Skip to content
Browse files

Added basic support for OS Keystone

* using `www-authenticate` HTTP header
* only basic/digest and VOMS X.509 authN is supported
  • Loading branch information...
1 parent 5e7aac7 commit b351c0988ced4e0b635b07f216ccb8433cf491e9 @arax arax committed Feb 26, 2013
Showing with 57 additions and 0 deletions.
  1. +57 −0 lib/occi/api/client/client_http.rb
View
57 lib/occi/api/client/client_http.rb
@@ -676,6 +676,7 @@ def change_auth(auth_options)
self.class.ssl_ca_file @auth_options[:ca_file] unless @auth_options[:ca_file].nil?
self.class.ssl_extra_chain_cert AuthnUtils.certs_to_file_ary(@auth_options[:proxy_ca]) unless @auth_options[:proxy_ca].nil?
when "keystone"
+ Occi::Log.warn "AuthN method 'keystone' is deprecated and you should use it only as a fall-back option!"
# set up OpenStack Keystone token based auth
raise ArgumentError, "Missing required option 'token' for OpenStack Keystone auth!" unless @auth_options[:token]
self.class.headers['X-Auth-Token'] = @auth_options[:token]
@@ -942,8 +943,14 @@ def path_for_resource_type(resource_type_identifier)
#
# @example
# set_model
+ #
+ # @return [Occi::Model]
def set_model
+ # check credentials and handle OpenStack Keystone
+ # TODO: check expiration dates on Keystone tokens
+ raise "You are not authorized to use this endpoint!" unless check_authn
+
#
model = get('/-/')
@model = Occi::Model.new(model)
@@ -962,6 +969,56 @@ def set_model
get_resource_templates.each do |res_tpl|
@mixins[:resource_tpl] << res_tpl.type_identifier unless res_tpl.nil? or res_tpl.type_identifier.nil?
end
+
+ model
+ end
+
+ # Checks provided credentials and attempts transparent
+ # authentication with OS Keystone using the "www-authenticate"
+ # header.
+ #
+ # @example
+ # check_authn
+ #
+ # @return [true, false]
+ def check_authn
+ response = self.class.get @endpoint
+
+ return true if response.success?
+
+ if response.code == 401 && response.headers["www-authenticate"]
+ if response.headers["www-authenticate"].start_with? "Keystone"
+ keystone_uri = /^Keystone uri='(.+)'$/.match(response.headers["www-authenticate"])[1]
+
+ if keystone_uri
+ if @auth_options[:type] == "x509"
+ body = { "auth" => { "voms" => true } }
+ else
+ body = {
+ "auth" => {
+ "passwordCredentials" => {
+ "username" => @auth_options[:username],
+ "password" => @auth_options[:password]
+ }
+ }
+ }
+ end
+
+ headers = self.class.headers.clone
+ headers['Content-Type'] = "application/json"
+ headers['Accept'] = headers['Content-Type']
+
+ response = self.class.post(keystone_uri + "/v2.0/tokens", :body => body.to_json, :headers => headers)
+
+ if response.success?
+ self.class.headers['X-Auth-Token'] = response['access']['token']['id']
+ return true
+ end
+ end
+ end
+ end
+
+ false
end
# Retrieves available os_tpls from the model.

0 comments on commit b351c09

Please sign in to comment.
Something went wrong with that request. Please try again.