package swift import ( "bytes" "encoding/json" "fmt" "net/http" "strings" ) const ( v3AuthMethodToken = "token" v3AuthMethodPassword = "password" v3AuthMethodApplicationCredential = "application_credential" v3CatalogTypeObjectStore = "object-store" ) // V3 Authentication request // http://docs.openstack.org/developer/keystone/api_curl_examples.html // http://developer.openstack.org/api-ref-identity-v3.html type v3AuthRequest struct { Auth struct { Identity struct { Methods []string `json:"methods"` Password *v3AuthPassword `json:"password,omitempty"` Token *v3AuthToken `json:"token,omitempty"` ApplicationCredential *v3AuthApplicationCredential `json:"application_credential,omitempty"` } `json:"identity"` Scope *v3Scope `json:"scope,omitempty"` } `json:"auth"` } type v3Scope struct { Project *v3Project `json:"project,omitempty"` Domain *v3Domain `json:"domain,omitempty"` Trust *v3Trust `json:"OS-TRUST:trust,omitempty"` } type v3Domain struct { Id string `json:"id,omitempty"` Name string `json:"name,omitempty"` } type v3Project struct { Name string `json:"name,omitempty"` Id string `json:"id,omitempty"` Domain *v3Domain `json:"domain,omitempty"` } type v3Trust struct { Id string `json:"id"` } type v3User struct { Domain *v3Domain `json:"domain,omitempty"` Id string `json:"id,omitempty"` Name string `json:"name,omitempty"` Password string `json:"password,omitempty"` } type v3AuthToken struct { Id string `json:"id"` } type v3AuthPassword struct { User v3User `json:"user"` } type v3AuthApplicationCredential struct { Id string `json:"id,omitempty"` Name string `json:"name,omitempty"` Secret string `json:"secret,omitempty"` User *v3User `json:"user,omitempty"` } // V3 Authentication response type v3AuthResponse struct { Token struct { Expires_At, Issued_At string Methods []string Roles []struct { Id, Name string Links struct { Self string } } Project struct { Domain struct { Id, Name string } Id, Name string } Catalog []struct { Id, Namem, Type string Endpoints []struct { Id, Region_Id, Url, Region string Interface EndpointType } } User struct { Id, Name string Domain struct { Id, Name string Links struct { Self string } } } Audit_Ids []string } } type v3Auth struct { Region string Auth *v3AuthResponse Headers http.Header } func (auth *v3Auth) Request(c *Connection) (*http.Request, error) { auth.Region = c.Region var v3i interface{} v3 := v3AuthRequest{} if (c.ApplicationCredentialId != "" || c.ApplicationCredentialName != "") && c.ApplicationCredentialSecret != "" { var user *v3User if c.ApplicationCredentialId != "" { c.ApplicationCredentialName = "" user = &v3User{} } if user == nil && c.UserId != "" { // UserID could be used without the domain information user = &v3User{ Id: c.UserId, } } if user == nil && c.UserName == "" { // Make sure that Username or UserID are provided return nil, fmt.Errorf("UserID or Name should be provided") } if user == nil && c.DomainId != "" { user = &v3User{ Name: c.UserName, Domain: &v3Domain{ Id: c.DomainId, }, } } if user == nil && c.Domain != "" { user = &v3User{ Name: c.UserName, Domain: &v3Domain{ Name: c.Domain, }, } } // Make sure that DomainID or DomainName are provided among Username if user == nil { return nil, fmt.Errorf("DomainID or Domain should be provided") } v3.Auth.Identity.Methods = []string{v3AuthMethodApplicationCredential} v3.Auth.Identity.ApplicationCredential = &v3AuthApplicationCredential{ Id: c.ApplicationCredentialId, Name: c.ApplicationCredentialName, Secret: c.ApplicationCredentialSecret, User: user, } } else if c.UserName == "" && c.UserId == "" { v3.Auth.Identity.Methods = []string{v3AuthMethodToken} v3.Auth.Identity.Token = &v3AuthToken{Id: c.ApiKey} } else { v3.Auth.Identity.Methods = []string{v3AuthMethodPassword} v3.Auth.Identity.Password = &v3AuthPassword{ User: v3User{ Name: c.UserName, Id: c.UserId, Password: c.ApiKey, }, } var domain *v3Domain if c.Domain != "" { domain = &v3Domain{Name: c.Domain} } else if c.DomainId != "" { domain = &v3Domain{Id: c.DomainId} } v3.Auth.Identity.Password.User.Domain = domain } if v3.Auth.Identity.Methods[0] != v3AuthMethodApplicationCredential { if c.TrustId != "" { v3.Auth.Scope = &v3Scope{Trust: &v3Trust{Id: c.TrustId}} } else if c.TenantId != "" || c.Tenant != "" { v3.Auth.Scope = &v3Scope{Project: &v3Project{}} if c.TenantId != "" { v3.Auth.Scope.Project.Id = c.TenantId } else if c.Tenant != "" { v3.Auth.Scope.Project.Name = c.Tenant switch { case c.TenantDomain != "": v3.Auth.Scope.Project.Domain = &v3Domain{Name: c.TenantDomain} case c.TenantDomainId != "": v3.Auth.Scope.Project.Domain = &v3Domain{Id: c.TenantDomainId} case c.Domain != "": v3.Auth.Scope.Project.Domain = &v3Domain{Name: c.Domain} case c.DomainId != "": v3.Auth.Scope.Project.Domain = &v3Domain{Id: c.DomainId} default: v3.Auth.Scope.Project.Domain = &v3Domain{Name: "Default"} } } } } v3i = v3 body, err := json.Marshal(v3i) if err != nil { return nil, err } url := c.AuthUrl if !strings.HasSuffix(url, "/") { url += "/" } url += "auth/tokens" req, err := http.NewRequest("POST", url, bytes.NewBuffer(body)) if err != nil { return nil, err } req.Header.Set("Content-Type", "application/json") req.Header.Set("User-Agent", c.UserAgent) return req, nil } func (auth *v3Auth) Response(resp *http.Response) error { auth.Auth = &v3AuthResponse{} auth.Headers = resp.Header err := readJson(resp, auth.Auth) return err } func (auth *v3Auth) endpointUrl(Type string, endpointType EndpointType) string { for _, catalog := range auth.Auth.Token.Catalog { if catalog.Type == Type { for _, endpoint := range catalog.Endpoints { if endpoint.Interface == endpointType && (auth.Region == "" || (auth.Region == endpoint.Region)) { return endpoint.Url } } } } return "" } func (auth *v3Auth) StorageUrl(Internal bool) string { endpointType := EndpointTypePublic if Internal { endpointType = EndpointTypeInternal } return auth.StorageUrlForEndpoint(endpointType) } func (auth *v3Auth) StorageUrlForEndpoint(endpointType EndpointType) string { return auth.endpointUrl("object-store", endpointType) } func (auth *v3Auth) Token() string { return auth.Headers.Get("X-Subject-Token") } func (auth *v3Auth) CdnUrl() string { return "" }