//VerifyToken verifies keystone v3.0 token
func (client *keystoneV3Client) VerifyToken(token string) (schema.Authorization, error) {
tokenResult := v3tokens.Get(client.client, token)
_, err := tokenResult.Extract()
if err != nil {
return nil, fmt.Errorf("Invalid token")
}
tokenBody := tokenResult.Body.(map[string]interface{})["token"]
roles := tokenBody.(map[string]interface{})["roles"]
roleIDs := []string{}
for _, roleBody := range roles.([]interface{}) {
roleIDs = append(roleIDs, roleBody.(map[string]interface{})["name"].(string))
}
tokenBodyMap := tokenBody.(map[string]interface{})
project := tokenBodyMap["project"].(map[string]interface{})
tenantID := project["id"].(string)
tenantName := project["name"].(string)
catalogList, ok := tokenBodyMap["catalog"].([]interface{})
catalogObj := []*schema.Catalog{}
if ok {
for _, rawCatalog := range catalogList {
catalog := rawCatalog.(map[string]interface{})
endPoints := []*schema.Endpoint{}
rawEndpoints, ok := catalog["endpoints"].([]interface{})
if ok {
for _, rawEndpoint := range rawEndpoints {
endpoint := rawEndpoint.(map[string]interface{})
endPoints = append(endPoints,
schema.NewEndpoint(endpoint["url"].(string), endpoint["region"].(string), endpoint["interface"].(string)))
}
}
catalogObj = append(catalogObj, schema.NewCatalog(catalog["name"].(string), catalog["type"].(string), endPoints))
}
}
return schema.NewAuthorization(tenantID, tenantName, token, roleIDs, catalogObj), nil
}
//VerifyToken verifies keystone v2.0 token
func (client *keystoneV2Client) VerifyToken(token string) (schema.Authorization, error) {
tokenResult, err := verifyV2Token(client.client, token)
if err != nil {
return nil, fmt.Errorf("Invalid token")
}
fmt.Printf("%v", tokenResult)
tokenBody := tokenResult.(map[string]interface{})["access"]
userBody := tokenBody.(map[string]interface{})["user"]
roles := userBody.(map[string]interface{})["roles"]
roleIDs := []string{}
for _, roleBody := range roles.([]interface{}) {
roleIDs = append(roleIDs, roleBody.(map[string]interface{})["name"].(string))
}
tokenBodyMap := tokenBody.(map[string]interface{})
tenantObj, ok := tokenBodyMap["token"].(map[string]interface{})["tenant"]
if !ok {
return nil, fmt.Errorf("Token is unscoped")
}
tenant := tenantObj.(map[string]interface{})
tenantID := tenant["id"].(string)
tenantName := tenant["name"].(string)
catalogList := tokenBodyMap["serviceCatalog"].([]interface{})
catalogObj := []*schema.Catalog{}
for _, rawCatalog := range catalogList {
catalog := rawCatalog.(map[string]interface{})
endPoints := []*schema.Endpoint{}
rawEndpoints := catalog["endpoints"].([]interface{})
for _, rawEndpoint := range rawEndpoints {
endpoint := rawEndpoint.(map[string]interface{})
region := endpoint["region"].(string)
adminURL, ok := endpoint["adminURL"].(string)
if ok {
endPoints = append(endPoints,
schema.NewEndpoint(adminURL, region, "admin"))
}
internalURL, ok := endpoint["internalURL"].(string)
if ok {
endPoints = append(endPoints,
schema.NewEndpoint(internalURL, region, "internal"))
}
publicURL, ok := endpoint["publicURL"].(string)
if ok {
endPoints = append(endPoints,
schema.NewEndpoint(publicURL, region, "public"))
}
}
catalogObj = append(catalogObj, schema.NewCatalog(catalog["name"].(string), catalog["type"].(string), endPoints))
}
return schema.NewAuthorization(tenantID, tenantName, token, roleIDs, catalogObj), nil
}