Auth: introduce ec2 credentials auth support

gophercloud · Mar 22, 2020 · 37c677f · 37c677f
1 parent 83f764e
commit 37c677f
Show file tree

Hide file tree

Showing 6 changed files with 736 additions and 1 deletion.
diff --git a/acceptance/openstack/client_test.go b/acceptance/openstack/client_test.go
@@ -8,7 +8,13 @@ import (
 	"time"
 
 	"github.com/gophercloud/gophercloud"
+	"github.com/gophercloud/gophercloud/acceptance/clients"
+	"github.com/gophercloud/gophercloud/acceptance/tools"
 	"github.com/gophercloud/gophercloud/openstack"
+	"github.com/gophercloud/gophercloud/openstack/identity/v3/credentials"
+	"github.com/gophercloud/gophercloud/openstack/identity/v3/extensions/ec2tokens"
+	"github.com/gophercloud/gophercloud/openstack/identity/v3/tokens"
+	th "github.com/gophercloud/gophercloud/testhelper"
 )
 
 func TestAuthenticatedClient(t *testing.T) {
@@ -40,6 +46,68 @@ func TestAuthenticatedClient(t *testing.T) {
 	}
 }
 
+func TestEC2AuthMethod(t *testing.T) {
+	client, err := clients.NewIdentityV3Client()
+	th.AssertNoErr(t, err)
+
+	ao, err := openstack.AuthOptionsFromEnv()
+	th.AssertNoErr(t, err)
+
+	authOptions := tokens.AuthOptions{
+		Username:   ao.Username,
+		Password:   ao.Password,
+		DomainName: ao.DomainName,
+		DomainID:   ao.DomainID,
+		// We need a scope to get the token roles list
+		Scope: tokens.Scope{
+			ProjectID:   ao.TenantID,
+			ProjectName: ao.TenantName,
+			DomainID:    ao.DomainID,
+			DomainName:  ao.DomainName,
+		},
+	}
+	token, err := tokens.Create(client, &authOptions).Extract()
+	th.AssertNoErr(t, err)
+	tools.PrintResource(t, token)
+
+	user, err := tokens.Get(client, token.ID).ExtractUser()
+	th.AssertNoErr(t, err)
+	tools.PrintResource(t, user)
+
+	project, err := tokens.Get(client, token.ID).ExtractProject()
+	th.AssertNoErr(t, err)
+	tools.PrintResource(t, project)
+
+	createOpts := credentials.CreateOpts{
+		ProjectID: project.ID,
+		Type:      "ec2",
+		UserID:    user.ID,
+		Blob:      "{\"access\":\"181920\",\"secret\":\"secretKey\"}",
+	}
+
+	// Create a credential
+	credential, err := credentials.Create(client, createOpts).Extract()
+	th.AssertNoErr(t, err)
+
+	// Delete a credential
+	defer credentials.Delete(client, credential.ID)
+	tools.PrintResource(t, credential)
+
+	newClient, err := clients.NewIdentityV3UnauthenticatedClient()
+	th.AssertNoErr(t, err)
+
+	var ec2AuthOptions tokens.AuthOptionsBuilder
+	ec2AuthOptions = &ec2tokens.AuthOptions{
+		Access: "181920",
+		Secret: "secretKey",
+	}
+
+	err = openstack.AuthenticateV3(newClient.ProviderClient, ec2AuthOptions, gophercloud.EndpointOpts{})
+	th.AssertNoErr(t, err)
+
+	tools.PrintResource(t, newClient.TokenID)
+}
+
 func TestReauth(t *testing.T) {
 	ao, err := openstack.AuthOptionsFromEnv()
 	if err != nil {

diff --git a/openstack/client.go b/openstack/client.go
@@ -7,6 +7,7 @@ import (
 
 	"github.com/gophercloud/gophercloud"
 	tokens2 "github.com/gophercloud/gophercloud/openstack/identity/v2/tokens"
+	"github.com/gophercloud/gophercloud/openstack/identity/v3/extensions/ec2tokens"
 	tokens3 "github.com/gophercloud/gophercloud/openstack/identity/v3/tokens"
 	"github.com/gophercloud/gophercloud/openstack/utils"
 )
@@ -224,7 +225,13 @@ func v3auth(client *gophercloud.ProviderClient, endpoint string, opts tokens3.Au
 			return err
 		}
 	} else {
-		result := tokens3.Create(v3Client, opts)
+		var result tokens3.CreateResult
+		switch opts.(type) {
+		case *ec2tokens.AuthOptions:
+			result = ec2tokens.Create(v3Client, opts)
+		default:
+			result = tokens3.Create(v3Client, opts)
+		}
 
 		err = client.SetTokenAndAuthResult(result)
 		if err != nil {
@@ -255,6 +262,10 @@ func v3auth(client *gophercloud.ProviderClient, endpoint string, opts tokens3.Au
 			o := *ot
 			o.AllowReauth = false
 			tao = &o
+		case *ec2tokens.AuthOptions:
+			o := *ot
+			o.AllowReauth = false
+			tao = &o
 		default:
 			tao = opts
 		}

diff --git a/openstack/identity/v3/extensions/ec2tokens/doc.go b/openstack/identity/v3/extensions/ec2tokens/doc.go
@@ -0,0 +1,41 @@
+/*
+Package tokens provides information and interaction with the EC2 token API
+resource for the OpenStack Identity service.
+
+For more information, see:
+https://docs.openstack.org/api-ref/identity/v2-ext/
+
+Example to Create a Token From an EC2 access and secret keys
+
+	var authOptions tokens.AuthOptionsBuilder
+	authOptions = &ec2tokens.AuthOptions{
+		Access: "a7f1e798b7c2417cba4a02de97dc3cdc",
+		Secret: "18f4f6761ada4e3795fa5273c30349b9",
+	}
+
+	token, err := ec2tokens.Create(identityClient, authOptions).ExtractToken()
+	if err != nil {
+		panic(err)
+	}
+
+Example to auth a client using EC2 access and secret keys
+
+	client, err := openstack.NewClient("http://localhost:5000/v3")
+	if err != nil {
+		panic(err)
+	}
+
+	var authOptions tokens.AuthOptionsBuilder
+	authOptions = &ec2tokens.AuthOptions{
+		Access:      "a7f1e798b7c2417cba4a02de97dc3cdc",
+		Secret:      "18f4f6761ada4e3795fa5273c30349b9",
+		AllowReauth: true,
+	}
+
+	err = openstack.AuthenticateV3(client, authOptions, gophercloud.EndpointOpts{})
+	if err != nil {
+		panic(err)
+	}
+
+*/
+package ec2tokens