Go OpenStack Exchange

Merge lp:~justin-fathomdb/goose/keystone_improvements into lp:goose

keystone_improvements
Merge into trunk

Proposed by justinsb on 2014-09-10

Status:	Needs review
Proposed branch:	lp:~justin-fathomdb/goose/keystone_improvements
Merge into:	lp:goose
Diff against target:	175 lines (+80/-8) 5 files modified identity/identity.go (+12/-1) identity/keypair.go (+10/-3) identity/keystone.go (+1/-1) identity/tenants.go (+47/-0) identity/userpass.go (+10/-3)
To merge this branch:	bzr merge lp:~justin-fathomdb/goose/keystone_improvements
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Juju Engineering		2014-09-10	Pending
Review via email: mp+234130@code.launchpad.net

Description of the change

Support TenantId & TenantName auth, also support token validation

Let me know if I should split this into two patches!

Revision history for this message

justinsb (justin-fathomdb) wrote on 2014-11-05:

Ping?

Unmerged revisions

119. By justinsb on 2014-09-10: Support TenantId & TenantName, and support validation of tokens

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Go Bot

John A Meinel

Martin Packman

justinsb

 === modified file 'identity/identity.go'
 --- identity/identity.go	2013-09-04 10:35:49 +0000
 +++ identity/identity.go	2014-09-10 14:48:20 +0000
@@ -39,17 +39,28 @@
  type AuthDetails struct {
  	Token             string
  	TenantId          string
++	TenantName        string
  	UserId            string
  	RegionServiceURLs map[string]ServiceURLs // Service type to endpoint URLs for each region
+ }
  // Credentials defines necessary parameters for authentication.
++// For tenant scoping, specify either TenantId or TenantName, not both
  type Credentials struct {
  	URL        string // The URL to authenticate against
  	User       string // The username to authenticate as
  	Secrets    string // The secrets to pass
  	Region     string // Region to send requests to
--	TenantName string // The tenant information for this connection
++	TenantName string // The tenant name for this connection
++	TenantId   string // The tenant id for this connection
++}
++
++// TenantInfo holds more information about a tenant
++type TenantInfo struct {
++	Id          string
++	Name        string
++	Description string
++	Enabled     bool
+ }
  // Authenticator is implemented by each authentication method.
 === modified file 'identity/keypair.go'
 --- identity/keypair.go	2013-05-21 01:07:40 +0000
 +++ identity/keypair.go	2014-09-10 14:48:20 +0000
@@ -19,7 +19,8 @@
  type authKeypairRequest struct {
  	KeypairCredentials keypairCredentials `json:"apiAccessKeyCredentials"`
--	TenantName         string             `json:"tenantName"`
++	TenantName         *string            `json:"tenantName"`
++	TenantId           *string            `json:"tenantId"`
+ }
  type authKeypairWrapper struct {
@@ -30,12 +31,18 @@
  	if u.client == nil {
  		u.client = goosehttp.New()
+ 	}
--	auth := authKeypairWrapper{Auth: authKeypairRequest{
++	authData := authKeypairRequest{
  		KeypairCredentials: keypairCredentials{
  			AccessKey: creds.User,
  			SecretKey: creds.Secrets,
  		},
--		TenantName: creds.TenantName}}
++	}
++	if creds.TenantId != "" {
++		authData.TenantId = &creds.TenantId
++	} else {
++		authData.TenantName = &creds.TenantName
++	}
++	auth := authKeypairWrapper{Auth: authData}
  	return keystoneAuth(u.client, auth, creds.URL)
+ }
 === modified file 'identity/keystone.go'
 --- identity/keystone.go	2013-06-24 23:54:26 +0000
 +++ identity/keystone.go	2014-09-10 14:48:20 +0000
@@ -57,7 +57,6 @@
  // Uses `client` to submit HTTP requests to `URL`
  // and posts `auth_data` as JSON.
  func keystoneAuth(client *goosehttp.Client, auth_data interface{}, URL string) (*AuthDetails, error) {
--
  	var accessWrapper accessWrapper
  	requestData := goosehttp.RequestData{ReqValue: auth_data, RespValue: &accessWrapper}
  	err := client.JsonRequest("POST", URL, "", &requestData, nil)
@@ -73,6 +72,7 @@
+ 	}
  	details.Token = respToken.Id
  	details.TenantId = respToken.Tenant.Id
++	details.TenantName = respToken.Tenant.Name
  	details.UserId = access.User.Id
  	details.RegionServiceURLs = make(map[string]ServiceURLs, len(access.ServiceCatalog))
  	for _, service := range access.ServiceCatalog {
 === added file 'identity/tenants.go'
 --- identity/tenants.go	1970-01-01 00:00:00 +0000
 +++ identity/tenants.go	2014-09-10 14:48:20 +0000
@@ -0,0 +1,47 @@
++package identity
++
++import (
++	goosehttp "launchpad.net/goose/http"
++)
++
++type tenantResponse struct {
++	Id   string `json:"id"`
++	Name string `json:"name"`
++	// Description is a pointer since it may be null and this breaks Go < 1.1
++	Description *string `json:"description"`
++	Enabled     bool    `json:"enabled"`
++}
++
++type validateResponse struct {
++	Tenants []tenantResponse `json:"tenants"`
++}
++
++// ListTenantsForToken gets the tenants associated with a particular token
++// The httpclient is allowed to be nil, it will just use the
++// default http.Client
++func ListTenantsForToken(URL string, token string, client *goosehttp.Client) ([]TenantInfo, error) {
++	if client == nil {
++		client = goosehttp.New()
++	}
++	var validateResponse validateResponse
++	requestData := goosehttp.RequestData{RespValue: &validateResponse}
++	err := client.JsonRequest("GET", URL, token, &requestData, nil)
++	if err != nil {
++		return nil, err
++	}
++
++	tenants := []TenantInfo{}
++
++	for _, tenant := range validateResponse.Tenants {
++		tenantInfo := TenantInfo{}
++		tenantInfo.Id = tenant.Id
++		tenantInfo.Name = tenant.Name
++		if tenant.Description != nil {
++			tenantInfo.Description = *tenant.Description
++		}
++		tenantInfo.Enabled = tenant.Enabled
++
++		tenants = append(tenants, tenantInfo)
++	}
++	return tenants, nil
++}
 === modified file 'identity/userpass.go'
 --- identity/userpass.go	2013-09-04 09:06:21 +0000
 +++ identity/userpass.go	2014-09-10 14:48:20 +0000
@@ -11,7 +11,8 @@
  type authRequest struct {
  	PasswordCredentials passwordCredentials `json:"passwordCredentials"`
--	TenantName          string              `json:"tenantName"`
++	TenantName          *string             `json:"tenantName"`
++	TenantId            *string             `json:"tenantId"`
+ }
  type authWrapper struct {
@@ -26,12 +27,18 @@
  	if u.client == nil {
  		u.client = goosehttp.New()
+ 	}
--	auth := authWrapper{Auth: authRequest{
++	authData := authRequest{
  		PasswordCredentials: passwordCredentials{
  			Username: creds.User,
  			Password: creds.Secrets,
  		},
--		TenantName: creds.TenantName}}
++	}
++	if creds.TenantId != "" {
++		authData.TenantId = &creds.TenantId
++	} else {
++		authData.TenantName = &creds.TenantName
++	}
++	auth := authWrapper{Auth: authData}
  	return keystoneAuth(u.client, auth, creds.URL)
+ }