Class: Fog::Identity::OpenStack::Real

Inherits:
Object
  • Object
show all
Defined in:
lib/fog/openstack/identity.rb,
lib/fog/openstack/requests/identity/get_role.rb,
lib/fog/openstack/requests/identity/get_tenant.rb,
lib/fog/openstack/requests/identity/list_roles.rb,
lib/fog/openstack/requests/identity/list_users.rb,
lib/fog/openstack/requests/identity/set_tenant.rb,
lib/fog/openstack/requests/identity/check_token.rb,
lib/fog/openstack/requests/identity/create_role.rb,
lib/fog/openstack/requests/identity/create_user.rb,
lib/fog/openstack/requests/identity/delete_role.rb,
lib/fog/openstack/requests/identity/delete_user.rb,
lib/fog/openstack/requests/identity/update_user.rb,
lib/fog/openstack/requests/identity/list_tenants.rb,
lib/fog/openstack/requests/identity/create_tenant.rb,
lib/fog/openstack/requests/identity/delete_tenant.rb,
lib/fog/openstack/requests/identity/update_tenant.rb,
lib/fog/openstack/requests/identity/get_user_by_id.rb,
lib/fog/openstack/requests/identity/validate_token.rb,
lib/fog/openstack/requests/identity/create_user_role.rb,
lib/fog/openstack/requests/identity/delete_user_role.rb,
lib/fog/openstack/requests/identity/get_user_by_name.rb,
lib/fog/openstack/requests/identity/get_tenants_by_id.rb,
lib/fog/openstack/requests/identity/add_user_to_tenant.rb,
lib/fog/openstack/requests/identity/get_ec2_credential.rb,
lib/fog/openstack/requests/identity/get_tenants_by_name.rb,
lib/fog/openstack/requests/identity/list_ec2_credentials.rb,
lib/fog/openstack/requests/identity/create_ec2_credential.rb,
lib/fog/openstack/requests/identity/delete_ec2_credential.rb,
lib/fog/openstack/requests/identity/list_user_global_roles.rb,
lib/fog/openstack/requests/identity/remove_user_from_tenant.rb,
lib/fog/openstack/requests/identity/list_endpoints_for_token.rb,
lib/fog/openstack/requests/identity/list_roles_for_user_on_tenant.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Real

Returns a new instance of Real.



170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
# File 'lib/fog/openstack/identity.rb', line 170

def initialize(options={})
  @openstack_auth_token = options[:openstack_auth_token]

  unless @openstack_auth_token
    missing_credentials = Array.new
    @openstack_api_key  = options[:openstack_api_key]
    @openstack_username = options[:openstack_username]

    missing_credentials << :openstack_api_key  unless @openstack_api_key
    missing_credentials << :openstack_username unless @openstack_username
    raise ArgumentError, "Missing required arguments: #{missing_credentials.join(', ')}" unless missing_credentials.empty?
  end

  @openstack_tenant   = options[:openstack_tenant]
  @openstack_auth_uri = URI.parse(options[:openstack_auth_url])
  @openstack_management_url       = options[:openstack_management_url]
  @openstack_must_reauthenticate  = false
  @openstack_service_type = options[:openstack_service_type] || ['identity']
  @openstack_service_name = options[:openstack_service_name]

  @connection_options = options[:connection_options] || {}

  @openstack_current_user_id = options[:openstack_current_user_id]

  @openstack_endpoint_type = options[:openstack_endpoint_type] || 'adminURL'

  @current_user = options[:current_user]
  @current_tenant = options[:current_tenant]

  authenticate

  @persistent = options[:persistent] || false
  @connection = Fog::Core::Connection.new("#{@scheme}://#{@host}:#{@port}", @persistent, @connection_options)
end

Instance Attribute Details

#current_tenantObject (readonly)

Returns the value of attribute current_tenant.



167
168
169
# File 'lib/fog/openstack/identity.rb', line 167

def current_tenant
  @current_tenant
end

#current_userObject (readonly)

Returns the value of attribute current_user.



166
167
168
# File 'lib/fog/openstack/identity.rb', line 166

def current_user
  @current_user
end

#unscoped_tokenObject (readonly)

Returns the value of attribute unscoped_token.



168
169
170
# File 'lib/fog/openstack/identity.rb', line 168

def unscoped_token
  @unscoped_token
end

Instance Method Details

#add_user_to_tenant(tenant_id, user_id, role_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/add_user_to_tenant.rb', line 5

def add_user_to_tenant(tenant_id, user_id, role_id)
  request(
    :expects => 200,
    :method  => 'PUT',
    :path    => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
  )
end

#check_token(token_id, tenant_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/check_token.rb', line 5

def check_token(token_id, tenant_id)
  request(
    :expects  => [200, 203],
    :method   => 'HEAD',
    :path     => "tokens/#{token_id}?belongsTo=#{tenant_id}"
  )
end

#create_ec2_credential(user_id, tenant_id) ⇒ Object

Create an EC2 credential for a user in a tenant. Requires administrator credentials.

Parameters

  • user_id<~String>: The id of the user to create an EC2 credential for

  • tenant_id<~String>: The id of the tenant to create the credential in

Returns

  • response<~Excon::Response>:

    • body<~Hash>:

      • ‘credential’<~Hash>: Created EC2 credential

        • ‘access’<~String>: The access key

        • ‘secret’<~String>: The secret key

        • ‘user_id’<~String>: The user id

        • ‘tenant_id’<~String>: The tenant id



24
25
26
27
28
29
30
31
32
33
# File 'lib/fog/openstack/requests/identity/create_ec2_credential.rb', line 24

def create_ec2_credential(user_id, tenant_id)
  data = { 'tenant_id' => tenant_id }

  request(
    :body    => Fog::JSON.encode(data),
    :expects => [200, 202],
    :method  => 'POST',
    :path    => "users/#{user_id}/credentials/OS-EC2"
  )
end

#create_role(name) ⇒ Object



5
6
7
8
9
10
11
12
13
14
15
16
17
18
# File 'lib/fog/openstack/requests/identity/create_role.rb', line 5

def create_role(name)
  data = {
    'role' => {
      'name' => name
    }
  }

  request(
    :body     => Fog::JSON.encode(data),
    :expects  => [200, 202],
    :method   => 'POST',
    :path   => '/OS-KSADM/roles'
  )
end

#create_tenant(attributes) ⇒ Object



5
6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/create_tenant.rb', line 5

def create_tenant(attributes)
  request(
    :expects => [200],
    :method  => 'POST',
    :path    => "tenants",
    :body    => Fog::JSON.encode({ 'tenant' => attributes })
  )
end

#create_user(name, password, email, tenantId = nil, enabled = true) ⇒ Object



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# File 'lib/fog/openstack/requests/identity/create_user.rb', line 5

def create_user(name, password, email, tenantId=nil, enabled=true)
  data = {
    'user' => {
      'name'      => name,
      'password'  => password,
      'tenantId'  => tenantId,
      'email'     => email,
      'enabled'   => enabled,
    }
  }

  request(
    :body     => Fog::JSON.encode(data),
    :expects  => [200, 202],
    :method   => 'POST',
    :path     => '/users'
  )
end

#create_user_role(tenant_id, user_id, role_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/create_user_role.rb', line 5

def create_user_role(tenant_id, user_id, role_id)
  request(
    :expects  => 200,
    :method   => 'PUT',
    :path     => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
  )
end

#credentialsObject



205
206
207
208
209
210
211
212
213
# File 'lib/fog/openstack/identity.rb', line 205

def credentials
  { :provider                 => 'openstack',
    :openstack_auth_url       => @openstack_auth_uri.to_s,
    :openstack_auth_token     => @auth_token,
    :openstack_management_url => @openstack_management_url,
    :openstack_current_user_id => @openstack_current_user_id,
    :current_user             => @current_user,
    :current_tenant           => @current_tenant }
end

#delete_ec2_credential(user_id, access) ⇒ Object

Destroy an EC2 credential for a user. Requires administrator credentials.

Parameters

  • user_id<~String>: The id of the user to delete the credential for

  • access<~String>: The access key of the credential to destroy

Returns

  • response<~Excon::Response>:

    • body<~String>: Empty string



18
19
20
21
22
23
24
# File 'lib/fog/openstack/requests/identity/delete_ec2_credential.rb', line 18

def delete_ec2_credential(user_id, access)
  request(
    :expects => [200, 204],
    :method  => 'DELETE',
    :path    => "users/#{user_id}/credentials/OS-EC2/#{access}"
  )
end

#delete_role(role_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/delete_role.rb', line 5

def delete_role(role_id)
  request(
    :expects => [200, 204],
    :method => 'DELETE',
    :path   => "/OS-KSADM/roles/#{role_id}"
  )
end

#delete_tenant(id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/delete_tenant.rb', line 5

def delete_tenant(id)
  request(
    :expects => [200, 204],
    :method  => 'DELETE',
    :path    => "tenants/#{id}"
  )
end

#delete_user(user_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/delete_user.rb', line 5

def delete_user(user_id)
  request(
    :expects => [200, 204],
    :method => 'DELETE',
    :path   => "users/#{user_id}"
  )
end

#delete_user_role(tenant_id, user_id, role_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/delete_user_role.rb', line 5

def delete_user_role(tenant_id, user_id, role_id)
  request(
    :expects  => 204,
    :method   => 'DELETE',
    :path     => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
  )
end

#get_ec2_credential(user_id, access) ⇒ Object

Retrieves an EC2 credential for a user. Requires administrator credentials.

Parameters

  • user_id<~String>: The id of the user to retrieve the credential for

  • access<~String>: The access key of the credential to retrieve

Returns

  • response<~Excon::Response>:

    • body<~Hash>:

      • ‘credential’<~Hash>: The EC2 credential

        • ‘access’<~String>: The access key

        • ‘secret’<~String>: The secret key

        • ‘user_id’<~String>: The user id

        • ‘tenant_id’<~String>: The tenant id



23
24
25
26
27
28
29
30
31
# File 'lib/fog/openstack/requests/identity/get_ec2_credential.rb', line 23

def get_ec2_credential(user_id, access)
  request(
    :expects => [200, 202],
    :method  => 'GET',
    :path    => "users/#{user_id}/credentials/OS-EC2/#{access}"
  )
rescue Excon::Errors::Unauthorized
  raise Fog::Identity::OpenStack::NotFound
end

#get_role(id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/get_role.rb', line 5

def get_role(id)
  request(
    :expects => [200, 204],
    :method  => 'GET',
    :path    => "/OS-KSADM/roles/#{id}"
  )
end

#get_tenant(id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/get_tenant.rb', line 5

def get_tenant(id)
  request(
    :expects => [200, 204],
    :method  => 'GET',
    :path    => "tenants/#{id}"
  )
end

#get_tenants_by_id(tenant_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/get_tenants_by_id.rb', line 5

def get_tenants_by_id(tenant_id)
  request(
    :expects  => [200],
    :method   => 'GET',
    :path     => "tenants/#{tenant_id}"
  )
end

#get_tenants_by_name(name) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/get_tenants_by_name.rb', line 5

def get_tenants_by_name(name)
  request(
    :expects  => [200],
    :method   => 'GET',
    :path     => "tenants?name=#{name}"
  )
end

#get_user_by_id(user_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/get_user_by_id.rb', line 5

def get_user_by_id(user_id)
  request(
    :expects  => [200, 203],
    :method   => 'GET',
    :path     => "users/#{user_id}"
  )
end

#get_user_by_name(name) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/get_user_by_name.rb', line 5

def get_user_by_name(name)
  request(
    :expects  => [200, 203],
    :method   => 'GET',
    :path     => "users?name=#{name}"
  )
end

#list_ec2_credentials(user_id) ⇒ Object

List EC2 credentials for a user. Requires administrator credentials.

Parameters

  • user_id<~String>: The id of the user to retrieve the credential for

Returns

  • response<~Excon::Response>:

    • body<~Hash>:

      • ‘credentials’<~Array>: The user’s EC2 credentials

        • ‘access’<~String>: The access key

        • ‘secret’<~String>: The secret key

        • ‘user_id’<~String>: The user id

        • ‘tenant_id’<~String>: The tenant id



22
23
24
25
26
27
28
# File 'lib/fog/openstack/requests/identity/list_ec2_credentials.rb', line 22

def list_ec2_credentials(user_id)
  request(
    :expects => [200, 202],
    :method  => 'GET',
    :path    => "users/#{user_id}/credentials/OS-EC2"
  )
end

#list_endpoints_for_token(token_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/list_endpoints_for_token.rb', line 5

def list_endpoints_for_token(token_id)
  request(
    :expects  => [200, 203],
    :method   => 'HEAD',
    :path     => "tokens/#{token_id}/endpoints"
  )
end

#list_rolesObject



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/list_roles.rb', line 5

def list_roles
  request(
    :expects => 200,
    :method => 'GET',
    :path   => '/OS-KSADM/roles'
  )
end

#list_roles_for_user_on_tenant(tenant_id, user_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/list_roles_for_user_on_tenant.rb', line 5

def list_roles_for_user_on_tenant(tenant_id, user_id)
  request(
    :expects  => [200],
    :method   => 'GET',
    :path     => "tenants/#{tenant_id}/users/#{user_id}/roles"
  )
end

#list_tenants(limit = nil, marker = nil) ⇒ Object



5
6
7
8
9
10
11
12
13
14
15
16
# File 'lib/fog/openstack/requests/identity/list_tenants.rb', line 5

def list_tenants(limit = nil, marker = nil)
  params = Hash.new
  params['limit']  = limit  if limit
  params['marker'] = marker if marker

  request(
    :expects => [200, 204],
    :method  => 'GET',
    :path    => "tenants",
    :query   => params
  )
end

#list_user_global_roles(user_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/list_user_global_roles.rb', line 5

def list_user_global_roles(user_id)
  request(
    :expects  => [200],
    :method   => 'GET',
    :path     => "users/#{user_id}/roles"
  )
end

#list_users(tenant_id = nil) ⇒ Object



5
6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/list_users.rb', line 5

def list_users(tenant_id = nil)
  path = tenant_id ? "tenants/#{tenant_id}/users" : 'users'
  request(
    :expects => [200, 204],
    :method  => 'GET',
    :path    => path
  )
end

#reloadObject



215
216
217
# File 'lib/fog/openstack/identity.rb', line 215

def reload
  @connection.reset
end

#remove_user_from_tenant(tenant_id, user_id, role_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/remove_user_from_tenant.rb', line 5

def remove_user_from_tenant(tenant_id, user_id, role_id)
  request(
    :expects => [200, 204],
    :method  => 'DELETE',
    :path    => "/tenants/#{tenant_id}/users/#{user_id}/roles/OS-KSADM/#{role_id}"
  )
end

#request(params) ⇒ Object



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
# File 'lib/fog/openstack/identity.rb', line 219

def request(params)
  retried = false
  begin
    response = @connection.request(params.merge({
      :headers  => {
        'Content-Type' => 'application/json',
        'Accept' => 'application/json',
        'X-Auth-Token' => @auth_token
      }.merge!(params[:headers] || {}),
      :path     => "#{@path}/#{params[:path]}"#,
    }))
  rescue Excon::Errors::Unauthorized => error
    raise if retried
    retried = true

    @openstack_must_reauthenticate = true
    authenticate
    retry
  rescue Excon::Errors::HTTPStatusError => error
    raise case error
    when Excon::Errors::NotFound
      Fog::Identity::OpenStack::NotFound.slurp(error)
    else
      error
    end
  end
  unless response.body.empty?
    response.body = Fog::JSON.decode(response.body)
  end
  response
end

#set_tenant(tenant) ⇒ Object



5
6
7
8
9
# File 'lib/fog/openstack/requests/identity/set_tenant.rb', line 5

def set_tenant(tenant)
  @openstack_must_reauthenticate = true
  @openstack_tenant = tenant.to_s
  authenticate
end

#update_tenant(id, attributes) ⇒ Object



5
6
7
8
9
10
11
12
# File 'lib/fog/openstack/requests/identity/update_tenant.rb', line 5

def update_tenant(id, attributes)
  request(
    :expects => [200],
    :method  => 'PUT',
    :path    => "tenants/#{id}",
    :body    => Fog::JSON.encode({ 'tenant' => attributes })
  )
end

#update_user(user_id, options = {}) ⇒ Object



5
6
7
8
9
10
11
12
13
# File 'lib/fog/openstack/requests/identity/update_user.rb', line 5

def update_user(user_id, options = {})
  url = options.delete('url') || "/users/#{user_id}"
  request(
    :body     => Fog::JSON.encode({ 'user' => options }),
    :expects  => 200,
    :method   => 'PUT',
    :path     => url
  )
end

#validate_token(token_id, tenant_id) ⇒ Object



5
6
7
8
9
10
11
# File 'lib/fog/openstack/requests/identity/validate_token.rb', line 5

def validate_token(token_id, tenant_id)
  request(
    :expects  => [200, 203],
    :method   => 'GET',
    :path     => "tokens/#{token_id}?belongsTo=#{tenant_id}"
  )
end