Esempio n. 1
0
//VerifyToken verifies keystone v3.0 token
func (client *keystoneV3Client) VerifyToken(token string) (schema.Authorization, error) {
	tokenResult := v3tokens.Get(client.client, token)
	_, err := tokenResult.Extract()
	if err != nil {
		return nil, fmt.Errorf("Invalid token")
	}
	tokenBody := tokenResult.Body.(map[string]interface{})["token"]
	roles := tokenBody.(map[string]interface{})["roles"]
	roleIDs := []string{}
	for _, roleBody := range roles.([]interface{}) {
		roleIDs = append(roleIDs, roleBody.(map[string]interface{})["name"].(string))
	}
	tokenBodyMap := tokenBody.(map[string]interface{})
	project := tokenBodyMap["project"].(map[string]interface{})
	tenantID := project["id"].(string)
	tenantName := project["name"].(string)
	catalogList, ok := tokenBodyMap["catalog"].([]interface{})
	catalogObj := []*schema.Catalog{}
	if ok {
		for _, rawCatalog := range catalogList {
			catalog := rawCatalog.(map[string]interface{})
			endPoints := []*schema.Endpoint{}
			rawEndpoints, ok := catalog["endpoints"].([]interface{})
			if ok {
				for _, rawEndpoint := range rawEndpoints {
					endpoint := rawEndpoint.(map[string]interface{})
					endPoints = append(endPoints,
						schema.NewEndpoint(endpoint["url"].(string), endpoint["region"].(string), endpoint["interface"].(string)))
				}
			}
			catalogObj = append(catalogObj, schema.NewCatalog(catalog["name"].(string), catalog["type"].(string), endPoints))
		}
	}
	return schema.NewAuthorization(tenantID, tenantName, token, roleIDs, catalogObj), nil
}
Esempio n. 2
0
func (env *Environment) addTestingAPI() {
	builtins := map[string]interface{}{
		"Fail": func(call otto.FunctionCall) otto.Value {
			if len(call.ArgumentList) == 0 {
				panic(fmt.Errorf("Fail!"))
			}

			if !call.ArgumentList[0].IsString() {
				panic(fmt.Errorf("Invalid call to 'Fail': format string expected first"))
			}

			format, _ := call.ArgumentList[0].ToString()
			args := []interface{}{}
			for _, value := range call.ArgumentList[1:] {
				args = append(args, gohan_otto.ConvertOttoToGo(value))
			}

			panic(fmt.Errorf(format, args...))
		},
		"MockTransaction": func(call otto.FunctionCall) otto.Value {
			newTransaction := false
			if len(call.ArgumentList) > 1 {
				panic("Wrong number of arguments in MockTransaction call.")
			} else if len(call.ArgumentList) == 1 {
				rawNewTransaction, _ := call.Argument(0).Export()
				newTransaction = rawNewTransaction.(bool)
			}
			transactionValue, _ := call.Otto.ToValue(env.getTransaction(newTransaction))
			return transactionValue
		},
		"CommitMockTransaction": func(call otto.FunctionCall) otto.Value {
			tx := env.getTransaction(false)
			tx.Commit()
			tx.Close()
			return otto.Value{}
		},
		"MockPolicy": func(call otto.FunctionCall) otto.Value {
			policyValue, _ := call.Otto.ToValue(schema.NewEmptyPolicy())
			return policyValue
		},
		"MockAuthorization": func(call otto.FunctionCall) otto.Value {
			authorizationValue, _ := call.Otto.ToValue(schema.NewAuthorization("", "", "", []string{}, []*schema.Catalog{}))
			return authorizationValue
		},
	}
	for name, object := range builtins {
		env.VM.Set(name, object)
	}
	// NOTE: There is no way to return error back to Otto after calling a Go
	// function, so the following function has to be written in pure JavaScript.
	env.VM.Otto.Run(`function GohanTrigger(event, context) { gohan_handle_event(event, context); }`)
	env.mockFunction("gohan_http")
	env.mockFunction("gohan_raw_http")
	env.mockFunction("gohan_db_transaction")
	env.mockFunction("gohan_config")
}
Esempio n. 3
0
//VerifyToken fake verify
func (*FakeIdentity) VerifyToken(tokenID string) (schema.Authorization, error) {
	rawToken, ok := fakeTokens[tokenID]
	if !ok {
		return nil, fmt.Errorf("authentication error")
	}

	access, _ := rawToken.(map[string]interface{})["access"].(map[string]interface{})
	tenantID := access["token"].(token).Tenant.ID
	tenantName := access["token"].(token).Tenant.Name
	role := access["user"].(map[string]interface{})["roles"].([]role)[0].Name

	return schema.NewAuthorization(tenantID, tenantName, tokenID, []string{role}, nil), nil
}
Esempio n. 4
0
//VerifyToken verifies keystone v2.0 token
func (client *keystoneV2Client) VerifyToken(token string) (schema.Authorization, error) {
	tokenResult, err := verifyV2Token(client.client, token)
	if err != nil {
		return nil, fmt.Errorf("Invalid token")
	}
	fmt.Printf("%v", tokenResult)
	tokenBody := tokenResult.(map[string]interface{})["access"]
	userBody := tokenBody.(map[string]interface{})["user"]
	roles := userBody.(map[string]interface{})["roles"]
	roleIDs := []string{}
	for _, roleBody := range roles.([]interface{}) {
		roleIDs = append(roleIDs, roleBody.(map[string]interface{})["name"].(string))
	}
	tokenBodyMap := tokenBody.(map[string]interface{})
	tenantObj, ok := tokenBodyMap["token"].(map[string]interface{})["tenant"]
	if !ok {
		return nil, fmt.Errorf("Token is unscoped")
	}
	tenant := tenantObj.(map[string]interface{})
	tenantID := tenant["id"].(string)
	tenantName := tenant["name"].(string)
	catalogList := tokenBodyMap["serviceCatalog"].([]interface{})
	catalogObj := []*schema.Catalog{}
	for _, rawCatalog := range catalogList {
		catalog := rawCatalog.(map[string]interface{})
		endPoints := []*schema.Endpoint{}
		rawEndpoints := catalog["endpoints"].([]interface{})
		for _, rawEndpoint := range rawEndpoints {
			endpoint := rawEndpoint.(map[string]interface{})
			region := endpoint["region"].(string)
			adminURL, ok := endpoint["adminURL"].(string)
			if ok {
				endPoints = append(endPoints,
					schema.NewEndpoint(adminURL, region, "admin"))
			}
			internalURL, ok := endpoint["internalURL"].(string)
			if ok {
				endPoints = append(endPoints,
					schema.NewEndpoint(internalURL, region, "internal"))
			}
			publicURL, ok := endpoint["publicURL"].(string)
			if ok {
				endPoints = append(endPoints,
					schema.NewEndpoint(publicURL, region, "public"))
			}
		}
		catalogObj = append(catalogObj, schema.NewCatalog(catalog["name"].(string), catalog["type"].(string), endPoints))
	}
	return schema.NewAuthorization(tenantID, tenantName, token, roleIDs, catalogObj), nil
}
Esempio n. 5
0
//GetServiceAuthorization returns always authorization for admin
func (i *NoIdentityService) GetServiceAuthorization() (schema.Authorization, error) {
	return schema.NewAuthorization("admin", "admin", "admin_token", []string{"admin"}, nil), nil
}
Esempio n. 6
0
			context       middleware.Context
			schemaID      string
			path          string
			action        string
			currentSchema *schema.Schema
			extensions    []*schema.Extension
			env           extension.Environment
			events        map[string]string

			network1 map[string]interface{}
			network2 map[string]interface{}
			subnet1  map[string]interface{}
		)

		BeforeEach(func() {
			adminAuth = schema.NewAuthorization(adminTenantID, "admin", adminTokenID, []string{"admin"}, nil)
			memberAuth = schema.NewAuthorization(memberTenantID, "member", memberTokenID, []string{"_member_"}, nil)
			auth = adminAuth

			context = middleware.Context{}

			events = map[string]string{}

			network1 = map[string]interface{}{
				"id":                "test1",
				"name":              "Rohan",
				"description":       "The proud horsemasters",
				"tenant_id":         adminTenantID,
				"providor_networks": map[string]interface{}{},
				"route_targets":     []interface{}{},
				"shared":            false,
Esempio n. 7
0
//GetServiceAuthorization returns always authorization for nobody
func (i *NobodyIdentityService) GetServiceAuthorization() (schema.Authorization, error) {
	return schema.NewAuthorization("nobody", "nobody", "nobody_token", []string{"Nobody"}, nil), nil
}
Esempio n. 8
0
//NewServer returns new GohanAPIServer
func NewServer(configFile string) (*Server, error) {
	manager := schema.GetManager()
	config := util.GetConfig()
	err := config.ReadConfig(configFile)
	err = os.Chdir(path.Dir(configFile))
	if err != nil {
		return nil, fmt.Errorf("Config load error: %s", err)
	}
	err = l.SetUpLogging(config)
	if err != nil {
		return nil, fmt.Errorf("Logging setup error: %s", err)
	}
	log.Info("logging initialized")

	server := &Server{}

	m := martini.Classic()
	m.Handlers()
	m.Use(middleware.Logging())
	m.Use(martini.Recovery())
	m.Use(middleware.JSONURLs())
	m.Use(middleware.WithContext())

	server.martini = m

	port := os.Getenv("PORT")

	if port == "" {
		port = "9091"
	}

	setupEditor(server)

	server.timelimit = config.GetInt("extension/timelimit", 30)
	server.extensions = config.GetStringList("extension/use", []string{
		"javascript",
		"gohanscript",
		"go",
	})
	schema.DefaultExtension = config.GetString("extension/default", "javascript")
	server.address = config.GetString("address", ":"+port)
	if config.GetBool("tls/enabled", false) {
		log.Info("TLS enabled")
		server.tls = &tlsConfig{
			KeyFile:  config.GetString("tls/key_file", "./etc/key.pem"),
			CertFile: config.GetString("tls/cert_file", "./etc/cert.pem"),
		}
	}

	etcdServers := config.GetStringList("etcd", nil)
	if etcdServers != nil {
		log.Info("etcd servers: %s", etcdServers)
		server.sync = etcd.NewSync(etcdServers)
	}

	server.connectDB()

	schemaFiles := config.GetStringList("schemas", nil)
	if schemaFiles == nil {
		log.Fatal("No schema specified in configuraion")
	} else {
		err = manager.LoadSchemasFromFiles(schemaFiles...)
		if err != nil {
			return nil, fmt.Errorf("invalid schema: %s", err)
		}
	}
	if !config.GetBool("database/no_init", false) {
		server.initDB()
	}

	if config.GetList("database/initial_data", nil) != nil {
		initialDataList := config.GetList("database/initial_data", nil)
		for _, initialData := range initialDataList {
			initialDataConfig := initialData.(map[string]interface{})
			inType := initialDataConfig["type"].(string)
			inConnection := initialDataConfig["connection"].(string)
			log.Info("Importing data from %s ...", inConnection)
			inDB, err := db.ConnectDB(inType, inConnection, db.DefaultMaxOpenConn)
			if err != nil {
				log.Fatal(err)
			}
			db.CopyDBResources(inDB, server.db, false)
		}
	}

	if config.GetBool("keystone/use_keystone", false) {
		//TODO remove this
		if config.GetBool("keystone/fake", false) {
			server.keystoneIdentity = &middleware.FakeIdentity{}
			//TODO(marcin) requests to fake server also get authenticated
			//             we need a separate routing Group
			log.Info("Debug Mode with Fake Keystone Server")
		} else {
			log.Info("Keystone backend server configured")
			server.keystoneIdentity, err = cloud.NewKeystoneIdentity(
				config.GetString("keystone/auth_url", "http://localhost:35357/v3"),
				config.GetString("keystone/user_name", "admin"),
				config.GetString("keystone/password", "password"),
				config.GetString("keystone/domain_name", "Default"),
				config.GetString("keystone/tenant_name", "admin"),
				config.GetString("keystone/version", ""),
			)
			if err != nil {
				log.Fatal(err)
			}
		}
		m.MapTo(server.keystoneIdentity, (*middleware.IdentityService)(nil))
		m.Use(middleware.Authentication())
		//m.Use(Authorization())
	} else {
		m.MapTo(&middleware.NoIdentityService{}, (*middleware.IdentityService)(nil))
		m.Map(schema.NewAuthorization("admin", "admin", "admin_token", []string{"admin"}, nil))
	}

	if err != nil {
		return nil, fmt.Errorf("invalid base dir: %s", err)
	}

	server.addOptionsRoute()
	cors := config.GetString("cors", "")
	if cors != "" {
		log.Info("Enabling CORS for %s", cors)
		if cors == "*" {
			log.Warning("cors for * have security issue")
		}
		server.martini.Use(func(rw http.ResponseWriter, r *http.Request) {
			rw.Header().Add("Access-Control-Allow-Origin", cors)
			rw.Header().Add("Access-Control-Allow-Headers", "X-Auth-Token, Content-Type")
			rw.Header().Add("Access-Control-Expose-Headers", "X-Total-Count")
			rw.Header().Add("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE")
		})
	}

	documentRoot := config.GetString("document_root", "embed")
	if config.GetBool("webui_config/enabled", false) {
		m.Use(func(res http.ResponseWriter, req *http.Request, c martini.Context) {
			if req.URL.Path != "/webui/config.json" {
				c.Next()
				return
			}
			address := config.GetString("webui_config/address", server.address)
			if address[0] == ':' {
				address = "__HOST__" + address
			}
			baseURL := "http://" + address
			authURL := "http://" + address + "/v2.0"
			if config.GetBool("webui_config/tls", config.GetBool("tls/enabled", false)) {
				baseURL = "https://" + address
				authURL = "https://" + address + "/v2.0"
			}
			authURL = config.GetString("webui_config/auth_url", authURL)
			webUIConfig := map[string]interface{}{
				"authUrl": authURL,
				"gohan": map[string]interface{}{
					"schema": "/gohan/v0.1/schemas",
					"url":    baseURL,
				},
			}
			routes.ServeJson(res, webUIConfig)
		})
	}
	if documentRoot == "embed" {
		m.Use(staticbin.Static("public", util.Asset, staticbin.Options{
			SkipLogging: true,
		}))
	} else {
		log.Info("Static file serving from %s", documentRoot)
		documentRootABS, err := filepath.Abs(documentRoot)
		if err != nil {
			return nil, err
		}
		server.martini.Use(martini.Static(documentRootABS, martini.StaticOptions{
			SkipLogging: true,
		}))
	}
	server.mapRoutes()

	maxWorkerCount := config.GetInt("workers", 100)
	server.queue = job.NewQueue(uint(maxWorkerCount))

	return server, nil
}