Repository: jclouds Updated Branches: refs/heads/keystonev3 a33665685 -> 1a71e3cbf
Support domain and project scopes Project: http://git-wip-us.apache.org/repos/asf/jclouds/repo Commit: http://git-wip-us.apache.org/repos/asf/jclouds/commit/1a71e3cb Tree: http://git-wip-us.apache.org/repos/asf/jclouds/tree/1a71e3cb Diff: http://git-wip-us.apache.org/repos/asf/jclouds/diff/1a71e3cb Branch: refs/heads/keystonev3 Commit: 1a71e3cbfd62929ad972709c396d496523ceb13a Parents: a336656 Author: Ignasi Barrera <[email protected]> Authored: Wed Dec 20 16:48:34 2017 +0100 Committer: Ignasi Barrera <[email protected]> Committed: Wed Dec 20 16:48:34 2017 +0100 ---------------------------------------------------------------------- .../auth/domain/TenantAndCredentials.java | 4 +- .../auth/functions/BaseAuthenticator.java | 8 +-- .../keystone/config/KeystoneProperties.java | 20 ++++---- .../v3/binders/BindAuthToJsonPayload.java | 18 ++++++- .../openstack/keystone/v3/domain/Auth.java | 51 +++++++++++++++----- 5 files changed, 70 insertions(+), 31 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/jclouds/blob/1a71e3cb/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/domain/TenantAndCredentials.java ---------------------------------------------------------------------- diff --git a/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/domain/TenantAndCredentials.java b/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/domain/TenantAndCredentials.java index caac935..2b5db82 100644 --- a/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/domain/TenantAndCredentials.java +++ b/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/domain/TenantAndCredentials.java @@ -29,7 +29,7 @@ public abstract class TenantAndCredentials<T> { @Nullable public abstract String tenantId(); @Nullable public abstract String tenantName(); - @Nullable public abstract String projectId(); + @Nullable public abstract String scope(); public abstract T credentials(); TenantAndCredentials() { @@ -44,7 +44,7 @@ public abstract class TenantAndCredentials<T> { public abstract static class Builder<T> { public abstract Builder<T> tenantId(String tenantId); public abstract Builder<T> tenantName(String tenantName); - public abstract Builder<T> projectId(String projectId); + public abstract Builder<T> scope(String scope); public abstract Builder<T> credentials(T credentials); public abstract TenantAndCredentials<T> build(); http://git-wip-us.apache.org/repos/asf/jclouds/blob/1a71e3cb/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/functions/BaseAuthenticator.java ---------------------------------------------------------------------- diff --git a/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/functions/BaseAuthenticator.java b/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/functions/BaseAuthenticator.java index 7d07da4..3e53cc0 100644 --- a/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/functions/BaseAuthenticator.java +++ b/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/auth/functions/BaseAuthenticator.java @@ -17,8 +17,8 @@ package org.jclouds.openstack.keystone.auth.functions; import static com.google.common.base.Preconditions.checkState; -import static org.jclouds.openstack.keystone.config.KeystoneProperties.PROJECT_ID; import static org.jclouds.openstack.keystone.config.KeystoneProperties.REQUIRES_TENANT; +import static org.jclouds.openstack.keystone.config.KeystoneProperties.SCOPE; import static org.jclouds.openstack.keystone.config.KeystoneProperties.TENANT_ID; import static org.jclouds.openstack.keystone.config.KeystoneProperties.TENANT_NAME; @@ -52,8 +52,8 @@ public abstract class BaseAuthenticator<C> implements Function<Credentials, Auth protected boolean requiresTenant; @Inject(optional = true) - @Named(PROJECT_ID) - protected String projectId; + @Named(SCOPE) + protected String scope; @PostConstruct public void checkPropertiesAreCompatible() { @@ -81,7 +81,7 @@ public abstract class BaseAuthenticator<C> implements Function<Credentials, Auth C creds = createCredentials(usernameOrAccessKey, passwordOrSecretKeyOrToken); TenantAndCredentials<C> credsWithTenant = TenantAndCredentials.<C> builder().tenantId(defaultTenantId) - .tenantName(tenantName).projectId(projectId).credentials(creds).build(); + .tenantName(tenantName).scope(scope).credentials(creds).build(); return authenticate(credsWithTenant); } http://git-wip-us.apache.org/repos/asf/jclouds/blob/1a71e3cb/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/config/KeystoneProperties.java ---------------------------------------------------------------------- diff --git a/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/config/KeystoneProperties.java b/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/config/KeystoneProperties.java index 177bd92..bab41a4 100644 --- a/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/config/KeystoneProperties.java +++ b/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/config/KeystoneProperties.java @@ -67,20 +67,18 @@ public final class KeystoneProperties { public static final String REQUIRES_TENANT = "jclouds.keystone.requires-tenant"; /** - * set this property to specify the authentication must be scoped to the project. - * - * @see <a href="http://wiki.openstack.org/CLIAuth";>openstack docs</a> - */ - @SinceApiVersion("3") - public static final String SCOPED_AUTH = "jclouds.keystone.scoped-auth"; - - /** - * set this property to specify project id to sue for scoped authentication. + * set this property to specify for scoped authentication. * <p> - * if not present, jclouds will automatically scope the authentication to the current user's project + * The format is one of the following: + * <ul> + * <li>project:<project-id></li> + * <li>domain:<domain-name></li> + * <li></li> + * </ul> + * For example: <code>project:457841231597451534</code> */ @SinceApiVersion("3") - public static final String PROJECT_ID = "jclouds.keystone.project-id"; + public static final String SCOPE = "jclouds.keystone.scope"; /** * type of the keystone service. ex. {@code compute} http://git-wip-us.apache.org/repos/asf/jclouds/blob/1a71e3cb/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v3/binders/BindAuthToJsonPayload.java ---------------------------------------------------------------------- diff --git a/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v3/binders/BindAuthToJsonPayload.java b/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v3/binders/BindAuthToJsonPayload.java index 84f754f..a5d0367 100644 --- a/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v3/binders/BindAuthToJsonPayload.java +++ b/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v3/binders/BindAuthToJsonPayload.java @@ -20,14 +20,20 @@ import static com.google.common.base.Preconditions.checkArgument; import static com.google.common.base.Preconditions.checkNotNull; import static com.google.common.base.Predicates.instanceOf; import static com.google.common.collect.Iterables.tryFind; +import static org.jclouds.openstack.keystone.v3.domain.Auth.Scope.DOMAIN; +import static org.jclouds.openstack.keystone.v3.domain.Auth.Scope.PROJECT; import java.util.Map; import org.jclouds.http.HttpRequest; +import org.jclouds.javax.annotation.Nullable; import org.jclouds.json.Json; import org.jclouds.openstack.keystone.auth.domain.TenantAndCredentials; import org.jclouds.openstack.keystone.v3.domain.Auth; +import org.jclouds.openstack.keystone.v3.domain.Auth.Domain; +import org.jclouds.openstack.keystone.v3.domain.Auth.DomainScope; import org.jclouds.openstack.keystone.v3.domain.Auth.Id; +import org.jclouds.openstack.keystone.v3.domain.Auth.ProjectScope; import org.jclouds.openstack.keystone.v3.domain.Auth.Scope; import org.jclouds.rest.MapBinder; import org.jclouds.rest.binders.BindToJsonPayload; @@ -56,7 +62,7 @@ public abstract class BindAuthToJsonPayload<T> extends BindToJsonPayload impleme @SuppressWarnings("unchecked") TenantAndCredentials<T> credentials = (TenantAndCredentials<T>) authentication.get(); - Scope scope = credentials.projectId() == null ? null : Scope.create(Id.create(credentials.projectId())); + Scope scope = parseScope(credentials.scope()); Auth auth = buildAuth(credentials, scope); R authRequest = super.bindToRequest(request, ImmutableMap.of("auth", auth)); @@ -64,5 +70,15 @@ public abstract class BindAuthToJsonPayload<T> extends BindToJsonPayload impleme return authRequest; } + + private Scope parseScope(@Nullable String input) { + if (input == null) return null; + String[] parts = input.split(":"); + checkArgument(parts.length == 2, "Invalid scope: %s", input); + checkArgument(PROJECT.equals(parts[0]) || DOMAIN.equals(parts[0]), "Scope prefix should be '%s' or '%s'", + PROJECT, DOMAIN); + return PROJECT.equals(parts[0]) ? ProjectScope.create(Id.create(parts[1])) : DomainScope.create(Domain + .create(parts[1])); + } } http://git-wip-us.apache.org/repos/asf/jclouds/blob/1a71e3cb/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v3/domain/Auth.java ---------------------------------------------------------------------- diff --git a/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v3/domain/Auth.java b/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v3/domain/Auth.java index aece0aa..ef6b795 100644 --- a/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v3/domain/Auth.java +++ b/apis/openstack-keystone/src/main/java/org/jclouds/openstack/keystone/v3/domain/Auth.java @@ -34,16 +34,6 @@ public abstract class Auth { } @AutoValue - public abstract static class Id { - public abstract String id(); - - @SerializedNames({ "id" }) - public static Id create(String id) { - return new AutoValue_Auth_Id(id); - } - } - - @AutoValue public abstract static class Identity { public abstract List<String> methods(); @Nullable public abstract Id token(); @@ -86,14 +76,49 @@ public abstract class Auth { } } } + + @AutoValue + public abstract static class Id { + public abstract String id(); + + @SerializedNames({ "id" }) + public static Id create(String id) { + return new AutoValue_Auth_Id(id); + } + } + + @AutoValue + public abstract static class Domain { + @Nullable public abstract String name(); + + @SerializedNames({ "name" }) + public static Domain create(String name) { + return new AutoValue_Auth_Domain(name); + } + } + + public static interface Scope { + public static final String PROJECT = "project"; + public static final String DOMAIN = "domain"; + } @AutoValue - public abstract static class Scope { + public abstract static class ProjectScope implements Scope { public abstract Id project(); @SerializedNames({ "project" }) - public static Scope create(Id id) { - return new AutoValue_Auth_Scope(id); + public static ProjectScope create(Id id) { + return new AutoValue_Auth_ProjectScope(id); + } + } + + @AutoValue + public abstract static class DomainScope implements Scope { + public abstract Domain domain(); + + @SerializedNames({ "domain" }) + public static DomainScope create(Domain domain) { + return new AutoValue_Auth_DomainScope(domain); } } }
