Example #1
0
//VerifyToken verifies keystone v3.0 token
func (client *keystoneV3Client) VerifyToken(token string) (schema.Authorization, error) {
	tokenResult := v3tokens.Get(client.client, token)
	_, err := tokenResult.Extract()
	if err != nil {
		return nil, fmt.Errorf("Invalid token")
	}
	tokenBody := tokenResult.Body.(map[string]interface{})["token"]
	roles := tokenBody.(map[string]interface{})["roles"]
	roleIDs := []string{}
	for _, roleBody := range roles.([]interface{}) {
		roleIDs = append(roleIDs, roleBody.(map[string]interface{})["name"].(string))
	}
	tokenBodyMap := tokenBody.(map[string]interface{})
	project := tokenBodyMap["project"].(map[string]interface{})
	tenantID := project["id"].(string)
	tenantName := project["name"].(string)
	catalogList, ok := tokenBodyMap["catalog"].([]interface{})
	catalogObj := []*schema.Catalog{}
	if ok {
		for _, rawCatalog := range catalogList {
			catalog := rawCatalog.(map[string]interface{})
			endPoints := []*schema.Endpoint{}
			rawEndpoints, ok := catalog["endpoints"].([]interface{})
			if ok {
				for _, rawEndpoint := range rawEndpoints {
					endpoint := rawEndpoint.(map[string]interface{})
					endPoints = append(endPoints,
						schema.NewEndpoint(endpoint["url"].(string), endpoint["region"].(string), endpoint["interface"].(string)))
				}
			}
			catalogObj = append(catalogObj, schema.NewCatalog(catalog["name"].(string), catalog["type"].(string), endPoints))
		}
	}
	return schema.NewAuthorization(tenantID, tenantName, token, roleIDs, catalogObj), nil
}
Example #2
0
//VerifyToken verifies keystone v2.0 token
func (client *keystoneV2Client) VerifyToken(token string) (schema.Authorization, error) {
	tokenResult, err := verifyV2Token(client.client, token)
	if err != nil {
		return nil, fmt.Errorf("Invalid token")
	}
	fmt.Printf("%v", tokenResult)
	tokenBody := tokenResult.(map[string]interface{})["access"]
	userBody := tokenBody.(map[string]interface{})["user"]
	roles := userBody.(map[string]interface{})["roles"]
	roleIDs := []string{}
	for _, roleBody := range roles.([]interface{}) {
		roleIDs = append(roleIDs, roleBody.(map[string]interface{})["name"].(string))
	}
	tokenBodyMap := tokenBody.(map[string]interface{})
	tenantObj, ok := tokenBodyMap["token"].(map[string]interface{})["tenant"]
	if !ok {
		return nil, fmt.Errorf("Token is unscoped")
	}
	tenant := tenantObj.(map[string]interface{})
	tenantID := tenant["id"].(string)
	tenantName := tenant["name"].(string)
	catalogList := tokenBodyMap["serviceCatalog"].([]interface{})
	catalogObj := []*schema.Catalog{}
	for _, rawCatalog := range catalogList {
		catalog := rawCatalog.(map[string]interface{})
		endPoints := []*schema.Endpoint{}
		rawEndpoints := catalog["endpoints"].([]interface{})
		for _, rawEndpoint := range rawEndpoints {
			endpoint := rawEndpoint.(map[string]interface{})
			region := endpoint["region"].(string)
			adminURL, ok := endpoint["adminURL"].(string)
			if ok {
				endPoints = append(endPoints,
					schema.NewEndpoint(adminURL, region, "admin"))
			}
			internalURL, ok := endpoint["internalURL"].(string)
			if ok {
				endPoints = append(endPoints,
					schema.NewEndpoint(internalURL, region, "internal"))
			}
			publicURL, ok := endpoint["publicURL"].(string)
			if ok {
				endPoints = append(endPoints,
					schema.NewEndpoint(publicURL, region, "public"))
			}
		}
		catalogObj = append(catalogObj, schema.NewCatalog(catalog["name"].(string), catalog["type"].(string), endPoints))
	}
	return schema.NewAuthorization(tenantID, tenantName, token, roleIDs, catalogObj), nil
}