Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / debian / gophercloud / 0167aaa6c2ba91af68fe5c023b94bdd320c60d1f / . / authenticate.go
blob: edd447c1e1715acd29b6432cda3dbfa1808e0eee [file] [log] [blame]
Samuel A. Falvo II1d3fa662013-06-25 15:29:32 -0700[diff] [blame]1package gophercloud
2
Samuel A. Falvo II5d0d74c2013-06-25 17:23:18 -0700[diff] [blame]3import (
4 "github.com/racker/perigee"
5)
6
Samuel A. Falvo II4e895182013-06-26 15:44:18 -0700[diff] [blame]7// AuthOptions lets anyone calling Authenticate() supply the required access credentials.
8// At present, only Identity V2 API support exists; therefore, only Username, Password,
9// and optionally, TenantId are provided. If future Identity API versions become available,
10// alternative fields unique to those versions may appear here.
Samuel A. Falvo II1d3fa662013-06-25 15:29:32 -0700[diff] [blame]11type AuthOptions struct {
Samuel A. Falvo II4e895182013-06-26 15:44:18 -0700[diff] [blame]12 // Username and Password are required if using Identity V2 API.
13 // Consult with your provider's control panel to discover your
14 // account's username and password.
15 Username, Password string
16
17 // The TenantId field is optional for the Identity V2 API.
18 TenantId string
Samuel A. Falvo II1d3fa662013-06-25 15:29:32 -0700[diff] [blame]19}
20
Samuel A. Falvo II4e895182013-06-26 15:44:18 -0700[diff] [blame]21// AuthContainer provides a JSON encoding wrapper for passing credentials to the Identity
22// service. You will not work with this structure directly.
Samuel A. Falvo II5d0d74c2013-06-25 17:23:18 -0700[diff] [blame]23type AuthContainer struct {
24 Auth Auth `json:"auth"`
25}
26
Samuel A. Falvo II4e895182013-06-26 15:44:18 -0700[diff] [blame]27// Auth provides a JSON encoding wrapper for passing credentials to the Identity
28// service. You will not work with this structure directly.
Samuel A. Falvo II5d0d74c2013-06-25 17:23:18 -0700[diff] [blame]29type Auth struct {
30 PasswordCredentials PasswordCredentials `json:"passwordCredentials"`
Samuel A. Falvo II839428e2013-06-25 18:02:24 -0700[diff] [blame]31 TenantId string `json:"tenantId,omitempty"`
Samuel A. Falvo II5d0d74c2013-06-25 17:23:18 -0700[diff] [blame]32}
33
Samuel A. Falvo II4e895182013-06-26 15:44:18 -0700[diff] [blame]34// PasswordCredentials provides a JSON encoding wrapper for passing credentials to the Identity
35// service. You will not work with this structure directly.
Samuel A. Falvo II5d0d74c2013-06-25 17:23:18 -0700[diff] [blame]36type PasswordCredentials struct {
37 Username string `json:"username"`
38 Password string `json:"password"`
39}
40
Samuel A. Falvo IId1ee7982013-06-26 14:32:45 -0700[diff] [blame]41// Access encapsulates the API token and its relevant fields, as well as the
Samuel A. Falvo II2e2b8772013-07-04 15:40:15 -0700[diff] [blame]42// services catalog that Identity API returns once authenticated.
Samuel A. Falvo IId1ee7982013-06-26 14:32:45 -0700[diff] [blame]43type Access struct {
44 Token Token
45 ServiceCatalog []CatalogEntry
46 User User
Samuel A. Falvo II0167aaa2013-07-16 12:36:25 -0700[diff] [blame^]47 provider Provider `json:"-"`
Samuel A. Falvo II5d0d74c2013-06-25 17:23:18 -0700[diff] [blame]48}
49
Samuel A. Falvo IId1ee7982013-06-26 14:32:45 -0700[diff] [blame]50// Token encapsulates an authentication token and when it expires. It also includes
51// tenant information if available.
52type Token struct {
53 Id, Expires string
54 Tenant Tenant
55}
56
57// Tenant encapsulates tenant authentication information. If, after authentication,
58// no tenant information is supplied, both Id and Name will be "".
59type Tenant struct {
60 Id, Name string
61}
62
63// User encapsulates the user credentials, and provides visibility in what
64// the user can do through its role assignments.
65type User struct {
66 Id, Name string
67 XRaxDefaultRegion string `json:"RAX-AUTH:defaultRegion"`
68 Roles []Role
69}
70
71// Role encapsulates a permission that a user can rely on.
72type Role struct {
73 Description, Id, Name string
74}
75
76// CatalogEntry encapsulates a service catalog record.
77type CatalogEntry struct {
78 Name, Type string
79 Endpoints []EntryEndpoint
80}
81
82// EntryEndpoint encapsulates how to get to the API of some service.
83type EntryEndpoint struct {
84 Region, TenantId string
85 PublicURL, InternalURL string
86 VersionId, VersionInfo, VersionList string
87}
88
Samuel A. Falvo II4e895182013-06-26 15:44:18 -0700[diff] [blame]89// Authenticate() grants access to the OpenStack-compatible provider API.
90//
91// Providers are identified through a unique key string.
92// See the RegisterProvider() method for more details.
93//
94// The supplied AuthOptions instance allows the client to specify only those credentials
95// relevant for the authentication request. At present, support exists for OpenStack
96// Identity V2 API only; support for V3 will become available as soon as documentation for it
97// becomes readily available.
98//
99// For Identity V2 API requirements, you must provide at least the Username and Password
100// options. The TenantId field is optional, and defaults to "".
Samuel A. Falvo IId1ee7982013-06-26 14:32:45 -0700[diff] [blame]101func (c *Context) Authenticate(provider string, options AuthOptions) (*Access, error) {
102 var access *Access
103
Samuel A. Falvo II5d0d74c2013-06-25 17:23:18 -0700[diff] [blame]104 p, err := c.ProviderByName(provider)
Samuel A. Falvo IIfd78c302013-06-25 16:35:32 -0700[diff] [blame]105 if err != nil {
106 return nil, err
107 }
Samuel A. Falvo IIfd78c302013-06-25 16:35:32 -0700[diff] [blame]108 if (options.Username == "") || (options.Password == "") {
109 return nil, ErrCredentials
110 }
Samuel A. Falvo II5d0d74c2013-06-25 17:23:18 -0700[diff] [blame]111
112 err = perigee.Post(p.AuthEndpoint, perigee.Options{
113 CustomClient: c.httpClient,
Samuel A. Falvo II839428e2013-06-25 18:02:24 -0700[diff] [blame]114 ReqBody: &AuthContainer{
Samuel A. Falvo II5d0d74c2013-06-25 17:23:18 -0700[diff] [blame]115 Auth: Auth{
116 PasswordCredentials: PasswordCredentials{
117 Username: options.Username,
118 Password: options.Password,
119 },
120 TenantId: options.TenantId,
121 },
122 },
Samuel A. Falvo II4e895182013-06-26 15:44:18 -0700[diff] [blame]123 Results: &struct {
Samuel A. Falvo IId1ee7982013-06-26 14:32:45 -0700[diff] [blame]124 Access **Access `json:"access"`
125 }{
126 &access,
127 },
Samuel A. Falvo II5d0d74c2013-06-25 17:23:18 -0700[diff] [blame]128 })
Samuel A. Falvo II0167aaa2013-07-16 12:36:25 -0700[diff] [blame^]129 if err == nil {
130 access.provider = p
131 }
Samuel A. Falvo IId1ee7982013-06-26 14:32:45 -0700[diff] [blame]132 return access, err
Samuel A. Falvo II1d3fa662013-06-25 15:29:32 -0700[diff] [blame]133}
Samuel A. Falvo II2e2b8772013-07-04 15:40:15 -0700[diff] [blame]134
135// See AccessProvider interface definition for details.
136func (a *Access) FirstEndpointUrlByCriteria(ac ApiCriteria) string {
137 ep := FindFirstEndpointByCriteria(a.ServiceCatalog, ac)
138 urls := []string{ep.PublicURL, ep.InternalURL}
139 return urls[ac.UrlChoice]
140}
Samuel A. Falvo IIbc0d54a2013-07-08 14:45:21 -0700[diff] [blame]141
142// See AccessProvider interface definition for details.
143func (a *Access) AuthToken() string {
144 return a.Token.Id
145}
Samuel A. Falvo II659e14b2013-07-16 12:04:54 -0700[diff] [blame]146
147// See AccessProvider interface definition for details.
148func (a *Access) Revoke(tok string) error {
Samuel A. Falvo II0167aaa2013-07-16 12:36:25 -0700[diff] [blame^]149 url := a.provider.AuthEndpoint + "/" + tok
150 err := perigee.Delete(url, perigee.Options{
151 MoreHeaders: map[string]string{
152 "X-Auth-Token": a.AuthToken(),
153 },
154 OkCodes: []int{204},
155 })
156 return err
Samuel A. Falvo II659e14b2013-07-16 12:04:54 -0700[diff] [blame]157}