| Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame] | 1 | /* |
| Ash Wilson | 31844f2 | 2014-09-08 15:32:58 -0400 | [diff] [blame] | 2 | Package v2 identity provides convenient OpenStack Identity V2 API client access. |
| Samuel A. Falvo II | 2b96321 | 2014-02-09 02:12:30 -0800 | [diff] [blame] | 3 | This package currently doesn't support the administrative access endpoints, but may appear in the future based on demand. |
| 4 | |
| 5 | Authentication |
| 6 | |
| 7 | Established convention in the OpenStack community suggests the use of environment variables to hold authentication parameters. |
| 8 | For example, the following settings would be sufficient to authenticate against Rackspace: |
| 9 | |
| 10 | # assumes Bash shell on a POSIX environment; use SET command for Windows. |
| 11 | export OS_AUTH_URL=https://identity.api.rackspacecloud.com/v2.0 |
| 12 | export OS_USERNAME=xxxx |
| 13 | export OS_PASSWORD=yyyy |
| 14 | |
| 15 | while you'd need these additional settings to authenticate against, e.g., Nebula One: |
| 16 | |
| 17 | export OS_TENANT_ID=zzzz |
| 18 | export OS_TENANT_NAME=wwww |
| 19 | |
| 20 | Be sure to consult with your provider to see which settings you'll need to authenticate with. |
| 21 | |
| 22 | A skeletal client gets started with Gophercloud by authenticating against his/her provider, like so: |
| 23 | |
| 24 | package main |
| 25 | |
| 26 | import ( |
| 27 | "fmt" |
| 28 | "github.com/rackspace/gophercloud/openstack/identity" |
| 29 | "github.com/rackspace/gophercloud/openstack/utils" |
| 30 | ) |
| 31 | |
| 32 | func main() { |
| 33 | // Create an initialized set of authentication options based on available OS_* |
| 34 | // environment variables. |
| 35 | ao, err := utils.AuthOptions() |
| 36 | if err != nil { |
| 37 | panic(err) |
| 38 | } |
| 39 | |
| 40 | // Attempt to authenticate with them. |
| 41 | r, err := identity.Authenticate(ao) |
| 42 | if err != nil { |
| 43 | panic(err) |
| 44 | } |
| 45 | |
| 46 | // With each authentication, you receive a master directory of all the services |
| 47 | // your account can access. This "service catalog", as OpenStack calls it, |
| 48 | // provides you the means to exploit other OpenStack services. |
| 49 | sc, err := identity.GetServiceCatalog(r) |
| 50 | if err != nil { |
| 51 | panic(err) |
| 52 | } |
| 53 | |
| 54 | // Find the desired service(s) for our application. |
| 55 | computeService, err := findService(sc, "compute", ...) |
| 56 | if err != nil { |
| 57 | panic(err) |
| 58 | } |
| 59 | |
| 60 | blockStorage, err := findService(sc, "block-storage", ...) |
| 61 | if err != nil { |
| 62 | panic(err) |
| 63 | } |
| 64 | |
| 65 | // ... etc ... |
| 66 | } |
| 67 | |
| 68 | NOTE! |
| 69 | Unlike versions 0.1.x of the Gophercloud API, |
| 70 | 0.2.0 and later will not provide a service look-up mechanism as a built-in feature of the Identity SDK binding. |
| 71 | The 0.1.x behavior potentially opened its non-US users to legal liability by potentially selecting endpoints in undesirable regions |
| 72 | in a non-obvious manner if a specific region was not explicitly specified. |
| 73 | Starting with 0.2.0 and beyond, you'll need to use either your own service catalog query function or one in a separate package. |
| 74 | This makes it plainly visible to a code auditor that if you indeed desired automatic selection of an arbitrary region, |
| 75 | you made the conscious choice to use that feature. |
| 76 | |
| 77 | Extensions |
| 78 | |
| 79 | Some OpenStack deployments may support features that other deployments do not. |
| 80 | Anything beyond the scope of standard OpenStack must be scoped by an "extension," a named, yet well-known, change to the API. |
| 81 | Users may invoke IsExtensionAvailable() after grabbing a list of extensions from the server with GetExtensions(). |
| 82 | This of course assumes you know the name of the extension ahead of time. |
| 83 | |
| 84 | Here's a simple example of listing all the aliases for supported extensions. |
| 85 | Once you have an alias to an extension, everything else about it may be queried through accessors. |
| 86 | |
| 87 | package main |
| 88 | |
| 89 | import ( |
| 90 | "fmt" |
| 91 | "github.com/rackspace/gophercloud/openstack/identity" |
| 92 | "github.com/rackspace/gophercloud/openstack/utils" |
| 93 | ) |
| 94 | |
| 95 | func main() { |
| 96 | // Create an initialized set of authentication options based on available OS_* |
| 97 | // environment variables. |
| 98 | ao, err := utils.AuthOptions() |
| 99 | if err != nil { |
| 100 | panic(err) |
| 101 | } |
| 102 | |
| 103 | // Attempt to query extensions. |
| 104 | exts, err := identity.GetExtensions(ao) |
| 105 | if err != nil { |
| 106 | panic(err) |
| 107 | } |
| 108 | |
| 109 | // Print out a summary of supported extensions |
| 110 | aliases, err := exts.Aliases() |
| 111 | if err != nil { |
| 112 | panic(err) |
| 113 | } |
| 114 | fmt.Println("Extension Aliases:") |
| 115 | for _, alias := range aliases { |
| 116 | fmt.Printf(" %s\n", alias) |
| 117 | } |
| 118 | } |
| 119 | */ |
| Ash Wilson | 31844f2 | 2014-09-08 15:32:58 -0400 | [diff] [blame] | 120 | package v2 |