 17:23:18 -0700 | [diff] [blame] | 36 | type PasswordCredentials struct { |
| 37 | Username string `json:"username"` |
| 38 | Password string `json:"password"` |
| 39 | } |
| 40 | |
| Samuel A. Falvo II | d1ee798 | 2013-06-26 14:32:45 -0700 | [diff] [blame] | 41 | // Access encapsulates the API token and its relevant fields, as well as the |
| Samuel A. Falvo II | 2e2b877 | 2013-07-04 15:40:15 -0700 | [diff] [blame] | 42 | // services catalog that Identity API returns once authenticated. |
| Samuel A. Falvo II | d1ee798 | 2013-06-26 14:32:45 -0700 | [diff] [blame] | 43 | type Access struct { |
| 44 | Token Token |
| 45 | ServiceCatalog []CatalogEntry |
| 46 | User User |
| Samuel A. Falvo II | 5d0d74c | 2013-06-25 17:23:18 -0700 | [diff] [blame] | 47 | } |
| 48 | |
| Samuel A. Falvo II | d1ee798 | 2013-06-26 14:32:45 -0700 | [diff] [blame] | 49 | // Token encapsulates an authentication token and when it expires. It also includes |
| 50 | // tenant information if available. |
| 51 | type Token struct { |
| 52 | Id, Expires string |
| 53 | Tenant Tenant |
| 54 | } |
| 55 | |
| 56 | // Tenant encapsulates tenant authentication information. If, after authentication, |
| 57 | // no tenant information is supplied, both Id and Name will be "". |
| 58 | type Tenant struct { |
| 59 | Id, Name string |
| 60 | } |
| 61 | |
| 62 | // User encapsulates the user credentials, and provides visibility in what |
| 63 | // the user can do through its role assignments. |
| 64 | type User struct { |
| 65 | Id, Name string |
| 66 | XRaxDefaultRegion string `json:"RAX-AUTH:defaultRegion"` |
| 67 | Roles []Role |
| 68 | } |
| 69 | |
| 70 | // Role encapsulates a permission that a user can rely on. |
| 71 | type Role struct { |
| 72 | Description, Id, Name string |
| 73 | } |
| 74 | |
| 75 | // CatalogEntry encapsulates a service catalog record. |
| 76 | type CatalogEntry struct { |
| 77 | Name, Type string |
| 78 | Endpoints []EntryEndpoint |
| 79 | } |
| 80 | |
| 81 | // EntryEndpoint encapsulates how to get to the API of some service. |
| 82 | type EntryEndpoint struct { |
| 83 | Region, TenantId string |
| 84 | PublicURL, InternalURL string |
| 85 | VersionId, VersionInfo, VersionList string |
| 86 | } |
| 87 | |
| Samuel A. Falvo II | 4e89518 | 2013-06-26 15:44:18 -0700 | [diff] [blame] | 88 | // Authenticate() grants access to the OpenStack-compatible provider API. |
| 89 | // |
| 90 | // Providers are identified through a unique key string. |
| 91 | // See the RegisterProvider() method for more details. |
| 92 | // |
| 93 | // The supplied AuthOptions instance allows the client to specify only those credentials |
| 94 | // relevant for the authentication request. At present, support exists for OpenStack |
| 95 | // Identity V2 API only; support for V3 will become available as soon as documentation for it |
| 96 | // becomes readily available. |
| 97 | // |
| 98 | // For Identity V2 API requirements, you must provide at least the Username and Password |
| 99 | // options. The TenantId field is optional, and defaults to "". |
| Samuel A. Falvo II | d1ee798 | 2013-06-26 14:32:45 -0700 | [diff] [blame] | 100 | func (c *Context) Authenticate(provider string, options AuthOptions) (*Access, error) { |
| 101 | var access *Access |
| 102 | |
| Samuel A. Falvo II | 5d0d74c | 2013-06-25 17:23:18 -0700 | [diff] [blame] | 103 | p, err := c.ProviderByName(provider) |
| Samuel A. Falvo II | fd78c30 | 2013-06-25 16:35:32 -0700 | [diff] [blame] | 104 | if err != nil { |
| 105 | return nil, err |
| 106 | } |
| Samuel A. Falvo II | fd78c30 | 2013-06-25 16:35:32 -0700 | [diff] [blame] | 107 | if (options.Username == "") || (options.Password == "") { |
| 108 | return nil, ErrCredentials |
| 109 | } |
| Samuel A. Falvo II | 5d0d74c | 2013-06-25 17:23:18 -0700 | [diff] [blame] | 110 | |
| 111 | err = perigee.Post(p.AuthEndpoint, perigee.Options{ |
| 112 | CustomClient: c.httpClient, |
| Samuel A. Falvo II | 839428e | 2013-06-25 18:02:24 -0700 | [diff] [blame] | 113 | ReqBody: &AuthContainer{ |
| Samuel A. Falvo II | 5d0d74c | 2013-06-25 17:23:18 -0700 | [diff] [blame] | 114 | Auth: Auth{ |
| 115 | PasswordCredentials: PasswordCredentials{ |
| 116 | Username: options.Username, |
| 117 | Password: options.Password, |
| 118 | }, |
| 119 | TenantId: options.TenantId, |
| 120 | }, |
| 121 | }, |
| Samuel A. Falvo II | 4e89518 | 2013-06-26 15:44:18 -0700 | [diff] [blame] | 122 | Results: &struct { |
| Samuel A. Falvo II | d1ee798 | 2013-06-26 14:32:45 -0700 | [diff] [blame] | 123 | Access **Access `json:"access"` |
| 124 | }{ |
| 125 | &access, |
| 126 | }, |
| Samuel A. Falvo II | 5d0d74c | 2013-06-25 17:23:18 -0700 | [diff] [blame] | 127 | }) |
| Samuel A. Falvo II | d1ee798 | 2013-06-26 14:32:45 -0700 | [diff] [blame] | 128 | return access, err |
| Samuel A. Falvo II | 1d3fa66 | 2013-06-25 15:29:32 -0700 | [diff] [blame] | 129 | } |
| Samuel A. Falvo II | 2e2b877 | 2013-07-04 15:40:15 -0700 | [diff] [blame] | 130 | |
| 131 | // See AccessProvider interface definition for details. |
| 132 | func (a *Access) FirstEndpointUrlByCriteria(ac ApiCriteria) string { |
| 133 | ep := FindFirstEndpointByCriteria(a.ServiceCatalog, ac) |
| 134 | urls := []string{ep.PublicURL, ep.InternalURL} |
| 135 | return urls[ac.UrlChoice] |
| 136 | } |
| Samuel A. Falvo II | bc0d54a | 2013-07-08 14:45:21 -0700 | [diff] [blame] | 137 | |
| 138 | // See AccessProvider interface definition for details. |
| 139 | func (a *Access) AuthToken() string { |
| 140 | return a.Token.Id |
| 141 | } |