Go OpenStack Exchange

Merge lp:~rogpeppe/goose/state-of-the-world into lp:~rogpeppe/goose/dummy-trunk

state-of-the-world
Merge into dummy-trunk

Proposed by Roger Peppe on 2012-11-26

Status:	Work in progress
Proposed branch:	lp:~rogpeppe/goose/state-of-the-world
Merge into:	lp:~rogpeppe/goose/dummy-trunk
Diff against target:	2685 lines (+2521/-2) 30 files modified .bzrignore (+2/-0) .lbox (+1/-0) .lbox.check (+20/-0) client/client.go (+658/-0) client/client_test.go (+428/-0) errors/errors.go (+17/-0) goose.go (+0/-1) goose_test.go (+0/-1) http/client.go (+185/-0) identity/identity.go (+50/-0) identity/identity_test.go (+67/-0) identity/legacy.go (+45/-0) identity/legacy_test.go (+37/-0) identity/setup_test.go (+10/-0) identity/userpass.go (+111/-0) identity/userpass_test.go (+25/-0) testing/envsuite/envsuite.go (+33/-0) testing/envsuite/envsuite_test.go (+48/-0) testing/httpsuite/httpsuite.go (+43/-0) testing/httpsuite/httpsuite_test.go (+39/-0) testservices/identityservice/identityservice.go (+10/-0) testservices/identityservice/legacy.go (+44/-0) testservices/identityservice/legacy_test.go (+96/-0) testservices/identityservice/service_test.go (+23/-0) testservices/identityservice/setup_test.go (+10/-0) testservices/identityservice/userpass.go (+241/-0) testservices/identityservice/userpass_test.go (+150/-0) testservices/identityservice/util.go (+31/-0) testservices/identityservice/util_test.go (+28/-0) testservices/main.go (+69/-0)
To merge this branch:	bzr merge lp:~rogpeppe/goose/state-of-the-world
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Roger Peppe			Pending
Review via email: mp+136144@code.launchpad.net

Description of the change

goose: all current code

This CL is a way for anyone to comment on
the current state of the Goose world.

https://codereview.appspot.com/6844087/

Revision history for this message

John A Meinel (jameinel) wrote on 2012-11-26:

Just adding a comment so that I get subscribed to any discussions on
this MP.

https://codereview.appspot.com/6844087/

Revision history for this message

Roger Peppe (rogpeppe) wrote on 2012-11-26:

Download full text (15.7 KiB)

Reviewers: mp+136144_code.launchpad.net, john.meinel,

Message:
lots of comments but mostly superficial.

i haven't looked at the tests at all yet, and i have no knowledge of
openstack at all, so can't comment on the deeper aspects of the code.

https://codereview.appspot.com/6844087/diff/1/client/client.go
File client/client.go (right):

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode15
client/client.go:15: OS_API_TOKENS = "/tokens"
CAPITAL_LETTER_CONSTANTS aren't conventional in Go. Moreover, it looks
like these aren't intended to be part of the public API.

how about:

const (
apiTokens = "/tokens"
apiFlavors = ... etc
)

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode24
client/client.go:24: GET = "GET"
unexport. and... can we just use the string constants? i don't see that
defining constants here adds greatly to safety.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode32
client/client.go:32: type OpenStackClient struct {
s/OpenStackClient/Client/ ?

after all goose is all about openstack - i doubt we need to restate
that.

also, needs a doc comment.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode33
client/client.go:33: client *goosehttp.GooseHTTPClient
goosehttp.Client would be a better name.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode39
client/client.go:39: ServiceURLs map[string]string
doc comment (what's the key and value in the map?)

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode45
client/client.go:45: func NewOpenStackClient(creds
*identity.Credentials, auth_method int) *OpenStackClient {
doc comment

also, s/auth_method/authMethod/

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode51
client/client.go:51: case identity.AUTH_LEGACY:
given that the identify package defines these constants and implements
the authentication schemes, how about

client.auth, err = identity.AuthMethod(authMethod)

let the identity package implement this logic.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode59
client/client.go:59: func (c *OpenStackClient) Authenticate() (err
error) {
doc comment.

if you don't use AddErrorContext, you won't need to name the variable.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode60
client/client.go:60: err = nil
d

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode62
client/client.go:62: return fmt.Errorf("Authentication method has not
been specified")
s/fmt.Errorf/errors.New/

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode66
client/client.go:66: gooseerrors.AddErrorContext(&err, "authentication
failed")
return fmt.Errorf("authentication failed: %v", err)

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode70
client/client.go:70: c.TokenId = authDetails.TokenId
might it make sense to simply add the auth details as a field in the
OpenStackClient type?

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode77
client/client.go:77: func (c *OpenStackClient) IsAuthenticated() bool {
doc comment.

https://code...

Reviewers: mp+136144_code.launchpad.net, john.meinel,

Message:
lots of comments but mostly superficial.

i haven't looked at the tests at all yet, and i have no knowledge of
openstack at all, so can't comment on the deeper aspects of the code.

https://codereview.appspot.com/6844087/diff/1/client/client.go
File client/client.go (right):

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode15
client/client.go:15: OS_API_TOKENS               = "/tokens"
CAPITAL_LETTER_CONSTANTS aren't conventional in Go. Moreover, it looks
like these aren't intended to be part of the public API.

how about:

const (
     apiTokens = "/tokens"
     apiFlavors = ... etc
)

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode24
client/client.go:24: GET    = "GET"
unexport. and... can we just use the string constants? i don't see that
defining constants here adds greatly to safety.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode32
client/client.go:32: type OpenStackClient struct {
s/OpenStackClient/Client/ ?

after all goose is all about openstack - i doubt we need to restate
that.

also, needs a doc comment.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode33
client/client.go:33: client *goosehttp.GooseHTTPClient
goosehttp.Client would be a better name.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode39
client/client.go:39: ServiceURLs map[string]string
doc comment (what's the key and value in the map?)

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode45
client/client.go:45: func NewOpenStackClient(creds
*identity.Credentials, auth_method int) *OpenStackClient {
doc comment

also, s/auth_method/authMethod/

client.auth, err = identity.AuthMethod(authMethod)

let the identity package implement this logic.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode59
client/client.go:59: func (c *OpenStackClient) Authenticate() (err
error) {
doc comment.

if you don't use AddErrorContext, you won't need to name the variable.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode60
client/client.go:60: err = nil
d

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode62
client/client.go:62: return fmt.Errorf("Authentication method has not
been specified")
s/fmt.Errorf/errors.New/

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode77
client/client.go:77: func (c *OpenStackClient) IsAuthenticated() bool {
doc comment.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode81
client/client.go:81: type Link struct {
doc comment.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode88
client/client.go:88: // Contains a list of links.
the second sentence doesn't add much info. i can see it contains a list
of links from the type, but what is their significance?

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode95
client/client.go:95: func (c *OpenStackClient) ListFlavors() (flavors
[]Entity, err error) {
doc comment.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode110
client/client.go:110: type FlavorDetail struct {
doc comment. and on the fields too. (what kind of thing does the Disk
field hold? the number of disks?).
alternatively, a URL to the relevant piece of documentation can be good.

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode116
client/client.go:116: Swap  interface{} // Can be an empty string (?!)
What type should we expect here?

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode119
client/client.go:119: func (c *OpenStackClient) ListFlavorsDetail()
(flavors []FlavorDetail, err error) {
doc comment.
it's not clear to me how the FlavorDetails returned by this method mesh
with the Entities returned by ListFlavors. do the Name fields match?

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode127
client/client.go:127: gooseerrors.AddErrorContext(&err, "failed to get
list of flavors details")
fmt.Errorf

https://codereview.appspot.com/6844087/diff/1/client/client.go#newcode142
client/client.go:142: gooseerrors.AddErrorContext(&err, "failed to get
list of servers")
fmt.Errorf

https://codereview.appspot.com/6844087/diff/1/errors/errors.go
File errors/errors.go (right):

https://codereview.appspot.com/6844087/diff/1/errors/errors.go#newcode13
errors/errors.go:13: func AddErrorContext(err *error, format string,
args ...interface{}) {
if we're going to have this function, can we name it the same as in
juju-core - ErrorContextf ?
might be worth naming the package "trivial" for the same reason, making
code more easily moveable between the two projects if necessary.

BTW the entire point of the signature of ErrorContextf is to make it
possible to defer it and have an error context automatically added.
Using it instead of fmt.Errorf misses the point.

https://codereview.appspot.com/6844087/diff/1/http/client.go
File http/client.go (right):

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode16
http/client.go:16: type GooseHTTPClient struct {
s/GooseHTTPClient/Client/

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode20
http/client.go:20: type ErrorResponse struct {
looks like this doesn't need to exported.

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode27
http/client.go:27: return fmt.Sprintf("Failed: %d %s: %s", e.Code,
e.Title, e.Message)
goose request failed:
?

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode30
http/client.go:30: type ErrorWrapper struct {
ditto

also, it might be nice to include some context on it was that failed
(e.g. the url) rather than just "Failed: ".

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode34
http/client.go:34: type RequestData struct {
doc comment

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode51
http/client.go:51: err = nil
d (it starts off as nil)

and lose the named error return. they're prone to errors in more
involved functions.

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode55
http/client.go:55: )
rather than having two piece of code that call http.NewRequest, why not
something like this?

var body string
if reqData.ReqValue != nil {
      body = ...
}
req, err := http.NewRequest(method, url, strings.NewReader(body))

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode59
http/client.go:59: gooseerrors.AddErrorContext(&err, "failed marshalling
the request body")
return fmt.Errorf("failed ...: %v", err)

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode68
http/client.go:68: gooseerrors.AddErrorContext(&err, "failed creating
the request")
fmt.Errorf

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode83
http/client.go:83: gooseerrors.AddErrorContext(&err, "failed
unmarshaling the response body: %s", respBody)
fmt.Errorf

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode90
http/client.go:90: // Sends the supplied byte array (if any) to the
specified URL.
BinaryRequest sends

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode134
http/client.go:134: if extraHeaders != nil {
d
(it's fine to range on a nil map)

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode144
http/client.go:144: gooseerrors.AddErrorContext(&err, "failed executing
the request")
this context is not very useful. some information about the request that
failed might make it so.

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode157
http/client.go:157: if !foundStatus && len(expectedStatus) > 0 {
if !foundStatus {

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode163
http/client.go:163: var wrappedErr ErrorWrapper
var wrappedErr struct {
     Error ErrorResponse `json:"error"`
}

and lose the WrappedError type ?

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode168
http/client.go:168: err = errors.New(
fmt.Errorf
but... since the remote side has gone to the trouble of providing a nice
json error response, and we're parsing it, it would only seem polite to
make that information available in the error we're returning.

that is, instead of having the polymorphic errInfo type, we could have
two branches here, one which returns the ErrorResponse; the other would
return a string form as a fallback.

https://codereview.appspot.com/6844087/diff/1/http/client.go#newcode178
http/client.go:178: respBody, err = ioutil.ReadAll(rawResp.Body)
i think it's probably better to return the response directly here rather
than slurping it into a []byte, so the caller can see what response was
actually returned, for example. YMMV though.

https://codereview.appspot.com/6844087/diff/1/identity/identity.go
File identity/identity.go (right):

https://codereview.appspot.com/6844087/diff/1/identity/identity.go#newcode8
identity/identity.go:8: AUTH_LEGACY = iota
authLegacy ?

https://codereview.appspot.com/6844087/diff/1/identity/identity.go#newcode12
identity/identity.go:12: type AuthDetails struct {
doc comment

https://codereview.appspot.com/6844087/diff/1/identity/identity.go#newcode19
identity/identity.go:19: type Credentials struct {
doc comment

https://codereview.appspot.com/6844087/diff/1/identity/identity.go#newcode27
identity/identity.go:27: type Authenticator interface {
doc comment - particularly crucial here.

https://codereview.appspot.com/6844087/diff/1/identity/identity.go#newcode34
identity/identity.go:34: value = os.Getenv(v)
if value := os.Getenv(v); value != "" {
     return value
}

then return "" at the end and lose the named return variable.

https://codereview.appspot.com/6844087/diff/1/identity/identity.go#newcode42
identity/identity.go:42: func CredentialsFromEnv() *Credentials {
doc comment.

are some of these credentials optional? ISTM that some reflection code
in environ/openstack could be avoided if this function returned an
error.

https://codereview.appspot.com/6844087/diff/1/identity/legacy.go
File identity/legacy.go (right):

https://codereview.appspot.com/6844087/diff/1/identity/legacy.go#newcode15
identity/legacy.go:15: l.client = &http.Client{CheckRedirect: nil}
s/CheckRedirect: nil//

or just l.client = new(http.Client)

https://codereview.appspot.com/6844087/diff/1/identity/legacy.go#newcode24
identity/legacy.go:24: defer response.Body.Close()
this will crash if the Do request fails. move it after the error check.

https://codereview.appspot.com/6844087/diff/1/identity/legacy.go#newcode33
identity/legacy.go:33: details := &AuthDetails{}
var details AuthDetails ?

https://codereview.appspot.com/6844087/diff/1/identity/legacy.go#newcode36
identity/legacy.go:36: return nil, fmt.Errorf("Did not get valid Token
from auth request")
generally we keep error messages as lower case.

"token not found in auth request" ?

https://codereview.appspot.com/6844087/diff/1/identity/legacy.go#newcode40
identity/legacy.go:40: return nil, fmt.Errorf("Did not get valid
management URL from auth request")
"management URL not found in auth request" ?

https://codereview.appspot.com/6844087/diff/1/identity/userpass.go
File identity/userpass.go (right):

https://codereview.appspot.com/6844087/diff/1/identity/userpass.go#newcode9
identity/userpass.go:9: type PasswordCredentials struct {
do all the below types need to be exported?
it looks to me like they're part of the internal implementation of
UserPass.

https://codereview.appspot.com/6844087/diff/1/identity/userpass.go#newcode69
identity/userpass.go:69: type UserPass struct {
doc comment.

https://codereview.appspot.com/6844087/diff/1/testing/envsuite/envsuite.go
File testing/envsuite/envsuite.go (right):

https://codereview.appspot.com/6844087/diff/1/testing/envsuite/envsuite.go#newcode3
testing/envsuite/envsuite.go:3: // Provides an EnvSuite type which makes
sure this test suite gets an isolated
this should be a package level comment.

// The envsuite package provides ...
package envsuite

but to be honest, i'm not sure this or httpsuite justifies its own
package - they could both live together quite happily in the testing
package itself.

https://codereview.appspot.com/6844087/diff/1/testservices/identityservice/userpass.go
File testservices/identityservice/userpass.go (right):

https://codereview.appspot.com/6844087/diff/1/testservices/identityservice/userpass.go#newcode12
testservices/identityservice/userpass.go:12: type ErrorResponse struct {
do all the below types need to be exported?

it makes it much easier to work out what's important about a package if
only externally necessary parts are exported.

https://codereview.appspot.com/6844087/diff/1/testservices/identityservice/util.go
File testservices/identityservice/util.go (right):

https://codereview.appspot.com/6844087/diff/1/testservices/identityservice/util.go#newcode16
testservices/identityservice/util.go:16: raw_bytes := make([]byte, 16)
rawBytes
or just "raw", or "buf"?

the latter is probably most conventional.

https://codereview.appspot.com/6844087/diff/1/testservices/identityservice/util.go#newcode17
testservices/identityservice/util.go:17: n, err := rand.Read(raw_bytes)
io.ReadFull

https://codereview.appspot.com/6844087/diff/1/testservices/identityservice/util.go#newcode18
testservices/identityservice/util.go:18: if n != 16 || err != nil {
if err != nil {

https://codereview.appspot.com/6844087/diff/1/testservices/identityservice/util.go#newcode22
testservices/identityservice/util.go:22: }
return fmt.Sprintf("%x", ...)

https://codereview.appspot.com/6844087/diff/1/testservices/main.go
File testservices/main.go (right):

https://codereview.appspot.com/6844087/diff/1/testservices/main.go#newcode14
testservices/main.go:14: }
func (uv userInfo) String() {
     return fmt.Sprint("%s:%s", user, secret)
}

not that it would actually get used unless you've got some defaults set
up.

https://codereview.appspot.com/6844087/diff/1/testservices/main.go#newcode20
testservices/main.go:20: vals := strings.Split(s, ":")
the secret can't contain a colon?

Description:
goose: all current code

This CL is a way for anyone to comment on
the current state of the Goose world.

https://code.launchpad.net/~rogpeppe/goose/state-of-the-world/+merge/136144

(do not edit description out of merge proposal)

Please review this at https://codereview.appspot.com/6844087/

Affected files:
   A .bzrignore
   A .lbox
   A .lbox.check
   A [revision details]
   A client/client.go
   A client/client_test.go
   A errors/errors.go
   M goose.go
   M goose_test.go
   A http/client.go
   A identity/identity.go
   A identity/identity_test.go
   A identity/legacy.go
   A identity/legacy_test.go
   A identity/setup_test.go
   A identity/userpass.go
   A identity/userpass_test.go
   A testing/envsuite/envsuite.go
   A testing/envsuite/envsuite_test.go
   A testing/httpsuite/httpsuite.go
   A testing/httpsuite/httpsuite_test.go
   A testservices/identityservice/identityservice.go
   A testservices/identityservice/legacy.go
   A testservices/identityservice/legacy_test.go
   A testservices/identityservice/service_test.go
   A testservices/identityservice/setup_test.go
   A testservices/identityservice/userpass.go
   A testservices/identityservice/userpass_test.go
   A testservices/identityservice/util.go
   A testservices/identityservice/util_test.go
   A testservices/main.go

Revision history for this message

John A Meinel (jameinel) wrote on 2012-11-26:

https://codereview.appspot.com/6844087/diff/1/identity/identity.go
File identity/identity.go (right):

https://codereview.appspot.com/6844087/diff/1/identity/identity.go#newcode8
identity/identity.go:8: AUTH_LEGACY = iota
On 2012/11/26 12:51:38, rog wrote:
> authLegacy ?

This one is actually part of the public api. Though AuthLegacy would be
ok.

https://codereview.appspot.com/6844087/

Revision history for this message

Roger Peppe (rogpeppe) wrote on 2012-11-26:

https://codereview.appspot.com/6844087/diff/1/identity/identity.go
File identity/identity.go (right):

https://codereview.appspot.com/6844087/diff/1/identity/identity.go#newcode8
identity/identity.go:8: AUTH_LEGACY = iota
On 2012/11/26 16:30:58, john.meinel wrote:
> On 2012/11/26 12:51:38, rog wrote:
> > authLegacy ?

> This one is actually part of the public api. Though AuthLegacy would
be ok.

yeah, i saw that. although, given that the auth method is an argument to
NewOpenStackClient, perhaps it wouldn't be unreasonable to ask clients
to pass in an auth method value themselves, rather than a constant that
implies one. alternatively, you could make these constants of a type
that has a Method() Authenticator method.

requiring external clients to enumerate all the possible auth methods
when we can easily make the linkage here seems somewhat unnecessary.

i'm probably missing something crucial though.

https://codereview.appspot.com/6844087/

Revision history for this message

John A Meinel (jameinel) wrote on 2012-11-27:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

...

>> This one is actually part of the public api. Though AuthLegacy
>> would
> be ok.
>
> yeah, i saw that. although, given that the auth method is an
> argument to NewOpenStackClient, perhaps it wouldn't be unreasonable
> to ask clients to pass in an auth method value themselves, rather
> than a constant that implies one. alternatively, you could make
> these constants of a type that has a Method() Authenticator
> method.
>
> requiring external clients to enumerate all the possible auth
> methods when we can easily make the linkage here seems somewhat
> unnecessary.
>
> i'm probably missing something crucial though.
>

Ultimately the auth that we pick has to come from the
environments.yaml file. Because it depends heavily on what openstack
cloud we are connecting to. (HP's auth is different from Rackspace, is
different from Canonistack, etc.)

So ideally the outside-of-goose level would just be a string request
of an auth to use, of a specific set of enumerated constants.

John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Cygwin)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlC0QPcACgkQJdeBCYSNAANURwCgzxS64UxSnFL2spmLcUEbtKPI
7Q4AoLlK1FjFBaLcHgdxoaARbM193kSx
=COy9
-----END PGP SIGNATURE-----

Revision history for this message

Roger Peppe (rogpeppe) wrote on 2012-11-27:

On 27 November 2012 04:26, John Arbash Meinel <email address hidden> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> ...
>
>
>>> This one is actually part of the public api. Though AuthLegacy
>>> would
>> be ok.
>>
>> yeah, i saw that. although, given that the auth method is an
>> argument to NewOpenStackClient, perhaps it wouldn't be unreasonable
>> to ask clients to pass in an auth method value themselves, rather
>> than a constant that implies one. alternatively, you could make
>> these constants of a type that has a Method() Authenticator
>> method.
>>
>> requiring external clients to enumerate all the possible auth
>> methods when we can easily make the linkage here seems somewhat
>> unnecessary.
>>
>> i'm probably missing something crucial though.
>>
>
> Ultimately the auth that we pick has to come from the
> environments.yaml file. Because it depends heavily on what openstack
> cloud we are connecting to. (HP's auth is different from Rackspace, is
> different from Canonistack, etc.)
>
> So ideally the outside-of-goose level would just be a string request
> of an auth to use, of a specific set of enumerated constants.

if this is the case, then something that maps from string to authenticator
type might seem more appropriate - the intermediate iota-based constants
still seem a little redundant.

Unmerged revisions

19. By Ian Booth on 2012-11-21

gofmt fixes

18. By Ian Booth on 2012-11-21

Extract identity functionality from client, and also extract common HTTP methods

17. By Martin Packman on 2012-11-19

Various changes including swift client calls

16. By Martin Packman on 2012-11-19

Add .lbox config to make proposing using lbox easier

Also add .lbox.check script from juju-core, to make sure go fmt is run before
proposing a change.

15. By John A Meinel on 2012-11-18

Implement getting credentials from environment variables.

14. By Martin Packman on 2012-11-16

Add customisation of service catalog in test identity service

13. By John A Meinel on 2012-11-14

Remove an unused import in client.

12. By John A Meinel on 2012-11-14

go fmt

11. By Dimiter Naydenov on 2012-11-13

Finished live server tests for all implemented API calls

10. By Dimiter Naydenov on 2012-11-13

Merge trunk

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Roger Peppe

 === added file '.bzrignore'
 --- .bzrignore	1970-01-01 00:00:00 +0000
 +++ .bzrignore	2012-11-26 11:24:05 +0000
@@ -0,0 +1,2 @@
++./tags
++testservices/testservices*
 === added file '.lbox'
 --- .lbox	1970-01-01 00:00:00 +0000
 +++ .lbox	2012-11-26 11:24:05 +0000
@@ -0,0 +1,1 @@
++propose -cr -for lp:goose
 === added file '.lbox.check'
 --- .lbox.check	1970-01-01 00:00:00 +0000
 +++ .lbox.check	2012-11-26 11:24:05 +0000
@@ -0,0 +1,20 @@
++#!/bin/sh
++
++set -e
++
++BADFMT=`find * -name '*.go' | xargs gofmt -l`
++if [ -n "$BADFMT" ]; then
++	BADFMT=`echo "$BADFMT" | sed "s/^/  /"`
++	echo "gofmt is sad:\n\n$BADFMT"
++	exit 1
++fi
++
++VERSION=`go version | awk '{print $3}'`
++if [ $VERSION == 'devel' ]; then
++	go tool vet \
++		-methods \
++		-printf \
++		-rangeloops \
++		-printfuncs ErrorContextf:1 \
++		.
++fi
 === added directory 'client'
 === added file 'client/client.go'
 --- client/client.go	1970-01-01 00:00:00 +0000
 +++ client/client.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,658 @@
++package client
++
++import (
++	"encoding/base64"
++	"errors"
++	"fmt"
++	gooseerrors "launchpad.net/goose/errors"
++	goosehttp "launchpad.net/goose/http"
++	"launchpad.net/goose/identity"
++	"net/http"
++	"net/url"
++)
++
++const (
++	OS_API_TOKENS               = "/tokens"
++	OS_API_FLAVORS              = "/flavors"
++	OS_API_FLAVORS_DETAIL       = "/flavors/detail"
++	OS_API_SERVERS              = "/servers"
++	OS_API_SERVERS_DETAIL       = "/servers/detail"
++	OS_API_SECURITY_GROUPS      = "/os-security-groups"
++	OS_API_SECURITY_GROUP_RULES = "/os-security-group-rules"
++	OS_API_FLOATING_IPS         = "/os-floating-ips"
++
++	GET    = "GET"
++	POST   = "POST"
++	PUT    = "PUT"
++	DELETE = "DELETE"
++	HEAD   = "HEAD"
++	COPY   = "COPY"
++)
++
++type OpenStackClient struct {
++	client *goosehttp.GooseHTTPClient
++
++	creds *identity.Credentials
++	auth  identity.Authenticator
++
++	//TODO - store service urls by region.
++	ServiceURLs map[string]string
++	TokenId     string
++	TenantId    string
++	UserId      string
++}
++
++func NewOpenStackClient(creds *identity.Credentials, auth_method int) *OpenStackClient {
++	client := OpenStackClient{creds: creds}
++	client.creds.URL = client.creds.URL + OS_API_TOKENS
++	switch auth_method {
++	default:
++		panic(fmt.Errorf("Invalid identity authorisation method: %d", auth_method))
++	case identity.AUTH_LEGACY:
++		client.auth = &identity.Legacy{}
++	case identity.AUTH_USERPASS:
++		client.auth = &identity.UserPass{}
++	}
++	return &client
++}
++
++func (c *OpenStackClient) Authenticate() (err error) {
++	err = nil
++	if c.auth == nil {
++		return fmt.Errorf("Authentication method has not been specified")
++	}
++	authDetails, err := c.auth.Auth(c.creds)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "authentication failed")
++		return
++	}
++
++	c.TokenId = authDetails.TokenId
++	c.TenantId = authDetails.TenantId
++	c.UserId = authDetails.UserId
++	c.ServiceURLs = authDetails.ServiceURLs
++	return nil
++}
++
++func (c *OpenStackClient) IsAuthenticated() bool {
++	return c.TokenId != ""
++}
++
++type Link struct {
++	Href string
++	Rel  string
++	Type string
++}
++
++// Entity can describe a flavor, flavor detail or server.
++// Contains a list of links.
++type Entity struct {
++	Id    string
++	Links []Link
++	Name  string
++}
++
++func (c *OpenStackClient) ListFlavors() (flavors []Entity, err error) {
++
++	var resp struct {
++		Flavors []Entity
++	}
++	requestData := goosehttp.RequestData{RespValue: &resp}
++	err = c.authRequest(GET, "compute", OS_API_FLAVORS, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to get list of flavors")
++		return
++	}
++
++	return resp.Flavors, nil
++}
++
++type FlavorDetail struct {
++	Name  string
++	RAM   int
++	VCPUs int
++	Disk  int
++	Id    string
++	Swap  interface{} // Can be an empty string (?!)
++}
++
++func (c *OpenStackClient) ListFlavorsDetail() (flavors []FlavorDetail, err error) {
++
++	var resp struct {
++		Flavors []FlavorDetail
++	}
++	requestData := goosehttp.RequestData{RespValue: &resp}
++	err = c.authRequest(GET, "compute", OS_API_FLAVORS_DETAIL, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to get list of flavors details")
++		return
++	}
++
++	return resp.Flavors, nil
++}
++
++func (c *OpenStackClient) ListServers() (servers []Entity, err error) {
++
++	var resp struct {
++		Servers []Entity
++	}
++	requestData := goosehttp.RequestData{RespValue: &resp, ExpectedStatus: []int{http.StatusOK}}
++	err = c.authRequest(GET, "compute", OS_API_SERVERS, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to get list of servers")
++		return
++	}
++	return resp.Servers, nil
++}
++
++type ServerDetail struct {
++	AddressIPv4 string
++	AddressIPv6 string
++	Created     string
++	Flavor      Entity
++	HostId      string
++	Id          string
++	Image       Entity
++	Links       []Link
++	Name        string
++	Progress    int
++	Status      string
++	TenantId    string `json:"tenant_id"`
++	Updated     string
++	UserId      string `json:"user_id"`
++}
++
++func (c *OpenStackClient) ListServersDetail() (servers []ServerDetail, err error) {
++
++	var resp struct {
++		Servers []ServerDetail
++	}
++	requestData := goosehttp.RequestData{RespValue: &resp}
++	err = c.authRequest(GET, "compute", OS_API_SERVERS_DETAIL, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to get list of servers details")
++		return
++	}
++
++	return resp.Servers, nil
++}
++
++func (c *OpenStackClient) GetServer(serverId string) (ServerDetail, error) {
++
++	var resp struct {
++		Server ServerDetail
++	}
++	url := fmt.Sprintf("%s/%s", OS_API_SERVERS, serverId)
++	requestData := goosehttp.RequestData{RespValue: &resp}
++	err := c.authRequest(GET, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to get details for serverId=%s", serverId)
++		return ServerDetail{}, err
++	}
++
++	return resp.Server, nil
++}
++
++func (c *OpenStackClient) DeleteServer(serverId string) error {
++
++	var resp struct {
++		Server ServerDetail
++	}
++	url := fmt.Sprintf("%s/%s", OS_API_SERVERS, serverId)
++	requestData := goosehttp.RequestData{RespValue: &resp, ExpectedStatus: []int{http.StatusNoContent}}
++	err := c.authRequest(DELETE, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to delete server with serverId=%s", serverId)
++		return err
++	}
++
++	return nil
++}
++
++type RunServerOpts struct {
++	Name               string  `json:"name"`
++	FlavorId           string  `json:"flavorRef"`
++	ImageId            string  `json:"imageRef"`
++	UserData           *string `json:"user_data"`
++	SecurityGroupNames []struct {
++		Name string `json:"name"`
++	} `json:"security_groups"`
++}
++
++func (c *OpenStackClient) RunServer(opts RunServerOpts) (err error) {
++
++	var req struct {
++		Server RunServerOpts `json:"server"`
++	}
++	req.Server = opts
++	if opts.UserData != nil {
++		data := []byte(*opts.UserData)
++		encoded := base64.StdEncoding.EncodeToString(data)
++		req.Server.UserData = &encoded
++	}
++	requestData := goosehttp.RequestData{ReqValue: req, ExpectedStatus: []int{http.StatusAccepted}}
++	err = c.authRequest(POST, "compute", OS_API_SERVERS, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to run a server with %#v", opts)
++	}
++
++	return
++}
++
++type SecurityGroupRule struct {
++	FromPort      *int              `json:"from_port"`   // Can be nil
++	IPProtocol    *string           `json:"ip_protocol"` // Can be nil
++	ToPort        *int              `json:"to_port"`     // Can be nil
++	ParentGroupId int               `json:"parent_group_id"`
++	IPRange       map[string]string `json:"ip_range"` // Can be empty
++	Id            int
++	Group         map[string]string // Can be empty
++}
++
++type SecurityGroup struct {
++	Rules       []SecurityGroupRule
++	TenantId    string `json:"tenant_id"`
++	Id          int
++	Name        string
++	Description string
++}
++
++func (c *OpenStackClient) ListSecurityGroups() (groups []SecurityGroup, err error) {
++
++	var resp struct {
++		Groups []SecurityGroup `json:"security_groups"`
++	}
++	requestData := goosehttp.RequestData{RespValue: &resp}
++	err = c.authRequest(GET, "compute", OS_API_SECURITY_GROUPS, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to list security groups")
++		return nil, err
++	}
++
++	return resp.Groups, nil
++}
++
++func (c *OpenStackClient) GetServerSecurityGroups(serverId string) (groups []SecurityGroup, err error) {
++
++	var resp struct {
++		Groups []SecurityGroup `json:"security_groups"`
++	}
++	url := fmt.Sprintf("%s/%s/%s", OS_API_SERVERS, serverId, OS_API_SECURITY_GROUPS)
++	requestData := goosehttp.RequestData{RespValue: &resp}
++	err = c.authRequest(GET, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to list server (%s) security groups", serverId)
++		return nil, err
++	}
++
++	return resp.Groups, nil
++}
++
++func (c *OpenStackClient) CreateSecurityGroup(name, description string) (group SecurityGroup, err error) {
++
++	var req struct {
++		SecurityGroup struct {
++			Name        string `json:"name"`
++			Description string `json:"description"`
++		} `json:"security_group"`
++	}
++	req.SecurityGroup.Name = name
++	req.SecurityGroup.Description = description
++
++	var resp struct {
++		SecurityGroup SecurityGroup `json:"security_group"`
++	}
++	requestData := goosehttp.RequestData{ReqValue: req, RespValue: &resp, ExpectedStatus: []int{http.StatusOK}}
++	err = c.authRequest(POST, "compute", OS_API_SECURITY_GROUPS, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to create a security group with name=%s", name)
++	}
++	group = resp.SecurityGroup
++
++	return
++}
++
++func (c *OpenStackClient) DeleteSecurityGroup(groupId int) (err error) {
++
++	url := fmt.Sprintf("%s/%d", OS_API_SECURITY_GROUPS, groupId)
++	requestData := goosehttp.RequestData{ExpectedStatus: []int{http.StatusAccepted}}
++	err = c.authRequest(DELETE, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to delete a security group with id=%d", groupId)
++	}
++
++	return
++}
++
++type RuleInfo struct {
++	IPProtocol    string `json:"ip_protocol"`     // Required, if GroupId is nil
++	FromPort      int    `json:"from_port"`       // Required, if GroupId is nil
++	ToPort        int    `json:"to_port"`         // Required, if GroupId is nil
++	Cidr          string `json:"cidr"`            // Required, if GroupId is nil
++	GroupId       *int   `json:"group_id"`        // If nil, FromPort/ToPort/IPProtocol must be set
++	ParentGroupId int    `json:"parent_group_id"` // Required always
++}
++
++func (c *OpenStackClient) CreateSecurityGroupRule(ruleInfo RuleInfo) (rule SecurityGroupRule, err error) {
++
++	var req struct {
++		SecurityGroupRule RuleInfo `json:"security_group_rule"`
++	}
++	req.SecurityGroupRule = ruleInfo
++
++	var resp struct {
++		SecurityGroupRule SecurityGroupRule `json:"security_group_rule"`
++	}
++
++	requestData := goosehttp.RequestData{ReqValue: req, RespValue: &resp}
++	err = c.authRequest(POST, "compute", OS_API_SECURITY_GROUP_RULES, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to create a rule for the security group with id=%s", ruleInfo.GroupId)
++	}
++
++	return resp.SecurityGroupRule, err
++}
++
++func (c *OpenStackClient) DeleteSecurityGroupRule(ruleId int) (err error) {
++
++	url := fmt.Sprintf("%s/%d", OS_API_SECURITY_GROUP_RULES, ruleId)
++	requestData := goosehttp.RequestData{ExpectedStatus: []int{http.StatusAccepted}}
++	err = c.authRequest(DELETE, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to delete a security group rule with id=%d", ruleId)
++	}
++
++	return
++}
++
++func (c *OpenStackClient) AddServerSecurityGroup(serverId, groupName string) (err error) {
++
++	var req struct {
++		AddSecurityGroup struct {
++			Name string `json:"name"`
++		} `json:"addSecurityGroup"`
++	}
++	req.AddSecurityGroup.Name = groupName
++
++	url := fmt.Sprintf("%s/%s/action", OS_API_SERVERS, serverId)
++	requestData := goosehttp.RequestData{ReqValue: req, ExpectedStatus: []int{http.StatusAccepted}}
++	err = c.authRequest(POST, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to add security group '%s' from server with id=%s", groupName, serverId)
++	}
++	return
++}
++
++func (c *OpenStackClient) RemoveServerSecurityGroup(serverId, groupName string) (err error) {
++
++	var req struct {
++		RemoveSecurityGroup struct {
++			Name string `json:"name"`
++		} `json:"removeSecurityGroup"`
++	}
++	req.RemoveSecurityGroup.Name = groupName
++
++	url := fmt.Sprintf("%s/%s/action", OS_API_SERVERS, serverId)
++	requestData := goosehttp.RequestData{ReqValue: req, ExpectedStatus: []int{http.StatusAccepted}}
++	err = c.authRequest(POST, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to remove security group '%s' from server with id=%s", groupName, serverId)
++	}
++	return
++}
++
++type FloatingIP struct {
++	FixedIP    interface{} `json:"fixed_ip"` // Can be a string or null
++	Id         int         `json:"id"`
++	InstanceId interface{} `json:"instance_id"` // Can be a string or null
++	IP         string      `json:"ip"`
++	Pool       string      `json:"pool"`
++}
++
++func (c *OpenStackClient) ListFloatingIPs() (ips []FloatingIP, err error) {
++
++	var resp struct {
++		FloatingIPs []FloatingIP `json:"floating_ips"`
++	}
++
++	requestData := goosehttp.RequestData{RespValue: &resp}
++	err = c.authRequest(GET, "compute", OS_API_FLOATING_IPS, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to list floating ips")
++	}
++
++	return resp.FloatingIPs, err
++}
++
++func (c *OpenStackClient) GetFloatingIP(ipId int) (ip FloatingIP, err error) {
++
++	var resp struct {
++		FloatingIP FloatingIP `json:"floating_ip"`
++	}
++
++	url := fmt.Sprintf("%s/%d", OS_API_FLOATING_IPS, ipId)
++	requestData := goosehttp.RequestData{RespValue: &resp}
++	err = c.authRequest(GET, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to get floating ip %d details", ipId)
++	}
++
++	return resp.FloatingIP, err
++}
++
++func (c *OpenStackClient) AllocateFloatingIP() (ip FloatingIP, err error) {
++
++	var resp struct {
++		FloatingIP FloatingIP `json:"floating_ip"`
++	}
++
++	requestData := goosehttp.RequestData{RespValue: &resp}
++	err = c.authRequest(POST, "compute", OS_API_FLOATING_IPS, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to allocate a floating ip")
++	}
++
++	return resp.FloatingIP, err
++}
++
++func (c *OpenStackClient) DeleteFloatingIP(ipId int) (err error) {
++
++	url := fmt.Sprintf("%s/%d", OS_API_FLOATING_IPS, ipId)
++	requestData := goosehttp.RequestData{ExpectedStatus: []int{http.StatusAccepted}}
++	err = c.authRequest(DELETE, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to delete floating ip %d details", ipId)
++	}
++
++	return
++}
++
++func (c *OpenStackClient) AddServerFloatingIP(serverId, address string) (err error) {
++
++	var req struct {
++		AddFloatingIP struct {
++			Address string `json:"address"`
++		} `json:"addFloatingIp"`
++	}
++	req.AddFloatingIP.Address = address
++
++	url := fmt.Sprintf("%s/%s/action", OS_API_SERVERS, serverId)
++	requestData := goosehttp.RequestData{ReqValue: req, ExpectedStatus: []int{http.StatusAccepted}}
++	err = c.authRequest(POST, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to add floating ip %s to server %s", address, serverId)
++	}
++
++	return
++}
++
++func (c *OpenStackClient) RemoveServerFloatingIP(serverId, address string) (err error) {
++
++	var req struct {
++		RemoveFloatingIP struct {
++			Address string `json:"address"`
++		} `json:"removeFloatingIp"`
++	}
++	req.RemoveFloatingIP.Address = address
++
++	url := fmt.Sprintf("%s/%s/action", OS_API_SERVERS, serverId)
++	requestData := goosehttp.RequestData{ReqValue: req, ExpectedStatus: []int{http.StatusAccepted}}
++	err = c.authRequest(POST, "compute", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to remove floating ip %s to server %s", address, serverId)
++	}
++
++	return
++}
++
++func (c *OpenStackClient) CreateContainer(containerName string) (err error) {
++
++	// Juju expects there to be a (semi) public url for some objects. This
++	// could probably be more restrictive or placed in a seperate container
++	// with some refactoring, but for now just make everything public.
++	headers := make(http.Header)
++	headers.Add("X-Container-Read", ".r:*")
++	url := fmt.Sprintf("/%s", containerName)
++	requestData := goosehttp.RequestData{ReqHeaders: headers, ExpectedStatus: []int{http.StatusAccepted, http.StatusCreated}}
++	err = c.authRequest(PUT, "object-store", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to create container %s.", containerName)
++	}
++
++	return
++}
++
++func (c *OpenStackClient) DeleteContainer(containerName string) (err error) {
++
++	url := fmt.Sprintf("/%s", containerName)
++	requestData := goosehttp.RequestData{ExpectedStatus: []int{http.StatusNoContent}}
++	err = c.authRequest(DELETE, "object-store", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to delete container %s.", containerName)
++	}
++
++	return
++}
++
++func (c *OpenStackClient) PublicObjectURL(containerName, objectName string) (url string, err error) {
++	path := fmt.Sprintf("/%s/%s", containerName, objectName)
++	return c.makeUrl("object-store", []string{path}, nil)
++}
++
++func (c *OpenStackClient) HeadObject(containerName, objectName string) (headers http.Header, err error) {
++
++	url, err := c.PublicObjectURL(containerName, objectName)
++	if err != nil {
++		return nil, err
++	}
++	requestData := goosehttp.RequestData{ReqHeaders: headers, ExpectedStatus: []int{http.StatusOK}}
++	err = c.authRequest(HEAD, "object-store", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to HEAD object %s from container %s", objectName, containerName)
++		return nil, err
++	}
++	return headers, nil
++}
++
++func (c *OpenStackClient) GetObject(containerName, objectName string) (obj []byte, err error) {
++
++	url, err := c.PublicObjectURL(containerName, objectName)
++	if err != nil {
++		return nil, err
++	}
++	requestData := goosehttp.RequestData{RespData: &obj, ExpectedStatus: []int{http.StatusOK}}
++	err = c.authBinaryRequest(GET, "object-store", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to GET object %s content from container %s", objectName, containerName)
++		return nil, err
++	}
++	return obj, nil
++}
++
++func (c *OpenStackClient) DeleteObject(containerName, objectName string) (err error) {
++
++	url, err := c.PublicObjectURL(containerName, objectName)
++	if err != nil {
++		return err
++	}
++	requestData := goosehttp.RequestData{ExpectedStatus: []int{http.StatusAccepted}}
++	err = c.authRequest(DELETE, "object-store", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to DELETE object %s content from container %s", objectName, containerName)
++	}
++	return err
++}
++
++func (c *OpenStackClient) PutObject(containerName, objectName string, data []byte) (err error) {
++
++	url, err := c.PublicObjectURL(containerName, objectName)
++	if err != nil {
++		return err
++	}
++	requestData := goosehttp.RequestData{ReqData: data, ExpectedStatus: []int{http.StatusAccepted}}
++	err = c.authBinaryRequest(PUT, "object-store", url, nil, &requestData)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed to PUT object %s content from container %s", objectName, containerName)
++	}
++	return err
++}
++
++////////////////////////////////////////////////////////////////////////
++// Private helpers
++
++// makeUrl prepares a full URL to a service endpoint, with optional
++// URL parts, appended to it and optional query string params. It
++// uses the first endpoint it can find for the given service type
++func (c *OpenStackClient) makeUrl(serviceType string, parts []string, params url.Values) (string, error) {
++	url, ok := c.ServiceURLs[serviceType]
++	if !ok {
++		return "", errors.New("no endpoints known for service type: " + serviceType)
++	}
++	for _, part := range parts {
++		url += part
++	}
++	if params != nil {
++		url += "?" + params.Encode()
++	}
++	return url, nil
++}
++
++func (c *OpenStackClient) setupRequest(svcType, apiCall string, params url.Values, requestData *goosehttp.RequestData) (url string, err error) {
++	if !c.IsAuthenticated() {
++		return "", errors.New("not authenticated")
++	}
++
++	url, err = c.makeUrl(svcType, []string{apiCall}, params)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "cannot find a '%s' node endpoint", svcType)
++		return
++	}
++
++	if c.client == nil {
++		c.client = &goosehttp.GooseHTTPClient{http.Client{CheckRedirect: nil}}
++	}
++
++	if requestData.ReqHeaders == nil {
++		requestData.ReqHeaders = make(http.Header)
++	}
++	requestData.ReqHeaders.Add("X-Auth-Token", c.TokenId)
++	return
++}
++
++func (c *OpenStackClient) authRequest(method, svcType, apiCall string, params url.Values, requestData *goosehttp.RequestData) (err error) {
++	url, err := c.setupRequest(svcType, apiCall, params, requestData)
++	if err != nil {
++		return
++	}
++	err = c.client.JsonRequest(method, url, requestData)
++	return
++}
++
++func (c *OpenStackClient) authBinaryRequest(method, svcType, apiCall string, params url.Values, requestData *goosehttp.RequestData) (err error) {
++	url, err := c.setupRequest(svcType, apiCall, params, requestData)
++	if err != nil {
++		return
++	}
++	err = c.client.BinaryRequest(method, url, requestData)
++	return
++}
 === added file 'client/client_test.go'
 --- client/client_test.go	1970-01-01 00:00:00 +0000
 +++ client/client_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,428 @@
++package client_test
++
++import (
++	"flag"
++	. "launchpad.net/gocheck"
++	"launchpad.net/goose/client"
++	"launchpad.net/goose/identity"
++	"testing"
++	"time"
++)
++
++// Hook up gocheck into the gotest runner.
++func Test(t *testing.T) { TestingT(t) }
++
++var live = flag.Bool("live", false, "Include live OpenStack (Canonistack) tests")
++
++type ClientSuite struct {
++	client       *client.OpenStackClient
++	testServerId string
++	skipAuth     bool
++}
++
++func (s *ClientSuite) SetUpSuite(c *C) {
++	if !*live {
++		c.Skip("-live not provided")
++	}
++
++	cred := identity.CredentialsFromEnv()
++	for i, p := range []string{cred.User, cred.Secrets, cred.TenantName, cred.Region, cred.URL} {
++		if p == "" {
++			c.Fatalf("required environment variable not set: %d", i)
++		}
++	}
++
++	s.client = client.NewOpenStackClient(cred, identity.AUTH_USERPASS)
++	s.skipAuth = true // set after TestAuthenticate
++
++}
++
++// Create a test server needed to run some of the tests
++func (s *ClientSuite) SetUpTestServer(c *C) {
++	if s.testServerId != "" {
++		return // Already done
++	}
++	s.SetUpTest(c) // Authenticate if needed
++	ro := client.RunServerOpts{
++		Name:     "test_server1",
++		FlavorId: "1",                                    // m1.tiny
++		ImageId:  "3fc0ef0b-82a9-4f44-a797-a43f0f73b20e", // smoser-cloud-images/ubuntu-precise-12.04-i386-server-20120424.manifest.xml
++	}
++	err := s.client.RunServer(ro)
++	if err != nil {
++		c.Fatal("Error starting test server: " + err.Error())
++	}
++
++	// Now find it and save its ID
++	servers, err := s.client.ListServers()
++	c.Check(err, IsNil)
++	for _, sr := range servers {
++		if sr.Name == "test_server1" {
++			s.testServerId = sr.Id
++			// Give it some time to initialize
++			time.Sleep(8 * time.Second)
++			break
++		}
++	}
++	if s.testServerId == "" {
++		c.Fatalf("cannot start test server")
++	}
++}
++
++func (s *ClientSuite) TearDownSuite(c *C) {
++	if s.testServerId != "" {
++		// Remove the test server we created earlier
++		err := s.client.DeleteServer(s.testServerId)
++		c.Assert(err, IsNil)
++	}
++}
++
++func (s *ClientSuite) SetUpTest(c *C) {
++	if !s.skipAuth && !s.client.IsAuthenticated() {
++		err := s.client.Authenticate()
++		c.Assert(err, IsNil)
++		c.Logf("authenticated")
++	}
++}
++
++var suite = Suite(&ClientSuite{})
++
++func (s *ClientSuite) TestAuthenticateFail(c *C) {
++	cred := identity.CredentialsFromEnv()
++	cred.User = "fred"
++	cred.Secrets = "broken"
++	cred.Region = ""
++	var osclient *client.OpenStackClient = client.NewOpenStackClient(cred, identity.AUTH_USERPASS)
++	c.Assert(osclient.IsAuthenticated(), Equals, false)
++	var err error
++	err = osclient.Authenticate()
++	c.Assert(err, ErrorMatches, "authentication failed.*")
++}
++
++func (s *ClientSuite) TestAuthenticate(c *C) {
++	var err error
++	err = s.client.Authenticate()
++	c.Assert(err, IsNil)
++	c.Assert(s.client.IsAuthenticated(), Equals, true)
++
++	// Check service endpoints are discovered
++	c.Assert(s.client.ServiceURLs["compute"], NotNil)
++	c.Assert(s.client.ServiceURLs["swift"], NotNil)
++
++	s.skipAuth = false
++
++	// Since this is the first test, get the test server running ASAP
++	s.SetUpTestServer(c)
++}
++
++func (s *ClientSuite) TestListFlavors(c *C) {
++	flavors, err := s.client.ListFlavors()
++	c.Assert(err, IsNil)
++	if len(flavors) < 1 {
++		c.Fatalf("no flavors to list")
++	}
++	for _, f := range flavors {
++		c.Assert(f.Id, Not(Equals), "")
++		c.Assert(f.Name, Not(Equals), "")
++		for _, l := range f.Links {
++			c.Assert(l.Href, Matches, "https?://.*")
++			c.Assert(l.Rel, Matches, "self|bookmark")
++		}
++	}
++}
++
++func (s *ClientSuite) TestListFlavorsDetail(c *C) {
++	flavors, err := s.client.ListFlavorsDetail()
++	c.Assert(err, IsNil)
++	if len(flavors) < 1 {
++		c.Fatalf("no flavors (details) to list")
++	}
++	for _, f := range flavors {
++		c.Assert(f.Name, Not(Equals), "")
++		c.Assert(f.Id, Not(Equals), "")
++		if f.RAM < 0 || f.VCPUs < 0 || f.Disk < 0 {
++			c.Fatalf("invalid flavor found: %#v", f)
++		}
++	}
++}
++
++func (s *ClientSuite) TestListServers(c *C) {
++	servers, err := s.client.ListServers()
++	c.Assert(err, IsNil)
++	foundTest := false
++	for _, sr := range servers {
++		c.Assert(sr.Id, Not(Equals), "")
++		c.Assert(sr.Name, Not(Equals), "")
++		if sr.Id == s.testServerId {
++			c.Assert(sr.Name, Equals, "test_server1")
++			foundTest = true
++		}
++		for _, l := range sr.Links {
++			c.Assert(l.Href, Matches, "https?://.*")
++			c.Assert(l.Rel, Matches, "self|bookmark")
++		}
++	}
++	if !foundTest {
++		c.Fatalf("test server (%s) not found in server list", s.testServerId)
++	}
++}
++
++func (s *ClientSuite) TestListServersDetail(c *C) {
++	servers, err := s.client.ListServersDetail()
++	c.Assert(err, IsNil)
++	if len(servers) < 1 {
++		c.Fatalf("no servers to list (expected at least 1)")
++	}
++	foundTest := false
++	for _, sr := range servers {
++		c.Assert(sr.Created, Matches, `\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.*`)
++		c.Assert(sr.Updated, Matches, `\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.*`)
++		c.Assert(sr.Id, Not(Equals), "")
++		c.Assert(sr.HostId, Not(Equals), "")
++		c.Assert(sr.TenantId, Equals, s.client.TenantId)
++		c.Assert(sr.UserId, Equals, s.client.UserId)
++		c.Assert(sr.Status, Not(Equals), "")
++		c.Assert(sr.Name, Not(Equals), "")
++		if sr.Id == s.testServerId {
++			c.Assert(sr.Name, Equals, "test_server1")
++			c.Assert(sr.Flavor.Id, Equals, "1")
++			c.Assert(sr.Image.Id, Equals, "3fc0ef0b-82a9-4f44-a797-a43f0f73b20e")
++			foundTest = true
++		}
++		for _, l := range sr.Links {
++			c.Assert(l.Href, Matches, "https?://.*")
++			c.Assert(l.Rel, Matches, "self|bookmark")
++		}
++		c.Assert(sr.Flavor.Id, Not(Equals), "")
++		for _, f := range sr.Flavor.Links {
++			c.Assert(f.Href, Matches, "https?://.*")
++			c.Assert(f.Rel, Matches, "self|bookmark")
++		}
++		c.Assert(sr.Image.Id, Not(Equals), "")
++		for _, i := range sr.Image.Links {
++			c.Assert(i.Href, Matches, "https?://.*")
++			c.Assert(i.Rel, Matches, "self|bookmark")
++		}
++	}
++	if !foundTest {
++		c.Fatalf("test server (%s) not found in server list (details)", s.testServerId)
++	}
++}
++
++func (s *ClientSuite) TestListSecurityGroups(c *C) {
++	groups, err := s.client.ListSecurityGroups()
++	c.Assert(err, IsNil)
++	if len(groups) < 1 {
++		c.Fatalf("no security groups found (expected at least 1)")
++	}
++	for _, g := range groups {
++		c.Assert(g.TenantId, Equals, s.client.TenantId)
++		c.Assert(g.Name, Not(Equals), "")
++		c.Assert(g.Description, Not(Equals), "")
++		c.Assert(g.Rules, NotNil)
++	}
++}
++
++func (s *ClientSuite) TestCreateAndDeleteSecurityGroup(c *C) {
++	group, err := s.client.CreateSecurityGroup("test_secgroup", "test_desc")
++	c.Check(err, IsNil)
++	c.Check(group.Name, Equals, "test_secgroup")
++	c.Check(group.Description, Equals, "test_desc")
++
++	groups, err := s.client.ListSecurityGroups()
++	found := false
++	for _, g := range groups {
++		if g.Id == group.Id {
++			found = true
++			break
++		}
++	}
++	if found {
++		err = s.client.DeleteSecurityGroup(group.Id)
++		c.Check(err, IsNil)
++	} else {
++		c.Fatalf("test security group (%d) not found", group.Id)
++	}
++}
++
++func (s *ClientSuite) TestCreateAndDeleteSecurityGroupRules(c *C) {
++	group1, err := s.client.CreateSecurityGroup("test_secgroup1", "test_desc")
++	c.Check(err, IsNil)
++	group2, err := s.client.CreateSecurityGroup("test_secgroup2", "test_desc")
++	c.Check(err, IsNil)
++
++	// First type of rule - port range + protocol
++	ri := client.RuleInfo{
++		IPProtocol:    "tcp",
++		FromPort:      1234,
++		ToPort:        4321,
++		Cidr:          "10.0.0.0/8",
++		ParentGroupId: group1.Id,
++	}
++	rule, err := s.client.CreateSecurityGroupRule(ri)
++	c.Check(err, IsNil)
++	c.Check(*rule.FromPort, Equals, 1234)
++	c.Check(*rule.ToPort, Equals, 4321)
++	c.Check(rule.ParentGroupId, Equals, group1.Id)
++	c.Check(*rule.IPProtocol, Equals, "tcp")
++	c.Check(rule.Group, HasLen, 0)
++	err = s.client.DeleteSecurityGroupRule(rule.Id)
++	c.Check(err, IsNil)
++
++	// Second type of rule - inherited from another group
++	ri = client.RuleInfo{
++		GroupId:       &group2.Id,
++		ParentGroupId: group1.Id,
++	}
++	rule, err = s.client.CreateSecurityGroupRule(ri)
++	c.Check(err, IsNil)
++	c.Check(rule.ParentGroupId, Equals, group1.Id)
++	c.Check(rule.Group["tenant_id"], Equals, s.client.TenantId)
++	c.Check(rule.Group["name"], Equals, "test_secgroup2")
++	err = s.client.DeleteSecurityGroupRule(rule.Id)
++	c.Check(err, IsNil)
++
++	err = s.client.DeleteSecurityGroup(group1.Id)
++	c.Check(err, IsNil)
++	err = s.client.DeleteSecurityGroup(group2.Id)
++	c.Check(err, IsNil)
++}
++
++func (s *ClientSuite) TestGetServer(c *C) {
++	server, err := s.client.GetServer(s.testServerId)
++	c.Assert(err, IsNil)
++	c.Assert(server.Id, Equals, s.testServerId)
++	c.Assert(server.Name, Equals, "test_server1")
++	c.Assert(server.Flavor.Id, Equals, "1")
++	c.Assert(server.Image.Id, Equals, "3fc0ef0b-82a9-4f44-a797-a43f0f73b20e")
++}
++
++func (s *ClientSuite) waitTestServerToStart(c *C) {
++	// Wait until the test server is actually running
++	c.Logf("waiting the test server %s to start...", s.testServerId)
++	for {
++		server, err := s.client.GetServer(s.testServerId)
++		c.Check(err, IsNil)
++		if server.Status == "ACTIVE" {
++			break
++		}
++		// There's a rate limit of max 10 POSTs per minute!
++		time.Sleep(10 * time.Second)
++	}
++	c.Logf("started")
++}
++
++func (s *ClientSuite) TestServerAddGetRemoveSecurityGroup(c *C) {
++	group, err := s.client.CreateSecurityGroup("test_server_secgroup", "test desc")
++	c.Assert(err, IsNil)
++
++	s.waitTestServerToStart(c)
++	err = s.client.AddServerSecurityGroup(s.testServerId, group.Name)
++	c.Check(err, IsNil)
++	groups, err := s.client.GetServerSecurityGroups(s.testServerId)
++	c.Check(err, IsNil)
++	found := false
++	for _, g := range groups {
++		if g.Id == group.Id || g.Name == group.Name {
++			found = true
++			break
++		}
++	}
++	err = s.client.RemoveServerSecurityGroup(s.testServerId, group.Name)
++	c.Check(err, IsNil)
++
++	err = s.client.DeleteSecurityGroup(group.Id)
++	c.Assert(err, IsNil)
++
++	if !found {
++		c.Fail()
++	}
++}
++
++func (s *ClientSuite) TestFloatingIPs(c *C) {
++	ip, err := s.client.AllocateFloatingIP()
++	c.Assert(err, IsNil)
++	c.Check(ip.IP, Not(Equals), "")
++	c.Check(ip.Pool, Not(Equals), "")
++	c.Check(ip.FixedIP, IsNil)
++	c.Check(ip.InstanceId, IsNil)
++
++	ips, err := s.client.ListFloatingIPs()
++	c.Check(err, IsNil)
++	if len(ips) < 1 {
++		c.Errorf("no floating IPs found (expected at least 1)")
++	} else {
++		found := false
++		for _, i := range ips {
++			c.Check(i.IP, Not(Equals), "")
++			c.Check(i.Pool, Not(Equals), "")
++			if i.Id == ip.Id {
++				c.Check(i.IP, Equals, ip.IP)
++				c.Check(i.Pool, Equals, ip.Pool)
++				found = true
++			}
++		}
++		if !found {
++			c.Errorf("expected to find added floating IP: %#v", ip)
++		}
++
++		fip, err := s.client.GetFloatingIP(ip.Id)
++		c.Check(err, IsNil)
++		c.Check(fip.Id, Equals, ip.Id)
++		c.Check(fip.IP, Equals, ip.IP)
++		c.Check(fip.Pool, Equals, ip.Pool)
++	}
++	err = s.client.DeleteFloatingIP(ip.Id)
++	c.Check(err, IsNil)
++}
++
++func (s *ClientSuite) TestServerFloatingIPs(c *C) {
++	ip, err := s.client.AllocateFloatingIP()
++	c.Assert(err, IsNil)
++	c.Check(ip.IP, Matches, `\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}`)
++
++	s.waitTestServerToStart(c)
++	err = s.client.AddServerFloatingIP(s.testServerId, ip.IP)
++	c.Check(err, IsNil)
++
++	fip, err := s.client.GetFloatingIP(ip.Id)
++	c.Check(err, IsNil)
++	c.Check(fip.FixedIP, Matches, `\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}`)
++	c.Check(fip.InstanceId, Equals, s.testServerId)
++
++	err = s.client.RemoveServerFloatingIP(s.testServerId, ip.IP)
++	c.Check(err, IsNil)
++	fip, err = s.client.GetFloatingIP(ip.Id)
++	c.Check(err, IsNil)
++	c.Check(fip.FixedIP, IsNil)
++	c.Check(fip.InstanceId, IsNil)
++
++	err = s.client.DeleteFloatingIP(ip.Id)
++	c.Check(err, IsNil)
++}
++
++func (s *ClientSuite) TestCreateAndDeleteContainer(c *C) {
++	container := "test_container"
++	err := s.client.CreateContainer(container)
++	c.Check(err, IsNil)
++	err = s.client.DeleteContainer(container)
++	c.Check(err, IsNil)
++}
++
++func (s *ClientSuite) TestObjects(c *C) {
++
++	container := "test_container"
++	object := "test_obj"
++	data := []byte("...some data...")
++	err := s.client.CreateContainer(container)
++	c.Check(err, IsNil)
++	err = s.client.PutObject(container, object, data)
++	c.Check(err, IsNil)
++	objdata, err := s.client.GetObject(container, object)
++	c.Check(err, IsNil)
++	c.Check(objdata, Equals, data)
++	err = s.client.DeleteObject(container, object)
++	c.Check(err, IsNil)
++	err = s.client.DeleteContainer(container)
++	c.Check(err, IsNil)
++}
 === added directory 'errors'
 === added file 'errors/errors.go'
 --- errors/errors.go	1970-01-01 00:00:00 +0000
 +++ errors/errors.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,17 @@
++// Utility functions for reporting errors.
++
++package errors
++
++import (
++	"errors"
++	"fmt"
++)
++
++// AddErrorContext prefixes any error stored in err with text formatted
++// according to the format specifier. If err does not contain an error,
++// AddErrorContext does nothing.
++func AddErrorContext(err *error, format string, args ...interface{}) {
++	if *err != nil {
++		*err = errors.New(fmt.Sprintf(format, args...) + ": " + (*err).Error())
++	}
++}
 === modified file 'goose.go'
 --- goose.go	2012-10-30 08:18:14 +0000
 +++ goose.go	2012-11-26 11:24:05 +0000
@@ -1,2 +1,1 @@
  package goose
--
 === modified file 'goose_test.go'
 --- goose_test.go	2012-10-30 08:18:14 +0000
 +++ goose_test.go	2012-11-26 11:24:05 +0000
@@ -13,4 +13,3 @@
+ }
  var _ = Suite(&GooseTestSuite{})
--
 === added directory 'http'
 === added file 'http/client.go'
 --- http/client.go	1970-01-01 00:00:00 +0000
 +++ http/client.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,185 @@
++// An HTTP Client which sends json and binary requests, handling data marshalling and response processing.
++
++package http
++
++import (
++	"bytes"
++	"encoding/json"
++	"errors"
++	"fmt"
++	"io/ioutil"
++	gooseerrors "launchpad.net/goose/errors"
++	"net/http"
++	"strings"
++)
++
++type GooseHTTPClient struct {
++	http.Client
++}
++
++type ErrorResponse struct {
++	Message string `json:"message"`
++	Code    int    `json:"code"`
++	Title   string `json:"title"`
++}
++
++func (e *ErrorResponse) Error() string {
++	return fmt.Sprintf("Failed: %d %s: %s", e.Code, e.Title, e.Message)
++}
++
++type ErrorWrapper struct {
++	Error ErrorResponse `json:"error"`
++}
++
++type RequestData struct {
++	ReqHeaders     http.Header
++	ExpectedStatus []int
++	ReqValue       interface{}
++	RespValue      interface{}
++	ReqData        []byte
++	RespData       *[]byte
++}
++
++// JsonRequest JSON encodes and sends the supplied object (if any) to the specified URL.
++// Optional method arguments are pass using the RequestData object.
++// Relevant RequestData fields:
++// ReqHeaders: additional HTTP header values to add to the request.
++// ExpectedStatus: the allowed HTTP response status values, else an error is returned.
++// ReqValue: the data object to send.
++// RespValue: the data object to decode the result into.
++func (c *GooseHTTPClient) JsonRequest(method, url string, reqData *RequestData) (err error) {
++	err = nil
++	var (
++		req  *http.Request
++		body []byte
++	)
++	if reqData.ReqValue != nil {
++		body, err = json.Marshal(reqData.ReqValue)
++		if err != nil {
++			gooseerrors.AddErrorContext(&err, "failed marshalling the request body")
++			return
++		}
++		reqBody := strings.NewReader(string(body))
++		req, err = http.NewRequest(method, url, reqBody)
++	} else {
++		req, err = http.NewRequest(method, url, nil)
++	}
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed creating the request")
++		return
++	}
++	req.Header.Add("Content-Type", "application/json")
++	req.Header.Add("Accept", "application/json")
++
++	respBody, err := c.sendRequest(req, reqData.ReqHeaders, reqData.ExpectedStatus, string(body))
++	if err != nil {
++		return
++	}
++
++	if len(respBody) > 0 {
++		if reqData.RespValue != nil {
++			err = json.Unmarshal(respBody, &reqData.RespValue)
++			if err != nil {
++				gooseerrors.AddErrorContext(&err, "failed unmarshaling the response body: %s", respBody)
++			}
++		}
++	}
++	return
++}
++
++// Sends the supplied byte array (if any) to the specified URL.
++// Optional method arguments are pass using the RequestData object.
++// Relevant RequestData fields:
++// ReqHeaders: additional HTTP header values to add to the request.
++// ExpectedStatus: the allowed HTTP response status values, else an error is returned.
++// ReqData: the byte array to send.
++// RespData: the byte array to decode the result into.
++func (c *GooseHTTPClient) BinaryRequest(method, url string, reqData *RequestData) (err error) {
++	err = nil
++
++	var req *http.Request
++
++	if reqData.ReqData != nil {
++		rawReqReader := bytes.NewReader(reqData.ReqData)
++		req, err = http.NewRequest(method, url, rawReqReader)
++	} else {
++		req, err = http.NewRequest(method, url, nil)
++	}
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed creating the request")
++		return
++	}
++	req.Header.Add("Content-Type", "application/octet-stream")
++	req.Header.Add("Accept", "application/octet-stream")
++
++	respBody, err := c.sendRequest(req, reqData.ReqHeaders, reqData.ExpectedStatus, string(reqData.ReqData))
++	if err != nil {
++		return
++	}
++
++	if len(respBody) > 0 {
++		if reqData.RespData != nil {
++			*reqData.RespData = respBody
++		}
++	}
++	return
++}
++
++// Sends the specified request and checks that the HTTP response status is as expected.
++// req: the request to send.
++// extraHeaders: additional HTTP headers to include with the request.
++// expectedStatus: a slice of allowed response status codes.
++// payloadInfo: a string to include with an error message if something goes wrong.
++func (c *GooseHTTPClient) sendRequest(req *http.Request, extraHeaders http.Header, expectedStatus []int, payloadInfo string) (respBody []byte, err error) {
++	if extraHeaders != nil {
++		for header, values := range extraHeaders {
++			for _, value := range values {
++				req.Header.Add(header, value)
++			}
++		}
++	}
++
++	rawResp, err := c.Do(req)
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed executing the request")
++		return
++	}
++	foundStatus := false
++	if len(expectedStatus) == 0 {
++		expectedStatus = []int{http.StatusOK}
++	}
++	for _, status := range expectedStatus {
++		if rawResp.StatusCode == status {
++			foundStatus = true
++			break
++		}
++	}
++	if !foundStatus && len(expectedStatus) > 0 {
++		defer rawResp.Body.Close()
++		var errInfo interface{}
++		errInfo, _ = ioutil.ReadAll(rawResp.Body)
++		// Check if we have a JSON representation of the failure, if so decode it.
++		if rawResp.Header.Get("Content-Type") == "application/json" {
++			var wrappedErr ErrorWrapper
++			if err := json.Unmarshal(errInfo.([]byte), &wrappedErr); err == nil {
++				errInfo = wrappedErr.Error
++			}
++		}
++		err = errors.New(
++			fmt.Sprintf(
++				"request (%s) returned unexpected status: %s; error info: %v; request body: %s",
++				req.URL,
++				rawResp.Status,
++				errInfo,
++				payloadInfo))
++		return
++	}
++
++	respBody, err = ioutil.ReadAll(rawResp.Body)
++	rawResp.Body.Close()
++	if err != nil {
++		gooseerrors.AddErrorContext(&err, "failed reading the response body")
++		return
++	}
++	return
++}
 === added directory 'identity'
 === added file 'identity/identity.go'
 --- identity/identity.go	1970-01-01 00:00:00 +0000
 +++ identity/identity.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,50 @@
++package identity
++
++import (
++	"os"
++)
++
++const (
++	AUTH_LEGACY = iota
++	AUTH_USERPASS
++)
++
++type AuthDetails struct {
++	TokenId     string
++	TenantId    string
++	UserId      string
++	ServiceURLs map[string]string
++}
++
++type Credentials struct {
++	URL        string // The URL to authenticate against
++	User       string // The username to authenticate as
++	Secrets    string // The secrets to pass
++	Region     string // Region to send requests to
++	TenantName string // The tenant information for this connection
++}
++
++type Authenticator interface {
++	Auth(creds *Credentials) (*AuthDetails, error)
++}
++
++func getConfig(envVars ...string) (value string) {
++	value = ""
++	for _, v := range envVars {
++		value = os.Getenv(v)
++		if value != "" {
++			break
++		}
++	}
++	return
++}
++
++func CredentialsFromEnv() *Credentials {
++	return &Credentials{
++		URL:        getConfig("OS_AUTH_URL"),
++		User:       getConfig("OS_USERNAME", "NOVA_USERNAME"),
++		Secrets:    getConfig("OS_PASSWORD", "NOVA_PASSWORD"),
++		Region:     getConfig("OS_REGION_NAME", "NOVA_REGION"),
++		TenantName: getConfig("OS_TENANT_NAME", "NOVA_PROJECT_ID"),
++	}
++}
 === added file 'identity/identity_test.go'
 --- identity/identity_test.go	1970-01-01 00:00:00 +0000
 +++ identity/identity_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,67 @@
++package identity
++
++import (
++	. "launchpad.net/gocheck"
++	"launchpad.net/goose/testing/envsuite"
++	"os"
++)
++
++type CredentialsTestSuite struct {
++	// Isolate all of these tests from the real Environ.
++	envsuite.EnvSuite
++}
++
++var _ = Suite(&CredentialsTestSuite{})
++
++func (s *CredentialsTestSuite) TestCredentialsFromEnv(c *C) {
++	var scenarios = []struct {
++		summary  string
++		env      map[string]string
++		username string
++		password string
++		tenant   string
++		region   string
++		authURL  string
++	}{
++		{summary: "Old 'NOVA' style creds",
++			env: map[string]string{
++				"NOVA_USERNAME": "test-user",
++				"NOVA_PASSWORD": "test-pass",
++				// TODO: JAM 20121118 There exists a 'tenant
++				// name' and a 'tenant id'. Does
++				// NOVA_PROJECT_ID map to the 'tenant id' or to
++				// the tenant name? ~/.canonistack/novarc says
++				// tenant_name.
++				"NOVA_PROJECT_ID": "tenant-name",
++				"NOVA_REGION":     "region",
++			},
++			username: "test-user",
++			password: "test-pass",
++			tenant:   "tenant-name",
++			region:   "region",
++		},
++		{summary: "New 'OS' style environment",
++			env: map[string]string{
++				"OS_USERNAME":    "test-user",
++				"OS_PASSWORD":    "test-pass",
++				"OS_TENANT_NAME": "tenant-name",
++				"OS_REGION_NAME": "region",
++			},
++			username: "test-user",
++			password: "test-pass",
++			tenant:   "tenant-name",
++			region:   "region",
++		},
++	}
++	for _, scenario := range scenarios {
++		for key, value := range scenario.env {
++			os.Setenv(key, value)
++		}
++		creds := CredentialsFromEnv()
++		c.Check(creds.URL, Equals, scenario.authURL)
++		c.Check(creds.User, Equals, scenario.username)
++		c.Check(creds.Secrets, Equals, scenario.password)
++		c.Check(creds.Region, Equals, scenario.region)
++		c.Check(creds.TenantName, Equals, scenario.tenant)
++	}
++}
 === added file 'identity/legacy.go'
 --- identity/legacy.go	1970-01-01 00:00:00 +0000
 +++ identity/legacy.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,45 @@
++package identity
++
++import (
++	"fmt"
++	"io/ioutil"
++	"net/http"
++)
++
++type Legacy struct {
++	client *http.Client
++}
++
++func (l *Legacy) Auth(creds *Credentials) (*AuthDetails, error) {
++	if l.client == nil {
++		l.client = &http.Client{CheckRedirect: nil}
++	}
++	request, err := http.NewRequest("GET", creds.URL, nil)
++	if err != nil {
++		return nil, err
++	}
++	request.Header.Set("X-Auth-User", creds.User)
++	request.Header.Set("X-Auth-Key", creds.Secrets)
++	response, err := l.client.Do(request)
++	defer response.Body.Close()
++	if err != nil {
++		return nil, err
++	}
++	if response.StatusCode != http.StatusNoContent {
++		content, _ := ioutil.ReadAll(response.Body)
++		return nil, fmt.Errorf("Failed to Authenticate (code %d %s): %s",
++			response.StatusCode, response.Status, content)
++	}
++	details := &AuthDetails{}
++	details.TokenId = response.Header.Get("X-Auth-Token")
++	if details.TokenId == "" {
++		return nil, fmt.Errorf("Did not get valid Token from auth request")
++	}
++	nova_url := response.Header.Get("X-Server-Management-Url")
++	if nova_url == "" {
++		return nil, fmt.Errorf("Did not get valid management URL from auth request")
++	}
++	details.ServiceURLs = map[string]string{"compute": nova_url}
++
++	return details, nil
++}
 === added file 'identity/legacy_test.go'
 --- identity/legacy_test.go	1970-01-01 00:00:00 +0000
 +++ identity/legacy_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,37 @@
++package identity
++
++import (
++	. "launchpad.net/gocheck"
++	"launchpad.net/goose/testing/httpsuite"
++	"launchpad.net/goose/testservices/identityservice"
++)
++
++type LegacyTestSuite struct {
++	httpsuite.HTTPSuite
++}
++
++var _ = Suite(&LegacyTestSuite{})
++
++func (s *LegacyTestSuite) TestAuthAgainstServer(c *C) {
++	service := identityservice.NewLegacy()
++	s.Mux.Handle("/", service)
++	token := service.AddUser("joe-user", "secrets")
++	service.SetManagementURL("http://management/url")
++	var l Authenticator = &Legacy{}
++	creds := Credentials{User: "joe-user", URL: s.Server.URL, Secrets: "secrets"}
++	auth, err := l.Auth(creds)
++	c.Assert(err, IsNil)
++	c.Assert(auth.Token, Equals, token)
++	c.Assert(auth.ServiceURLs, DeepEquals, map[string]string{"compute": "http://management/url"})
++}
++
++func (s *LegacyTestSuite) TestBadAuth(c *C) {
++	service := identityservice.NewLegacy()
++	s.Mux.Handle("/", service)
++	_ = service.AddUser("joe-user", "secrets")
++	var l Authenticator = &Legacy{}
++	creds := Credentials{User: "joe-user", URL: s.Server.URL, Secrets: "bad-secrets"}
++	auth, err := l.Auth(creds)
++	c.Assert(err, NotNil)
++	c.Assert(auth, IsNil)
++}
 === added file 'identity/setup_test.go'
 --- identity/setup_test.go	1970-01-01 00:00:00 +0000
 +++ identity/setup_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,10 @@
++package identity
++
++import (
++	. "launchpad.net/gocheck"
++	"testing"
++)
++
++func Test(t *testing.T) {
++	TestingT(t)
++}
 === added file 'identity/userpass.go'
 --- identity/userpass.go	1970-01-01 00:00:00 +0000
 +++ identity/userpass.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,111 @@
++package identity
++
++import (
++	"fmt"
++	goosehttp "launchpad.net/goose/http"
++	"net/http"
++)
++
++type PasswordCredentials struct {
++	Username string `json:"username"`
++	Password string `json:"password"`
++}
++
++type AuthRequest struct {
++	PasswordCredentials PasswordCredentials `json:"passwordCredentials"`
++	TenantName          string              `json:"tenantName"`
++}
++
++type AuthWrapper struct {
++	Auth AuthRequest `json:"auth"`
++}
++
++type Endpoint struct {
++	AdminURL    string `json:"adminURL"`
++	InternalURL string `json:"internalURL"`
++	PublicURL   string `json:"publicURL"`
++	Region      string `json:"region"`
++}
++
++type ServiceResponse struct {
++	Name      string `json:"name"`
++	Type      string `json:"type"`
++	Endpoints []Endpoint
++}
++
++type TokenResponse struct {
++	Expires string `json:"expires"` // should this be a date object?
++	Id      string `json:"id"`      // Actual token string
++	Tenant  struct {
++		Id          string `json:"id"`
++		Name        string `json:"name"`
++		Description string `json:"description"`
++		Enabled     bool   `json:"enabled"`
++	} `json:"tenant"`
++}
++
++type RoleResponse struct {
++	Id       string `json:"id"`
++	Name     string `json:"name"`
++	TenantId string `json:"tenantId"`
++}
++
++type UserResponse struct {
++	Id    string         `json:"id"`
++	Name  string         `json:"name"`
++	Roles []RoleResponse `json:"roles"`
++}
++
++type AccessWrapper struct {
++	Access AccessResponse `json:"access"`
++}
++
++type AccessResponse struct {
++	ServiceCatalog []ServiceResponse `json:"serviceCatalog"`
++	Token          TokenResponse     `json:"token"`
++	User           UserResponse      `json:"user"`
++}
++
++type UserPass struct {
++	client *goosehttp.GooseHTTPClient
++}
++
++func (u *UserPass) Auth(creds *Credentials) (*AuthDetails, error) {
++	if u.client == nil {
++		u.client = &goosehttp.GooseHTTPClient{http.Client{CheckRedirect: nil}}
++	}
++	auth := AuthWrapper{Auth: AuthRequest{
++		PasswordCredentials: PasswordCredentials{
++			Username: creds.User,
++			Password: creds.Secrets,
++		},
++		TenantName: creds.TenantName}}
++
++	var accessWrapper AccessWrapper
++	requestData := goosehttp.RequestData{ReqValue: auth, RespValue: &accessWrapper}
++	err := u.client.JsonRequest("POST", creds.URL, &requestData)
++	if err != nil {
++		return nil, err
++	}
++
++	details := &AuthDetails{}
++	access := accessWrapper.Access
++	respToken := access.Token
++	if respToken.Id == "" {
++		return nil, fmt.Errorf("Did not get valid Token from auth request")
++	}
++	details.TokenId = respToken.Id
++	details.TenantId = respToken.Tenant.Id
++	details.UserId = access.User.Id
++	details.ServiceURLs = make(map[string]string, len(access.ServiceCatalog))
++	for _, service := range access.ServiceCatalog {
++		for i, e := range service.Endpoints {
++			if e.Region != creds.Region {
++				service.Endpoints = append(service.Endpoints[:i], service.Endpoints[i+1:]...)
++			}
++		}
++		details.ServiceURLs[service.Type] = service.Endpoints[0].PublicURL
++	}
++
++	return details, nil
++}
 === added file 'identity/userpass_test.go'
 --- identity/userpass_test.go	1970-01-01 00:00:00 +0000
 +++ identity/userpass_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,25 @@
++package identity
++
++import (
++	. "launchpad.net/gocheck"
++	"launchpad.net/goose/testing/httpsuite"
++	"launchpad.net/goose/testservices/identityservice"
++)
++
++type UserPassTestSuite struct {
++	httpsuite.HTTPSuite
++}
++
++var _ = Suite(&UserPassTestSuite{})
++
++func (s *UserPassTestSuite) TestAuthAgainstServer(c *C) {
++	service := identityservice.NewUserPass()
++	s.Mux.Handle("/", service)
++	token := service.AddUser("joe-user", "secrets")
++	var l Authenticator = &UserPass{}
++	creds := Credentials{User: "joe-user", URL: s.Server.URL, Secrets: "secrets"}
++	auth, err := l.Auth(creds)
++	c.Assert(err, IsNil)
++	c.Assert(auth.Token, Equals, token)
++	// c.Assert(auth.ServiceURLs, DeepEquals, map[string]string{"compute": "http://management/url"})
++}
 === added directory 'testing'
 === added directory 'testing/envsuite'
 === added file 'testing/envsuite/envsuite.go'
 --- testing/envsuite/envsuite.go	1970-01-01 00:00:00 +0000
 +++ testing/envsuite/envsuite.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,33 @@
++package envsuite
++
++// Provides an EnvSuite type which makes sure this test suite gets an isolated
++// environment settings. Settings will be saved on start and then cleared, and
++// reset on tear down.
++
++import (
++	. "launchpad.net/gocheck"
++	"os"
++	"strings"
++)
++
++type EnvSuite struct {
++	environ []string
++}
++
++func (s *EnvSuite) SetUpSuite(c *C) {
++	s.environ = os.Environ()
++}
++
++func (s *EnvSuite) SetUpTest(c *C) {
++	os.Clearenv()
++}
++
++func (s *EnvSuite) TearDownTest(c *C) {
++	for _, envstring := range s.environ {
++		kv := strings.SplitN(envstring, "=", 2)
++		os.Setenv(kv[0], kv[1])
++	}
++}
++
++func (s *EnvSuite) TearDownSuite(c *C) {
++}
 === added file 'testing/envsuite/envsuite_test.go'
 --- testing/envsuite/envsuite_test.go	1970-01-01 00:00:00 +0000
 +++ testing/envsuite/envsuite_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,48 @@
++package envsuite
++
++import (
++	. "launchpad.net/gocheck"
++	"os"
++	"testing"
++)
++
++type EnvTestSuite struct {
++	EnvSuite
++}
++
++func Test(t *testing.T) {
++	TestingT(t)
++}
++
++var _ = Suite(&EnvTestSuite{})
++
++func (s *EnvTestSuite) TestGrabsCurrentEnvironment(c *C) {
++	envsuite := &EnvSuite{}
++	// EnvTestSuite is an EnvSuite, so we should have already isolated
++	// ourselves from the world. So we set a single env value, and we
++	// assert that SetUpSuite is able to see that.
++	os.Setenv("TEST_KEY", "test-value")
++	envsuite.SetUpSuite(c)
++	c.Assert(envsuite.environ, DeepEquals, []string{"TEST_KEY=test-value"})
++}
++
++func (s *EnvTestSuite) TestClearsEnvironment(c *C) {
++	envsuite := &EnvSuite{}
++	os.Setenv("TEST_KEY", "test-value")
++	envsuite.SetUpSuite(c)
++	// SetUpTest should reset the current environment back to being
++	// completely empty.
++	envsuite.SetUpTest(c)
++	c.Assert(os.Getenv("TEST_KEY"), Equals, "")
++	c.Assert(os.Environ(), DeepEquals, []string{})
++}
++
++func (s *EnvTestSuite) TestRestoresEnvironment(c *C) {
++	envsuite := &EnvSuite{}
++	os.Setenv("TEST_KEY", "test-value")
++	envsuite.SetUpSuite(c)
++	envsuite.SetUpTest(c)
++	envsuite.TearDownTest(c)
++	c.Assert(os.Getenv("TEST_KEY"), Equals, "test-value")
++	c.Assert(os.Environ(), DeepEquals, []string{"TEST_KEY=test-value"})
++}
 === added directory 'testing/httpsuite'
 === added file 'testing/httpsuite/httpsuite.go'
 --- testing/httpsuite/httpsuite.go	1970-01-01 00:00:00 +0000
 +++ testing/httpsuite/httpsuite.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,43 @@
++package httpsuite
++
++// This package provides an HTTPSuite infrastructure that lets you bring up an
++// HTTP server. The server will handle requests based on whatever Handlers are
++// attached to HTTPSuite.Mux. This Mux is reset after every test case, and the
++// server is shut down at the end of the test suite.
++
++import (
++	. "launchpad.net/gocheck"
++	"net/http"
++	"net/http/httptest"
++)
++
++var _ = Suite(&HTTPSuite{})
++
++type HTTPSuite struct {
++	Server     *httptest.Server
++	Mux        *http.ServeMux
++	oldHandler http.Handler
++}
++
++func (s *HTTPSuite) SetUpSuite(c *C) {
++	// fmt.Printf("Starting New Server\n")
++	s.Server = httptest.NewServer(nil)
++}
++
++func (s *HTTPSuite) SetUpTest(c *C) {
++	s.oldHandler = s.Server.Config.Handler
++	s.Mux = http.NewServeMux()
++	s.Server.Config.Handler = s.Mux
++}
++
++func (s *HTTPSuite) TearDownTest(c *C) {
++	s.Mux = nil
++	s.Server.Config.Handler = s.oldHandler
++}
++
++func (s *HTTPSuite) TearDownSuite(c *C) {
++	if s.Server != nil {
++		// fmt.Printf("Stopping Server\n")
++		s.Server.Close()
++	}
++}
 === added file 'testing/httpsuite/httpsuite_test.go'
 --- testing/httpsuite/httpsuite_test.go	1970-01-01 00:00:00 +0000
 +++ testing/httpsuite/httpsuite_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,39 @@
++package httpsuite
++
++import (
++	"io/ioutil"
++	. "launchpad.net/gocheck"
++	"net/http"
++	"testing"
++)
++
++type HTTPTestSuite struct {
++	HTTPSuite
++}
++
++func Test(t *testing.T) {
++	TestingT(t)
++}
++
++var _ = Suite(&HTTPTestSuite{})
++
++type HelloHandler struct{}
++
++func (h *HelloHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
++	w.Header().Set("Content-Type", "text/plain")
++	w.WriteHeader(200)
++	w.Write([]byte("Hello World\n"))
++}
++
++func (s *HTTPTestSuite) TestHelloWorld(c *C) {
++	s.Mux.Handle("/", &HelloHandler{})
++	// fmt.Printf("Running HelloWorld\n")
++	response, err := http.Get(s.Server.URL)
++	c.Check(err, IsNil)
++	content, err := ioutil.ReadAll(response.Body)
++	response.Body.Close()
++	c.Check(err, IsNil)
++	c.Check(response.Status, Equals, "200 OK")
++	c.Check(response.StatusCode, Equals, 200)
++	c.Check(string(content), Equals, "Hello World\n")
++}
 === added directory 'testservices'
 === added directory 'testservices/identityservice'
 === added file 'testservices/identityservice/identityservice.go'
 --- testservices/identityservice/identityservice.go	1970-01-01 00:00:00 +0000
 +++ testservices/identityservice/identityservice.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,10 @@
++package identityservice
++
++import (
++	"net/http"
++)
++
++type IdentityService interface {
++	AddUser(user, secret string) (token string)
++	ServeHTTP(w http.ResponseWriter, r *http.Request)
++}
 === added file 'testservices/identityservice/legacy.go'
 --- testservices/identityservice/legacy.go	1970-01-01 00:00:00 +0000
 +++ testservices/identityservice/legacy.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,44 @@
++package identityservice
++
++import (
++	"net/http"
++)
++
++type Legacy struct {
++	tokens        map[string]UserInfo
++	managementURL string
++}
++
++func NewLegacy() *Legacy {
++	service := &Legacy{}
++	service.tokens = make(map[string]UserInfo)
++	return service
++}
++
++func (lis *Legacy) SetManagementURL(URL string) {
++	lis.managementURL = URL
++}
++
++func (lis *Legacy) AddUser(user, secret string) string {
++	token := randomHexToken()
++	lis.tokens[user] = UserInfo{secret: secret, token: token}
++	return token
++}
++
++func (lis *Legacy) ServeHTTP(w http.ResponseWriter, r *http.Request) {
++	username := r.Header.Get("X-Auth-User")
++	info, ok := lis.tokens[username]
++	if !ok {
++		w.WriteHeader(http.StatusUnauthorized)
++		return
++	}
++	auth_key := r.Header.Get("X-Auth-Key")
++	if auth_key != info.secret {
++		w.WriteHeader(http.StatusUnauthorized)
++		return
++	}
++	header := w.Header()
++	header.Set("X-Auth-Token", info.token)
++	header.Set("X-Server-Management-Url", lis.managementURL)
++	w.WriteHeader(http.StatusNoContent)
++}
 === added file 'testservices/identityservice/legacy_test.go'
 --- testservices/identityservice/legacy_test.go	1970-01-01 00:00:00 +0000
 +++ testservices/identityservice/legacy_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,96 @@
++package identityservice
++
++import (
++	"io/ioutil"
++	. "launchpad.net/gocheck"
++	"launchpad.net/goose/testing/httpsuite"
++	"net/http"
++)
++
++type LegacySuite struct {
++	httpsuite.HTTPSuite
++}
++
++var _ = Suite(&LegacySuite{})
++
++func (s *LegacySuite) setupLegacy(user, secret string) (token, managementURL string) {
++	managementURL = s.Server.URL
++	identity := NewLegacy()
++	// Ensure that it conforms to the interface
++	var _ IdentityService = identity
++	identity.SetManagementURL(managementURL)
++	s.Mux.Handle("/", identity)
++	if user != "" {
++		token = identity.AddUser(user, secret)
++	}
++	return
++}
++
++func LegacyAuthRequest(URL, user, key string) (*http.Response, error) {
++	client := &http.Client{}
++	request, err := http.NewRequest("GET", URL, nil)
++	if err != nil {
++		return nil, err
++	}
++	if user != "" {
++		request.Header.Set("X-Auth-User", user)
++	}
++	if key != "" {
++		request.Header.Set("X-Auth-Key", key)
++	}
++	return client.Do(request)
++}
++
++func AssertUnauthorized(c *C, response *http.Response) {
++	content, err := ioutil.ReadAll(response.Body)
++	c.Assert(err, IsNil)
++	response.Body.Close()
++	c.Check(response.Header.Get("X-Auth-Token"), Equals, "")
++	c.Check(response.Header.Get("X-Server-Management-Url"), Equals, "")
++	c.Check(string(content), Equals, "")
++	c.Check(response.StatusCode, Equals, http.StatusUnauthorized)
++}
++
++func (s *LegacySuite) TestLegacyFailedAuth(c *C) {
++	s.setupLegacy("", "")
++	// No headers set for Authentication
++	response, err := LegacyAuthRequest(s.Server.URL, "", "")
++	c.Assert(err, IsNil)
++	AssertUnauthorized(c, response)
++}
++
++func (s *LegacySuite) TestLegacyFailedOnlyUser(c *C) {
++	s.setupLegacy("", "")
++	// Missing secret key
++	response, err := LegacyAuthRequest(s.Server.URL, "user", "")
++	c.Assert(err, IsNil)
++	AssertUnauthorized(c, response)
++}
++
++func (s *LegacySuite) TestLegacyNoSuchUser(c *C) {
++	s.setupLegacy("user", "key")
++	// No user matching the username
++	response, err := LegacyAuthRequest(s.Server.URL, "notuser", "key")
++	c.Assert(err, IsNil)
++	AssertUnauthorized(c, response)
++}
++
++func (s *LegacySuite) TestLegacyInvalidAuth(c *C) {
++	s.setupLegacy("user", "secret-key")
++	// Wrong key
++	response, err := LegacyAuthRequest(s.Server.URL, "user", "bad-key")
++	c.Assert(err, IsNil)
++	AssertUnauthorized(c, response)
++}
++
++func (s *LegacySuite) TestLegacyAuth(c *C) {
++	token, serverURL := s.setupLegacy("user", "secret-key")
++	response, err := LegacyAuthRequest(s.Server.URL, "user", "secret-key")
++	c.Assert(err, IsNil)
++	content, err := ioutil.ReadAll(response.Body)
++	response.Body.Close()
++	c.Check(response.Header.Get("X-Auth-Token"), Equals, token)
++	c.Check(response.Header.Get("X-Server-Management-Url"), Equals, serverURL)
++	c.Check(string(content), Equals, "")
++	c.Check(response.StatusCode, Equals, http.StatusNoContent)
++}
 === added file 'testservices/identityservice/service_test.go'
 --- testservices/identityservice/service_test.go	1970-01-01 00:00:00 +0000
 +++ testservices/identityservice/service_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,23 @@
++package identityservice
++
++import (
++	. "launchpad.net/gocheck"
++	"launchpad.net/goose/testing/httpsuite"
++)
++
++// All tests in the IdentityServiceSuite run against each IdentityService
++// implementation.
++
++type IdentityServiceSuite struct {
++	httpsuite.HTTPSuite
++	service IdentityService
++}
++
++var _ = Suite(&IdentityServiceSuite{service: NewUserPass()})
++var _ = Suite(&IdentityServiceSuite{service: NewLegacy()})
++
++func (s *IdentityServiceSuite) TestAddUserGivesNewToken(c *C) {
++	token1 := s.service.AddUser("user-1", "password-1")
++	token2 := s.service.AddUser("user-2", "password-2")
++	c.Assert(token1, Not(Equals), token2)
++}
 === added file 'testservices/identityservice/setup_test.go'
 --- testservices/identityservice/setup_test.go	1970-01-01 00:00:00 +0000
 +++ testservices/identityservice/setup_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,10 @@
++package identityservice
++
++import (
++	. "launchpad.net/gocheck"
++	"testing"
++)
++
++func Test(t *testing.T) {
++	TestingT(t)
++}
 === added file 'testservices/identityservice/userpass.go'
 --- testservices/identityservice/userpass.go	1970-01-01 00:00:00 +0000
 +++ testservices/identityservice/userpass.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,241 @@
++package identityservice
++
++import (
++	"encoding/json"
++	"fmt"
++	"io/ioutil"
++	"net/http"
++)
++
++// Implement the v2 User Pass form of identity (Keystone)
++
++type ErrorResponse struct {
++	Message string `json:"message"`
++	Code    int    `json:"code"`
++	Title   string `json:"title"`
++}
++
++type ErrorWrapper struct {
++	Error ErrorResponse `json:"error"`
++}
++
++type UserPassRequest struct {
++	Auth struct {
++		PasswordCredentials struct {
++			Username string `json:"username"`
++			Password string `json:"password"`
++		} `json:"passwordCredentials"`
++		TenantName string `json:"tenantName"`
++	} `json:"auth"`
++}
++
++type Endpoint struct {
++	AdminURL    string `json:"adminURL"`
++	InternalURL string `json:"internalURL"`
++	PublicURL   string `json:"publicURL"`
++	Region      string `json:"region"`
++}
++
++type Service struct {
++	Name      string `json:"name"`
++	Type      string `json:"type"`
++	Endpoints []Endpoint
++}
++
++type TokenResponse struct {
++	Expires string `json:"expires"` // should this be a date object?
++	Id      string `json:"id"`      // Actual token string
++	Tenant  struct {
++		Id   string `json:"id"`
++		Name string `json:"name"`
++	} `json:"tenant"`
++}
++
++type RoleResponse struct {
++	Id       string `json:"id"`
++	Name     string `json:"name"`
++	TenantId string `json:"tenantId"`
++}
++
++type UserResponse struct {
++	Id    string         `json:"id"`
++	Name  string         `json:"name"`
++	Roles []RoleResponse `json:"roles"`
++}
++
++type AccessResponse struct {
++	Access struct {
++		ServiceCatalog []Service     `json:"serviceCatalog"`
++		Token          TokenResponse `json:"token"`
++		User           UserResponse  `json:"user"`
++	} `json:"access"`
++}
++
++// Taken from: http://docs.openstack.org/api/quick-start/content/index.html#Getting-Credentials-a00665
++var exampleResponse = `{
++    "access": {
++        "serviceCatalog": [
++            {
++                "endpoints": [
++                    {
++                        "adminURL": "https://nova-api.trystack.org:9774/v1.1/1",
++                        "internalURL": "https://nova-api.trystack.org:9774/v1.1/1",
++                        "publicURL": "https://nova-api.trystack.org:9774/v1.1/1",
++                        "region": "RegionOne"
++                    }
++                ],
++                "name": "nova",
++                "type": "compute"
++            },
++            {
++                "endpoints": [
++                    {
++                        "adminURL": "https://GLANCE_API_IS_NOT_DISCLOSED/v1.1/1",
++                        "internalURL": "https://GLANCE_API_IS_NOT_DISCLOSED/v1.1/1",
++                        "publicURL": "https://GLANCE_API_IS_NOT_DISCLOSED/v1.1/1",
++                        "region": "RegionOne"
++                    }
++                ],
++                "name": "glance",
++                "type": "image"
++            },
++            {
++                "endpoints": [
++                    {
++                        "adminURL": "https://nova-api.trystack.org:5443/v2.0",
++                        "internalURL": "https://keystone.trystack.org:5000/v2.0",
++                        "publicURL": "https://keystone.trystack.org:5000/v2.0",
++                        "region": "RegionOne"
++                    }
++                ],
++                "name": "keystone",
++                "type": "identity"
++            }
++        ],
++        "token": {
++            "expires": "2012-02-15T19:32:21",
++            "id": "5df9d45d-d198-4222-9b4c-7a280aa35666",
++            "tenant": {
++                "id": "1",
++                "name": "admin"
++            }
++        },
++        "user": {
++            "id": "14",
++            "name": "annegentle",
++            "roles": [
++                {
++                    "id": "2",
++                    "name": "Member",
++                    "tenantId": "1"
++                }
++            ]
++        }
++    }
++}`
++
++type UserPass struct {
++	users    map[string]UserInfo
++	services []Service
++}
++
++func NewUserPass() *UserPass {
++	userpass := &UserPass{
++		users:    make(map[string]UserInfo),
++		services: make([]Service, 0),
++	}
++	return userpass
++}
++
++func (u *UserPass) AddUser(user, secret string) string {
++	token := randomHexToken()
++	u.users[user] = UserInfo{secret: secret, token: token}
++	return token
++}
++
++func (u *UserPass) AddService(service Service) {
++	u.services = append(u.services, service)
++}
++
++var internalError = []byte(`{
++    "error": {
++        "message": "Internal failure",
++	"code": 500,
++	"title": Internal Server Error"
++    }
++}`)
++
++func (u *UserPass) ReturnFailure(w http.ResponseWriter, status int, message string) {
++	e := ErrorWrapper{
++		Error: ErrorResponse{
++			Message: message,
++			Code:    status,
++			Title:   http.StatusText(status),
++		},
++	}
++	if content, err := json.Marshal(e); err != nil {
++		w.Header().Set("Content-Length", fmt.Sprintf("%d", len(internalError)))
++		w.WriteHeader(http.StatusInternalServerError)
++		w.Write(internalError)
++	} else {
++		w.Header().Set("Content-Length", fmt.Sprintf("%d", len(content)))
++		w.WriteHeader(status)
++		w.Write(content)
++	}
++}
++
++// Taken from an actual responses, however it may vary based on actual Openstack implementation
++const (
++	notJSON = ("Expecting to find application/json in Content-Type header." +
++		" The server could not comply with the request since it is either malformed" +
++		" or otherwise incorrect. The client is assumed to be in error.")
++	notAuthorized = "The request you have made requires authentication."
++	invalidUser   = "Invalid user / password"
++)
++
++func (u *UserPass) ServeHTTP(w http.ResponseWriter, r *http.Request) {
++	var req UserPassRequest
++	// Testing against Canonistack, all responses are application/json, even failures
++	w.Header().Set("Content-Type", "application/json")
++	if r.Header.Get("Content-Type") != "application/json" {
++		u.ReturnFailure(w, http.StatusBadRequest, notJSON)
++		return
++	}
++	if content, err := ioutil.ReadAll(r.Body); err != nil {
++		w.WriteHeader(http.StatusBadRequest)
++		return
++	} else {
++		if err := json.Unmarshal(content, &req); err != nil {
++			u.ReturnFailure(w, http.StatusBadRequest, notJSON)
++			return
++		}
++	}
++	userInfo, ok := u.users[req.Auth.PasswordCredentials.Username]
++	if !ok {
++		u.ReturnFailure(w, http.StatusUnauthorized, notAuthorized)
++		return
++	}
++	if userInfo.secret != req.Auth.PasswordCredentials.Password {
++		u.ReturnFailure(w, http.StatusUnauthorized, invalidUser)
++		return
++	}
++	res := AccessResponse{}
++	// We pre-populate the response with genuine entries so that it looks sane.
++	// XXX: We should really build up valid state for this instead, at the
++	//	very least, we should manage the URLs better.
++	if err := json.Unmarshal([]byte(exampleResponse), &res); err != nil {
++		u.ReturnFailure(w, http.StatusInternalServerError, err.Error())
++		return
++	}
++	res.Access.ServiceCatalog = u.services
++	res.Access.Token.Id = userInfo.token
++	if content, err := json.Marshal(res); err != nil {
++		u.ReturnFailure(w, http.StatusInternalServerError, err.Error())
++		return
++	} else {
++		w.WriteHeader(http.StatusOK)
++		w.Write(content)
++		return
++	}
++	panic("All paths should have already returned")
++}
 === added file 'testservices/identityservice/userpass_test.go'
 --- testservices/identityservice/userpass_test.go	1970-01-01 00:00:00 +0000
 +++ testservices/identityservice/userpass_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,150 @@
++package identityservice
++
++import (
++	"encoding/json"
++	"fmt"
++	"io/ioutil"
++	. "launchpad.net/gocheck"
++	"launchpad.net/goose/testing/httpsuite"
++	"net/http"
++	"strings"
++)
++
++type UserPassSuite struct {
++	httpsuite.HTTPSuite
++}
++
++var _ = Suite(&UserPassSuite{})
++
++func makeUserPass(user, secret string) (identity *UserPass, token string) {
++	identity = NewUserPass()
++	// Ensure that it conforms to the interface
++	var _ IdentityService = identity
++	if user != "" {
++		token = identity.AddUser(user, secret)
++	}
++	return
++}
++
++func (s *UserPassSuite) setupUserPass(user, secret string) (token string) {
++	var identity *UserPass
++	identity, token = makeUserPass(user, secret)
++	s.Mux.Handle("/", identity)
++	return
++}
++
++func (s *UserPassSuite) setupUserPassWithServices(user, secret string, services []Service) (token string) {
++	var identity *UserPass
++	identity, token = makeUserPass(user, secret)
++	for _, service := range services {
++		identity.AddService(service)
++	}
++	s.Mux.Handle("/", identity)
++	return
++}
++
++var authTemplate = `{
++    "auth": {
++        "tenantName": "tenant-something",
++        "passwordCredentials": {
++            "username": "%s",
++            "password": "%s"
++        }
++    }
++}`
++
++func userPassAuthRequest(URL, user, key string) (*http.Response, error) {
++	client := &http.Client{}
++	body := strings.NewReader(fmt.Sprintf(authTemplate, user, key))
++	request, err := http.NewRequest("POST", URL, body)
++	request.Header.Set("Content-Type", "application/json")
++	if err != nil {
++		return nil, err
++	}
++	return client.Do(request)
++}
++
++func CheckErrorResponse(c *C, r *http.Response, status int, msg string) {
++	c.Check(r.StatusCode, Equals, status)
++	c.Assert(r.Header.Get("Content-Type"), Equals, "application/json")
++	body, err := ioutil.ReadAll(r.Body)
++	c.Assert(err, IsNil)
++	var errmsg ErrorWrapper
++	err = json.Unmarshal(body, &errmsg)
++	c.Assert(err, IsNil)
++	c.Check(errmsg.Error.Code, Equals, status)
++	c.Check(errmsg.Error.Title, Equals, http.StatusText(status))
++	if msg != "" {
++		c.Check(errmsg.Error.Message, Equals, msg)
++	}
++}
++
++func (s *UserPassSuite) TestNotJSON(c *C) {
++	// We do everything in userPassAuthRequest, except set the Content-Type
++	token := s.setupUserPass("user", "secret")
++	c.Assert(token, NotNil)
++	client := &http.Client{}
++	body := strings.NewReader(fmt.Sprintf(authTemplate, "user", "secret"))
++	request, err := http.NewRequest("POST", s.Server.URL, body)
++	c.Assert(err, IsNil)
++	res, err := client.Do(request)
++	defer res.Body.Close()
++	c.Assert(err, IsNil)
++	CheckErrorResponse(c, res, http.StatusBadRequest, notJSON)
++}
++
++func (s *UserPassSuite) TestBadJSON(c *C) {
++	// We do everything in userPassAuthRequest, except set the Content-Type
++	token := s.setupUserPass("user", "secret")
++	c.Assert(token, NotNil)
++	res, err := userPassAuthRequest(s.Server.URL, "garbage\"in", "secret")
++	defer res.Body.Close()
++	c.Assert(err, IsNil)
++	CheckErrorResponse(c, res, http.StatusBadRequest, notJSON)
++}
++
++func (s *UserPassSuite) TestNoSuchUser(c *C) {
++	token := s.setupUserPass("user", "secret")
++	c.Assert(token, NotNil)
++	res, err := userPassAuthRequest(s.Server.URL, "not-user", "secret")
++	defer res.Body.Close()
++	c.Assert(err, IsNil)
++	CheckErrorResponse(c, res, http.StatusUnauthorized, notAuthorized)
++}
++
++func (s *UserPassSuite) TestBadPassword(c *C) {
++	token := s.setupUserPass("user", "secret")
++	c.Assert(token, NotNil)
++	res, err := userPassAuthRequest(s.Server.URL, "user", "not-secret")
++	defer res.Body.Close()
++	c.Assert(err, IsNil)
++	CheckErrorResponse(c, res, http.StatusUnauthorized, invalidUser)
++}
++
++func (s *UserPassSuite) TestValidAuthorization(c *C) {
++	compute_url := "http://testing.invalid/compute"
++	token := s.setupUserPassWithServices("user", "secret", []Service{
++		{"nova", "compute", []Endpoint{
++			{PublicURL: compute_url},
++		}}})
++	c.Assert(token, NotNil)
++	res, err := userPassAuthRequest(s.Server.URL, "user", "secret")
++	defer res.Body.Close()
++	c.Assert(err, IsNil)
++	c.Check(res.StatusCode, Equals, http.StatusOK)
++	c.Check(res.Header.Get("Content-Type"), Equals, "application/json")
++	content, err := ioutil.ReadAll(res.Body)
++	c.Assert(err, IsNil)
++	var response AccessResponse
++	err = json.Unmarshal(content, &response)
++	c.Assert(err, IsNil)
++	c.Check(response.Access.Token.Id, Equals, token)
++	novaURL := ""
++	for _, service := range response.Access.ServiceCatalog {
++		if service.Type == "compute" {
++			novaURL = service.Endpoints[0].PublicURL
++			break
++		}
++	}
++	c.Assert(novaURL, Equals, compute_url)
++}
 === added file 'testservices/identityservice/util.go'
 --- testservices/identityservice/util.go	1970-01-01 00:00:00 +0000
 +++ testservices/identityservice/util.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,31 @@
++package identityservice
++
++import (
++	"crypto/rand"
++	"encoding/hex"
++	"fmt"
++)
++
++type UserInfo struct {
++	secret string
++	token  string
++}
++
++// Generate a bit of random hex data for
++func randomHexToken() string {
++	raw_bytes := make([]byte, 16)
++	n, err := rand.Read(raw_bytes)
++	if n != 16 || err != nil {
++		panic(fmt.Sprintf(
++			"Could not read 16 random bytes safely: %d %s",
++			n, err.Error()))
++	}
++	hex_bytes := make([]byte, 32)
++	n = hex.Encode(hex_bytes, raw_bytes)
++	if n != 32 || err != nil {
++		panic(fmt.Sprintf(
++			"Failed to Encode 32 bytes: %d %s",
++			n, err.Error()))
++	}
++	return string(hex_bytes)
++}
 === added file 'testservices/identityservice/util_test.go'
 --- testservices/identityservice/util_test.go	1970-01-01 00:00:00 +0000
 +++ testservices/identityservice/util_test.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,28 @@
++package identityservice
++
++import (
++	. "launchpad.net/gocheck"
++)
++
++type UtilSuite struct{}
++
++var _ = Suite(&UtilSuite{})
++
++func (s *UtilSuite) TestRandomHexTokenHasLength(c *C) {
++	val := randomHexToken()
++	c.Assert(val, HasLen, 32)
++}
++
++func (s *UtilSuite) TestRandomHexTokenIsHex(c *C) {
++	val := randomHexToken()
++	for i, b := range val {
++		switch {
++		case (b >= 'a' && b <= 'f') || (b >= '0' && b <= '9'):
++			continue
++		default:
++			c.Logf("char %d of %s was not in the right range",
++				i, val)
++			c.Fail()
++		}
++	}
++}
 === added file 'testservices/main.go'
 --- testservices/main.go	1970-01-01 00:00:00 +0000
 +++ testservices/main.go	2012-11-26 11:24:05 +0000
@@ -0,0 +1,69 @@
++package main
++
++import (
++	"fmt"
++	"launchpad.net/gnuflag"
++	"launchpad.net/goose/testservices/identityservice"
++	"log"
++	"net/http"
++	"strings"
++)
++
++type userInfo struct {
++	user, secret string
++}
++type userValues struct {
++	users []userInfo
++}
++
++func (uv *userValues) Set(s string) error {
++	vals := strings.Split(s, ":")
++	if len(vals) != 2 {
++		return fmt.Errorf("Invalid --user option, should be: user:secret")
++	}
++	uv.users = append(uv.users, userInfo{
++		user:   vals[0],
++		secret: vals[1],
++	})
++	return nil
++}
++func (uv *userValues) String() string {
++	return fmt.Sprintf("%v", uv.users)
++}
++
++var provider = gnuflag.String("provider", "userpass", "provide the name of the identity service to run")
++
++var serveAddr = gnuflag.String("addr", "localhost:8080", "serve the provider on the given address.")
++
++var users userValues
++
++func init() {
++
++	gnuflag.Var(&users, "user", "supply to add a user to the identity provider. Can be supplied multiple times. Should be of the form \"user:secret:token\".")
++}
++
++var providerMap = map[string]identityservice.IdentityService{
++	"legacy":   identityservice.NewLegacy(),
++	"userpass": identityservice.NewUserPass(),
++}
++
++func providers() []string {
++	out := make([]string, 0, len(providerMap))
++	for provider := range providerMap {
++		out = append(out, provider)
++	}
++	return out
++}
++
++func main() {
++	gnuflag.Parse(true)
++	p, ok := providerMap[*provider]
++	if !ok {
++		log.Fatalf("No such provider: %s, pick one of: %v", provider, providers())
++	}
++	http.Handle("/", p)
++	for _, u := range users.users {
++		p.AddUser(u.user, u.secret)
++	}
++	log.Fatal(http.ListenAndServe(*serveAddr, nil))
++}

Go OpenStack Exchange

Merge lp:~rogpeppe/goose/state-of-the-world into lp:~rogpeppe/goose/dummy-trunk

Commit message

Description of the change

Unmerged revisions

Preview Diff

Subscribers