// authTokenPost verifies that providing certain AuthOptions and Scope results in an expected JSON structure.
func authTokenPost(t *testing.T, options gophercloud.AuthOptions, scope *tokens.Scope, requestJSON string) {
testhelper.SetupHTTP()
defer testhelper.TeardownHTTP()
client := gophercloud.ServiceClient{
ProviderClient: &gophercloud.ProviderClient{
TokenID: options.TokenID,
},
Endpoint: testhelper.Endpoint(),
}
testhelper.Mux.HandleFunc("/auth/tokens", func(w http.ResponseWriter, r *http.Request) {
testhelper.TestMethod(t, r, "POST")
testhelper.TestHeader(t, r, "Content-Type", "application/json")
testhelper.TestHeader(t, r, "Accept", "application/json")
testhelper.TestJSONRequest(t, r, requestJSON)
w.WriteHeader(http.StatusCreated)
fmt.Fprintf(w, `{
"token": {
"expires_at": "2014-10-02T13:45:00.000000Z"
}
}`)
})
_, err := tokens.Create(&client, AuthOptionsExt{AuthOptions: tokens.AuthOptions{options}, TrustID: "123456"}, scope).Extract()
if err != nil {
t.Errorf("Create returned an error: %v", err)
}
}
func TestGetToken(t *testing.T) {
// Obtain credentials from the environment.
ao, err := openstack.AuthOptionsFromEnv()
if err != nil {
t.Fatalf("Unable to acquire credentials: %v", err)
}
// Trim out unused fields. Skip if we don't have a UserID.
ao.Username, ao.TenantID, ao.TenantName = "", "", ""
if ao.UserID == "" {
t.Logf("Skipping identity v3 tests because no OS_USERID is present.")
return
}
// Create an unauthenticated client.
provider, err := openstack.NewClient(ao.IdentityEndpoint)
if err != nil {
t.Fatalf("Unable to instantiate client: %v", err)
}
// Create a service client.
service := openstack.NewIdentityV3(provider)
// Use the service to create a token.
token, err := tokens3.Create(service, ao, nil).Extract()
if err != nil {
t.Fatalf("Unable to get token: %v", err)
}
t.Logf("Acquired token: %s", token.ID)
}
// generates a brand new Keystone token
func (ksClient *KeystoneClientImpl) newToken() (string, error) {
token, err := tokens.Create(ksClient.client, ksClient.opts, nil).Extract()
if err != nil {
return "", err
}
ksClient.token = token
return token.ID, nil
}
func v3auth(client *gophercloud.ProviderClient, endpoint string, options gophercloud.AuthOptions) error {
// Override the generated service endpoint with the one returned by the version endpoint.
v3Client := NewIdentityV3(client)
if endpoint != "" {
v3Client.Endpoint = endpoint
}
// copy the auth options to a local variable that we can change. `options`
// needs to stay as-is for reauth purposes
v3Options := options
var scope *tokens3.Scope
if options.TenantID != "" {
scope = &tokens3.Scope{
ProjectID: options.TenantID,
}
v3Options.TenantID = ""
v3Options.TenantName = ""
} else {
if options.TenantName != "" {
scope = &tokens3.Scope{
ProjectName: options.TenantName,
DomainID: options.DomainID,
DomainName: options.DomainName,
}
v3Options.TenantName = ""
}
}
result := tokens3.Create(v3Client, v3Options, scope)
token, err := result.ExtractToken()
if err != nil {
return err
}
catalog, err := result.ExtractServiceCatalog()
if err != nil {
return err
}
client.TokenID = token.ID
if options.AllowReauth {
client.ReauthFunc = func() error {
client.TokenID = ""
return v3auth(client, endpoint, options)
}
}
client.EndpointLocator = func(opts gophercloud.EndpointOpts) (string, error) {
return V3EndpointURL(catalog, opts)
}
return nil
}
func v3auth(client *gophercloud.ProviderClient, endpoint string, options gophercloud.AuthOptions) error {
// Override the generated service endpoint with the one returned by the version endpoint.
v3Client := NewIdentityV3(client)
if endpoint != "" {
v3Client.Endpoint = endpoint
}
var scope *tokens3.Scope
if options.TenantID != "" {
scope = &tokens3.Scope{
ProjectID: options.TenantID,
}
options.TenantID = ""
options.TenantName = ""
} else {
if options.TenantName != "" {
scope = &tokens3.Scope{
ProjectName: options.TenantName,
DomainID: options.DomainID,
DomainName: options.DomainName,
}
options.TenantName = ""
}
}
result := tokens3.Create(v3Client, options, scope)
token, err := result.ExtractToken()
if err != nil {
return err
}
catalog, err := result.ExtractServiceCatalog()
if err != nil {
return err
}
client.TokenID = token.ID
if options.AllowReauth {
client.ReauthFunc = func() error {
return AuthenticateV3(client, options)
}
}
client.EndpointLocator = func(opts gophercloud.EndpointOpts) (string, error) {
return V3EndpointURL(catalog, opts)
}
return nil
}
// generates a brand new Keystone token
func (ksClient *KeystoneClientImpl) newToken() (string, error) {
opts := ksClient.opts
var scope *tokens.Scope
if opts.TenantID != "" {
scope = &tokens.Scope{
ProjectID: opts.TenantID,
}
opts.TenantID = ""
opts.TenantName = ""
}
token, err := tokens.Create(ksClient.client, opts, scope).Extract()
if err != nil {
return "", err
}
ksClient.token = token
return token.ID, nil
}
func v3auth(client *gophercloud.ProviderClient, endpoint string, options gophercloud.AuthOptions) error {
// Override the generated service endpoint with the one returned by the version endpoint.
v3Client := NewIdentityV3(client)
if endpoint != "" {
v3Client.Endpoint = endpoint
}
token, err := tokens3.Create(v3Client, options, nil).Extract()
if err != nil {
return err
}
client.TokenID = token.ID
client.EndpointLocator = func(opts gophercloud.EndpointOpts) (string, error) {
return V3EndpointURL(v3Client, opts)
}
return nil
}
func trustv3auth(client *gophercloud.ProviderClient, endpoint string, options AuthOptionsExt) error {
//In case of Trust TokenId would be Provided so we have to populate the value in service client
//to not throw password error,also if it is not provided it will be empty which maintains
//the current implementation.
client.TokenID = options.AuthOptions.TokenID
// Override the generated service endpoint with the one returned by the version endpoint.
v3Client := openstack.NewIdentityV3(client)
if endpoint != "" {
v3Client.Endpoint = endpoint
}
// copy the auth options to a local variable that we can change. `options`
// needs to stay as-is for reauth purposes
v3Options := options
var scope *token3.Scope
result := token3.Create(v3Client, v3Options, scope)
token, err := result.ExtractToken()
if err != nil {
return err
}
catalog, err := result.ExtractServiceCatalog()
if err != nil {
return err
}
client.TokenID = token.ID
if options.AuthOptions.AllowReauth {
client.ReauthFunc = func() error {
client.TokenID = ""
return trustv3auth(client, endpoint, options)
}
}
client.EndpointLocator = func(opts gophercloud.EndpointOpts) (string, error) {
return openstack.V3EndpointURL(catalog, opts)
}
return nil
}
func authTokenPostErr(t *testing.T, options gophercloud.AuthOptions, scope *tokens.Scope, includeToken bool, expectedErr error) {
testhelper.SetupHTTP()
defer testhelper.TeardownHTTP()
client := gophercloud.ServiceClient{
ProviderClient: &gophercloud.ProviderClient{},
Endpoint: testhelper.Endpoint(),
}
if includeToken {
client.TokenID = "abcdef123456"
}
_, err := tokens.Create(&client, AuthOptionsExt{AuthOptions: tokens.AuthOptions{options}, TrustID: "123456"}, scope).Extract()
if err == nil {
t.Errorf("Create did NOT return an error")
}
if err != expectedErr {
t.Errorf("Create returned an unexpected error: wanted %v, got %v", expectedErr, err)
}
}