func createAuthenticatedClient(t *testing.T) *gophercloud.ServiceClient {
// Obtain credentials from the environment.
ao, err := openstack.AuthOptionsFromEnv()
th.AssertNoErr(t, err)
// Trim out unused fields.
ao.Username, ao.TenantID, ao.TenantName = "", "", ""
if ao.UserID == "" {
t.Logf("Skipping identity v3 tests because no OS_USERID is present.")
return nil
}
// Create a client and manually authenticate against v3.
providerClient, err := openstack.NewClient(ao.IdentityEndpoint)
if err != nil {
t.Fatalf("Unable to instantiate client: %v", err)
}
err = openstack.AuthenticateV3(providerClient, ao)
if err != nil {
t.Fatalf("Unable to authenticate against identity v3: %v", err)
}
// Create a service client.
return openstack.NewIdentityV3(providerClient)
}
func newClient(t *testing.T) *gophercloud.ServiceClient {
authURL := os.Getenv("OS_AUTH_URL")
username := os.Getenv("OS_USERNAME")
password := os.Getenv("OS_PASSWORD")
tenantName := os.Getenv("OS_TENANT_NAME")
tenantID := os.Getenv("OS_TENANT_ID")
domainName := os.Getenv("OS_DOMAIN_NAME")
regionName := os.Getenv("OS_REGION_NAME")
t.Logf("Credentials used: OS_AUTH_URL='%s' OS_USERNAME='******' OS_PASSWORD='******' OS_TENANT_NAME='%s' OS_TENANT_NAME='%s' OS_REGION_NAME='%s' OS_TENANT_ID='%s' \n",
authURL, username, tenantName, domainName, regionName, tenantID)
client, err := openstack.NewClient(authURL)
th.AssertNoErr(t, err)
ao := gophercloud.AuthOptions{
Username: username,
Password: password,
TenantName: tenantName,
TenantID: tenantID,
DomainName: domainName,
}
err = openstack.AuthenticateV3(client, ao)
th.AssertNoErr(t, err)
t.Logf("Token is %v", client.TokenID)
c, err := openstack.NewImageServiceV2(client, gophercloud.EndpointOpts{
Region: regionName,
})
th.AssertNoErr(t, err)
return c
}
// NewKeystoneClient initilizes a keystone client with the provided configuration.
func NewKeystoneClient(config Config) (KeystoneClient, error) {
opts := config.AuthOptions
provider, err := openstack.AuthenticatedClient(opts)
if err != nil {
return nil, err
}
client := openstack.NewIdentityV3(provider)
// build a closure for ksClient reauthentication
client.ReauthFunc = func() error {
return openstack.AuthenticateV3(client.ProviderClient, opts)
}
return &KeystoneClientImpl{client: client, opts: opts, token: nil, monascaURL: nil}, nil
}
// AuthenticatePassword approves any login attempt which is successfully validated with Keystone
func (a keystonePasswordAuthenticator) AuthenticatePassword(username, password string) (user.Info, bool, error) {
defer func() {
if e := recover(); e != nil {
utilruntime.HandleError(fmt.Errorf("Recovered panic: %v, %s", e, debug.Stack()))
}
}()
// if password is missing, fail authentication immediately
if len(password) == 0 {
return nil, false, nil
}
opts := gophercloud.AuthOptions{
IdentityEndpoint: a.url,
Username: username,
Password: password,
DomainName: a.domainName,
}
// Calling NewClient/Authenticate manually rather than simply calling AuthenticatedClient
// in order to pass in a transport object that supports SSL
client, err := openstack.NewClient(opts.IdentityEndpoint)
if err != nil {
glog.Warningf("Failed: Initializing openstack authentication client: %v", err)
return nil, false, err
}
client.HTTPClient = *a.client
err = openstack.AuthenticateV3(client, opts)
if err != nil {
if responseErr, ok := err.(*gophercloud.UnexpectedResponseCodeError); ok {
if responseErr.Actual == 401 {
return nil, false, nil
}
}
glog.Warningf("Failed: Calling openstack AuthenticateV3: %v", err)
return nil, false, err
}
identity := authapi.NewDefaultUserIdentityInfo(a.providerName, username)
user, err := a.identityMapper.UserFor(identity)
if err != nil {
glog.V(4).Infof("Error creating or updating mapping for: %#v due to %v", identity, err)
return nil, false, err
}
glog.V(4).Infof("Got userIdentityMapping: %#v", user)
return user, true, nil
}
func TestKeystoneClientReauthenticate(t *testing.T) {
// setup
opts := testConfig.AuthOptions
provider, err := openstack.AuthenticatedClient(opts)
assert.NoError(t, err)
client := openstack.NewIdentityV3(provider)
client.TokenID = "someinvalidtoken"
client.ReauthFunc = func() error { return openstack.AuthenticateV3(client.ProviderClient, opts) }
ksClient := &KeystoneClientImpl{client: client, opts: opts, token: validToken, monascaURL: nil}
// do
token, err := ksClient.GetToken()
// assert
assert.NoError(t, err)
assert.Equal(t, token, testToken)
}