Class: Fog::Identity::OpenStack::Real

Inherits:
Object
  • Object
show all
Defined in:
lib/fog/openstack/identity.rb,
lib/fog/openstack/requests/identity/get_role.rb,
lib/fog/openstack/requests/identity/get_tenant.rb,
lib/fog/openstack/requests/identity/list_roles.rb,
lib/fog/openstack/requests/identity/list_users.rb,
lib/fog/openstack/requests/identity/set_tenant.rb,
lib/fog/openstack/requests/identity/check_token.rb,
lib/fog/openstack/requests/identity/create_role.rb,
lib/fog/openstack/requests/identity/create_user.rb,
lib/fog/openstack/requests/identity/delete_role.rb,
lib/fog/openstack/requests/identity/delete_user.rb,
lib/fog/openstack/requests/identity/update_user.rb,
lib/fog/openstack/requests/identity/list_tenants.rb,
lib/fog/openstack/requests/identity/create_tenant.rb,
lib/fog/openstack/requests/identity/delete_tenant.rb,
lib/fog/openstack/requests/identity/update_tenant.rb,
lib/fog/openstack/requests/identity/get_user_by_id.rb,
lib/fog/openstack/requests/identity/validate_token.rb,
lib/fog/openstack/requests/identity/create_user_role.rb,
lib/fog/openstack/requests/identity/delete_user_role.rb,
lib/fog/openstack/requests/identity/get_user_by_name.rb,
lib/fog/openstack/requests/identity/get_tenants_by_id.rb,
lib/fog/openstack/requests/identity/add_user_to_tenant.rb,
lib/fog/openstack/requests/identity/get_ec2_credential.rb,
lib/fog/openstack/requests/identity/get_tenants_by_name.rb,
lib/fog/openstack/requests/identity/list_ec2_credentials.rb,
lib/fog/openstack/requests/identity/create_ec2_credential.rb,
lib/fog/openstack/requests/identity/delete_ec2_credential.rb,
lib/fog/openstack/requests/identity/list_user_global_roles.rb,
lib/fog/openstack/requests/identity/remove_user_from_tenant.rb,
lib/fog/openstack/requests/identity/list_endpoints_for_token.rb,
lib/fog/openstack/requests/identity/list_roles_for_user_on_tenant.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Real

Returns a new instance of Real.



173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
# File 'lib/fog/openstack/identity.rb', line 173

def initialize(options={})
  @openstack_auth_token = options[:openstack_auth_token]

  unless @openstack_auth_token
    missing_credentials = Array.new
    @openstack_api_key  = options[:openstack_api_key]
    @openstack_username = options[:openstack_username]

    missing_credentials << :openstack_api_key  unless @openstack_api_key
    missing_credentials << :openstack_username unless @openstack_username
    raise ArgumentError, "Missing required arguments: #{missing_credentials.join(', ')}" unless missing_credentials.empty?
  end

  @openstack_tenant   = options[:openstack_tenant]
  @openstack_auth_uri = URI.parse(options[:openstack_auth_url])
  @openstack_management_url       = options[:openstack_management_url]
  @openstack_must_reauthenticate  = false
  @openstack_service_type = options[:openstack_service_type] || ['identity']
  @openstack_service_name = options[:openstack_service_name]

  @connection_options = options[:connection_options] || {}

  @openstack_current_user_id = options[:openstack_current_user_id]
  
  @openstack_endpoint_type = options[:openstack_endpoint_type] || 'adminURL'

  @current_user = options[:current_user]
  @current_tenant = options[:current_tenant]

  authenticate

  @persistent = options[:persistent] || false
  @connection = Fog::Connection.new("#{@scheme}://#{@host}:#{@port}", @persistent, @connection_options)
end

Instance Attribute Details

#current_tenantObject (readonly)

Returns the value of attribute current_tenant.



170
171
172
# File 'lib/fog/openstack/identity.rb', line 170

def current_tenant
  @current_tenant
end

#current_userObject (readonly)

Returns the value of attribute current_user.



169
170
171
# File 'lib/fog/openstack/identity.rb', line 169

def current_user
  @current_user
end

#unscoped_tokenObject (readonly)

Returns the value of attribute unscoped_token.



171
172
173
# File 'lib/fog/openstack/identity.rb', line 171

def unscoped_token
  @unscoped_token
end

Instance Method Details

#add_user_to_tenant(tenant_id, user_id, role_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/add_user_to_tenant.rb', line 5

def add_user_to_tenant(tenant_id, user_id, role_id)
  request(
    :expects => 200,
    :method  => 'PUT',
    :path    => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
  )
end

#check_token(token_id, tenant_id) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/check_token.rb', line 6

def check_token(token_id, tenant_id)
  request(
    :expects  => [200, 203],
    :method   => 'HEAD',
    :path     => "tokens/#{token_id}?belongsTo=#{tenant_id}"
  )
end

#create_ec2_credential(user_id, tenant_id) ⇒ Object

Create an EC2 credential for a user in a tenant. Requires administrator credentials.

Parameters

  • user_id<~String>: The id of the user to create an EC2 credential for

  • tenant_id<~String>: The id of the tenant to create the credential in

Returns

  • response<~Excon::Response>:

    • body<~Hash>:

      • ‘credential’<~Hash>: Created EC2 credential

        • ‘access’<~String>: The access key

        • ‘secret’<~String>: The secret key

        • ‘user_id’<~String>: The user id

        • ‘tenant_id’<~String>: The tenant id



25
26
27
28
29
30
31
32
33
34
# File 'lib/fog/openstack/requests/identity/create_ec2_credential.rb', line 25

def create_ec2_credential(user_id, tenant_id)
  data = { 'tenant_id' => tenant_id }

  request(
    :body    => MultiJson.encode(data),
    :expects => [200, 202],
    :method  => 'POST',
    :path    => "users/#{user_id}/credentials/OS-EC2"
  )
end

#create_role(name) ⇒ Object



5
6
7
8
9
10
11
12
13
14
15
16
17
18
# File 'lib/fog/openstack/requests/identity/create_role.rb', line 5

def create_role(name)
  data = {
    'role' => {
      'name' => name
    }
  }

  request(
    :body     => MultiJson.encode(data),
    :expects  => [200, 202],
    :method   => 'POST',
    :path   => '/OS-KSADM/roles'
  )
end

#create_tenant(attributes) ⇒ Object



5
6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/create_tenant.rb', line 5

def create_tenant(attributes)
  request(
    :expects => [200],
    :method  => 'POST',
    :path    => "tenants",
    :body    => Fog::JSON.encode({ 'tenant' => attributes })
  )
end

#create_user(name, password, email, tenantId = nil, enabled = true) ⇒ Object



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# File 'lib/fog/openstack/requests/identity/create_user.rb', line 6

def create_user(name, password, email, tenantId=nil, enabled=true)
  data = {
    'user' => {
      'name'      => name,
      'password'  => password,
      'tenantId'  => tenantId,
      'email'     => email,
      'enabled'   => enabled,
    }
  }

  request(
    :body     => MultiJson.encode(data),
    :expects  => [200, 202],
    :method   => 'POST',
    :path     => '/users'
  )
end

#create_user_role(tenant_id, user_id, role_id) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/create_user_role.rb', line 6

def create_user_role(tenant_id, user_id, role_id)
  request(
    :expects  => 200,
    :method   => 'PUT',
    :path     => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
  )
end

#credentialsObject



208
209
210
211
212
213
214
215
216
# File 'lib/fog/openstack/identity.rb', line 208

def credentials
  { :provider                 => 'openstack',
    :openstack_auth_url       => @openstack_auth_uri.to_s,
    :openstack_auth_token     => @auth_token,
    :openstack_management_url => @openstack_management_url,
    :openstack_current_user_id => @openstack_current_user_id,
    :current_user             => @current_user,
    :current_tenant           => @current_tenant }
end

#delete_ec2_credential(user_id, access) ⇒ Object

Destroy an EC2 credential for a user. Requires administrator credentials.

Parameters

  • user_id<~String>: The id of the user to delete the credential for

  • access<~String>: The access key of the credential to destroy

Returns

  • response<~Excon::Response>:

    • body<~String>: Empty string



19
20
21
22
23
24
25
# File 'lib/fog/openstack/requests/identity/delete_ec2_credential.rb', line 19

def delete_ec2_credential(user_id, access)
  request(
    :expects => [200, 204],
    :method  => 'DELETE',
    :path    => "users/#{user_id}/credentials/OS-EC2/#{access}"
  )
end

#delete_role(role_id) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/delete_role.rb', line 6

def delete_role(role_id)
  request(
    :expects => [200, 204],
    :method => 'DELETE',
    :path   => "/OS-KSADM/roles/#{role_id}"
  )
end

#delete_tenant(id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/delete_tenant.rb', line 5

def delete_tenant(id)
  request(
    :expects => [200, 204],
    :method  => 'DELETE',
    :path    => "tenants/#{id}"
  )
end

#delete_user(user_id) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/delete_user.rb', line 6

def delete_user(user_id)
  request(
    :expects => [200, 204],
    :method => 'DELETE',
    :path   => "users/#{user_id}"
  )
end

#delete_user_role(tenant_id, user_id, role_id) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/delete_user_role.rb', line 6

def delete_user_role(tenant_id, user_id, role_id)
  request(
    :expects  => 204,
    :method   => 'DELETE',
    :path     => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
  )
end

#get_ec2_credential(user_id, access) ⇒ Object

Retrieves an EC2 credential for a user. Requires administrator credentials.

Parameters

  • user_id<~String>: The id of the user to retrieve the credential for

  • access<~String>: The access key of the credential to retrieve

Returns

  • response<~Excon::Response>:

    • body<~Hash>:

      • ‘credential’<~Hash>: The EC2 credential

        • ‘access’<~String>: The access key

        • ‘secret’<~String>: The secret key

        • ‘user_id’<~String>: The user id

        • ‘tenant_id’<~String>: The tenant id



24
25
26
27
28
29
30
31
32
# File 'lib/fog/openstack/requests/identity/get_ec2_credential.rb', line 24

def get_ec2_credential(user_id, access)
  request(
    :expects => [200, 202],
    :method  => 'GET',
    :path    => "users/#{user_id}/credentials/OS-EC2/#{access}"
  )
rescue Excon::Errors::Unauthorized
  raise Fog::Identity::OpenStack::NotFound
end

#get_role(id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/get_role.rb', line 5

def get_role(id)
  request(
    :expects => [200, 204],
    :method  => 'GET',
    :path    => "/OS-KSADM/roles/#{id}"
  )
end

#get_tenant(id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/get_tenant.rb', line 5

def get_tenant(id)
  request(
    :expects => [200, 204],
    :method  => 'GET',
    :path    => "tenants/#{id}"
  )
end

#get_tenants_by_id(tenant_id) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/get_tenants_by_id.rb', line 6

def get_tenants_by_id(tenant_id)
  request(
    :expects  => [200],
    :method   => 'GET',
    :path     => "tenants/#{tenant_id}"
  )
end

#get_tenants_by_name(name) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/get_tenants_by_name.rb', line 6

def get_tenants_by_name(name)
  request(
    :expects  => [200],
    :method   => 'GET',
    :path     => "tenants?name=#{name}"
  )
end

#get_user_by_id(user_id) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/get_user_by_id.rb', line 6

def get_user_by_id(user_id)
  request(
    :expects  => [200, 203],
    :method   => 'GET',
    :path     => "users/#{user_id}"
  )
end

#get_user_by_name(name) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/get_user_by_name.rb', line 6

def get_user_by_name(name)
  request(
    :expects  => [200, 203],
    :method   => 'GET',
    :path     => "users?name=#{name}"
  )
end

#list_ec2_credentials(user_id) ⇒ Object

List EC2 credentials for a user. Requires administrator credentials.

Parameters

  • user_id<~String>: The id of the user to retrieve the credential for

Returns

  • response<~Excon::Response>:

    • body<~Hash>:

      • ‘credentials’<~Array>: The user’s EC2 credentials

        • ‘access’<~String>: The access key

        • ‘secret’<~String>: The secret key

        • ‘user_id’<~String>: The user id

        • ‘tenant_id’<~String>: The tenant id



23
24
25
26
27
28
29
# File 'lib/fog/openstack/requests/identity/list_ec2_credentials.rb', line 23

def list_ec2_credentials(user_id)
  request(
    :expects => [200, 202],
    :method  => 'GET',
    :path    => "users/#{user_id}/credentials/OS-EC2"
  )
end

#list_endpoints_for_token(token_id) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/list_endpoints_for_token.rb', line 6

def list_endpoints_for_token(token_id)
  request(
    :expects  => [200, 203],
    :method   => 'HEAD',
    :path     => "tokens/#{token_id}/endpoints"
  )
end

#list_rolesObject



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/list_roles.rb', line 6

def list_roles
  request(
    :expects => 200,
    :method => 'GET',
    :path   => '/OS-KSADM/roles'
  )
end

#list_roles_for_user_on_tenant(tenant_id, user_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/list_roles_for_user_on_tenant.rb', line 5

def list_roles_for_user_on_tenant(tenant_id, user_id)
  request(
    :expects  => [200],
    :method   => 'GET',
    :path     => "tenants/#{tenant_id}/users/#{user_id}/roles"
  )
end

#list_tenants(limit = nil, marker = nil) ⇒ Object



5
6
7
8
9
10
11
12
13
14
15
16
# File 'lib/fog/openstack/requests/identity/list_tenants.rb', line 5

def list_tenants(limit = nil, marker = nil)
  params = Hash.new
  params['limit']  = limit  if limit
  params['marker'] = marker if marker

  request(
    :expects => [200, 204],
    :method  => 'GET',
    :path    => "tenants",
    :query   => params
  )
end

#list_user_global_roles(user_id) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/list_user_global_roles.rb', line 6

def list_user_global_roles(user_id)
  request(
    :expects  => [200],
    :method   => 'GET',
    :path     => "users/#{user_id}/roles"
  )
end

#list_users(tenant_id = nil) ⇒ Object



5
6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/list_users.rb', line 5

def list_users(tenant_id = nil)
  path = tenant_id ? "tenants/#{tenant_id}/users" : 'users'
  request(
    :expects => [200, 204],
    :method  => 'GET',
    :path    => path
  )
end

#reloadObject



218
219
220
# File 'lib/fog/openstack/identity.rb', line 218

def reload
  @connection.reset
end

#remove_user_from_tenant(tenant_id, user_id, role_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/remove_user_from_tenant.rb', line 5

def remove_user_from_tenant(tenant_id, user_id, role_id)
  request(
    :expects => [200, 204],
    :method  => 'DELETE',
    :path    => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
  )
end

#request(params) ⇒ Object



222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
# File 'lib/fog/openstack/identity.rb', line 222

def request(params)
  retried = false
  begin
    response = @connection.request(params.merge({
      :headers  => {
        'Content-Type' => 'application/json',
        'Accept' => 'application/json',
        'X-Auth-Token' => @auth_token
      }.merge!(params[:headers] || {}),
      :host     => @host,
      :path     => "#{@path}/#{params[:path]}"#,
      # Causes errors for some requests like tenants?limit=1
      # :query    => ('ignore_awful_caching' << Time.now.to_i.to_s)
    }))
  rescue Excon::Errors::Unauthorized => error
    raise if retried
    retried = true

    @openstack_must_reauthenticate = true
    authenticate
    retry
  rescue Excon::Errors::HTTPStatusError => error
    raise case error
    when Excon::Errors::NotFound
      Fog::Identity::OpenStack::NotFound.slurp(error)
    else
      error
    end
  end
  unless response.body.empty?
    response.body = MultiJson.decode(response.body)
  end
  response
end

#set_tenant(tenant) ⇒ Object



6
7
8
9
10
# File 'lib/fog/openstack/requests/identity/set_tenant.rb', line 6

def set_tenant(tenant)
  @openstack_must_reauthenticate = true
  @openstack_tenant = tenant.to_s
  authenticate
end

#update_tenant(id, attributes) ⇒ Object



5
6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/update_tenant.rb', line 5

def update_tenant(id, attributes)
  request(
    :expects => [200],
    :method  => 'PUT',
    :path    => "tenants/#{id}",
    :body    => Fog::JSON.encode({ 'tenant' => attributes })
  )
end

#update_user(user_id, options = {}) ⇒ Object



6
7
8
9
10
11
12
13
14
# File 'lib/fog/openstack/requests/identity/update_user.rb', line 6

def update_user(user_id, options = {})
  url = options.delete('url') || "/users/#{user_id}"
  request(
    :body     => MultiJson.encode({ 'user' => options }),
    :expects  => 200,
    :method   => 'PUT',
    :path     => url
  )
end

#validate_token(token_id, tenant_id) ⇒ Object



6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/validate_token.rb', line 6

def validate_token(token_id, tenant_id)
  request(
    :expects  => [200, 203],
    :method   => 'GET',
    :path     => "tokens/#{token_id}?belongsTo=#{tenant_id}"
  )
end