require 'fog/core' require 'fog/json' module Fog module Baremetal autoload :OpenStack, 'fog/baremetal/openstack' end module Compute autoload :OpenStack, 'fog/compute/openstack' end module ContainerInfra autoload :OpenStack, 'fog/container_infra/openstack' end module DNS autoload :OpenStack, 'fog/dns/openstack' end module Event autoload :OpenStack, 'fog/event/openstack' end module Identity autoload :OpenStack, 'fog/identity/openstack' end module Image autoload :OpenStack, 'fog/image/openstack' end module Introspection autoload :OpenStack, 'fog/introspection/openstack' end module KeyManager autoload :OpenStack, 'fog/key_manager/openstack' end module Metering autoload :OpenStack, 'fog/metering/openstack' end module Metric autoload :OpenStack, 'fog/metric/openstack' end module Monitoring autoload :OpenStack, 'fog/monitoring/openstack' end module Network autoload :OpenStack, 'fog/network/openstack' end module NFV autoload :OpenStack, 'fog/nfv/openstack' end module Orchestration autoload :OpenStack, 'fog/orchestration/openstack' autoload :Util, 'fog/orchestration/util/recursive_hot_file_loader' end module SharedFileSystem autoload :OpenStack, 'fog/shared_file_system/openstack' end module Storage autoload :OpenStack, 'fog/storage/openstack' end module Volume autoload :OpenStack, 'fog/volume/openstack' end module Workflow autoload :OpenStack, 'fog/workflow/openstack' class OpenStack autoload :V2, 'fog/workflow/openstack/v2' end end module OpenStack autoload :VERSION, 'fog/openstack/version' autoload :Core, 'fog/openstack/core' autoload :Errors, 'fog/openstack/errors' autoload :Planning, 'fog/planning/openstack' extend Fog::Provider service(:baremetal, 'Baremetal') service(:compute, 'Compute') service(:container_infra, 'ContainerInfra') service(:dns, 'DNS') service(:event, 'Event') service(:identity, 'Identity') service(:image, 'Image') service(:introspection, 'Introspection') service(:key, 'KeyManager') service(:metering, 'Metering') service(:metric, 'Metric') service(:monitoring, 'Monitoring') service(:network, 'Network') service(:nfv, 'NFV') service(:orchestration, 'Orchestration') service(:planning, 'Planning') service(:shared_file_system, 'SharedFileSystem') service(:storage, 'Storage') service(:volume, 'Volume') service(:workflow, 'Workflow') @token_cache = {} class << self attr_accessor :token_cache end def self.clear_token_cache Fog::OpenStack.token_cache = {} end def self.authenticate(options, connection_options = {}) case options[:openstack_auth_uri].path when /v1(\.\d+)?/ authenticate_v1(options, connection_options) when /v2(\.\d+)?/ authenticate_v2(options, connection_options) when /v3(\.\d+)?/ authenticate_v3(options, connection_options) else authenticate_v2(options, connection_options) end end # legacy v1.0 style auth def self.authenticate_v1(options, connection_options = {}) uri = options[:openstack_auth_uri] connection = Fog::Core::Connection.new(uri.to_s, false, connection_options) @openstack_api_key = options[:openstack_api_key] @openstack_username = options[:openstack_username] response = connection.request({ :expects => [200, 204], :headers => { 'X-Auth-Key' => @openstack_api_key, 'X-Auth-User' => @openstack_username }, :method => 'GET', :path => (uri.path and not uri.path.empty?) ? uri.path : 'v1.0' }) return { :token => response.headers['X-Auth-Token'], :server_management_url => response.headers['X-Server-Management-Url'] || response.headers['X-Storage-Url'], :identity_public_endpoint => response.headers['X-Keystone'] } end # Keystone Style Auth def self.authenticate_v2(options, connection_options = {}) uri = options[:openstack_auth_uri] tenant_name = options[:openstack_tenant] service_type = options[:openstack_service_type] service_name = options[:openstack_service_name] identity_service_type = options[:openstack_identity_service_type] endpoint_type = (options[:openstack_endpoint_type] || 'publicURL').to_s openstack_region = options[:openstack_region] body = retrieve_tokens_v2(options, connection_options) service = get_service(body, service_type, service_name) options[:unscoped_token] = body['access']['token']['id'] unless service unless tenant_name response = Fog::Core::Connection.new( "#{uri.scheme}://#{uri.host}:#{uri.port}/v2.0/tenants", false, connection_options).request({ :expects => [200, 204], :headers => {'Content-Type' => 'application/json', 'Accept' => 'application/json', 'X-Auth-Token' => body['access']['token']['id']}, :method => 'GET' }) body = Fog::JSON.decode(response.body) if body['tenants'].empty? raise Fog::Errors::NotFound.new('No Tenant Found') else options[:openstack_tenant] = body['tenants'].first['name'] end end body = retrieve_tokens_v2(options, connection_options) service = get_service(body, service_type, service_name) end unless service available = body['access']['serviceCatalog'].map { |endpoint| endpoint['type'] }.sort.join ', ' missing = service_type.join ', ' message = "Could not find service #{missing}. Have #{available}" raise Fog::Errors::NotFound, message end service['endpoints'] = service['endpoints'].select do |endpoint| endpoint['region'] == openstack_region end if openstack_region if service['endpoints'].empty? raise Fog::Errors::NotFound.new("No endpoints available for region '#{openstack_region}'") end if openstack_region regions = service["endpoints"].map{ |e| e['region'] }.uniq if regions.count > 1 raise Fog::Errors::NotFound.new("Multiple regions available choose one of these '#{regions.join(',')}'") end identity_service = get_service(body, identity_service_type) if identity_service_type tenant = body['access']['token']['tenant'] user = body['access']['user'] management_url = service['endpoints'].find{|s| s[endpoint_type]}[endpoint_type] identity_url = identity_service['endpoints'].find{|s| s['publicURL']}['publicURL'] if identity_service { :user => user, :tenant => tenant, :identity_public_endpoint => identity_url, :server_management_url => management_url, :token => body['access']['token']['id'], :expires => body['access']['token']['expires'], :current_user_id => body['access']['user']['id'], :unscoped_token => options[:unscoped_token] } end # Keystone Style Auth def self.authenticate_v3(options, connection_options = {}) uri = options[:openstack_auth_uri] project_name = options[:openstack_project_name] service_type = options[:openstack_service_type] service_name = options[:openstack_service_name] identity_service_type = options[:openstack_identity_service_type] endpoint_type = map_endpoint_type(options[:openstack_endpoint_type] || 'publicURL') openstack_region = options[:openstack_region] token, body = retrieve_tokens_v3 options, connection_options service = get_service_v3(body, service_type, service_name, openstack_region, options) options[:unscoped_token] = token unless service unless project_name request_body = { :expects => [200], :headers => {'Content-Type' => 'application/json', 'Accept' => 'application/json', 'X-Auth-Token' => token}, :method => 'GET' } user_id = body['token']['user']['id'] project_uri = uri.clone project_uri.path = uri.path.sub('/auth/tokens', "/users/#{user_id}/projects") project_uri_param = "#{project_uri.scheme}://#{project_uri.host}:#{project_uri.port}#{project_uri.path}" response = Fog::Core::Connection.new(project_uri_param, false, connection_options).request(request_body) projects_body = Fog::JSON.decode(response.body) if projects_body['projects'].empty? options[:openstack_domain_id] = body['token']['user']['domain']['id'] else options[:openstack_project_id] = projects_body['projects'].first['id'] options[:openstack_project_name] = projects_body['projects'].first['name'] options[:openstack_domain_id] = projects_body['projects'].first['domain_id'] end end token, body = retrieve_tokens_v3(options, connection_options) service = get_service_v3(body, service_type, service_name, openstack_region, options) end # If no identity endpoint is found, try the auth uri (slicing /auth/tokens) # It covers the case where identityv3 endpoint is not present in the catalog but we have to use it unless service if service_type.include? "identity" identity_uri = uri.to_s.sub('/auth/tokens', '') response = Fog::Core::Connection.new(identity_uri, false, connection_options).request({:method => 'GET'}) if response.status == 200 service = { "endpoints" => [{ "url" => identity_uri, "region" => openstack_region, "interface" => endpoint_type }], "type" => service_type, "name" => service_name } end end end unless service available_services = body['token']['catalog'].map { |service| service['type'] }.sort.join ', ' available_regions = body['token']['catalog'].map { |service| service['endpoints'].map { |endpoint| endpoint['region'] }.uniq }.uniq.sort.join ', ' missing = service_type.join ', ' message = "Could not find service #{missing}#{(' in region '+openstack_region) if openstack_region}."+ " Have #{available_services}#{(' in regions '+available_regions) if openstack_region}" raise Fog::Errors::NotFound, message end service['endpoints'] = service['endpoints'].select do |endpoint| endpoint['region'] == openstack_region && endpoint['interface'] == endpoint_type end if openstack_region if service['endpoints'].empty? raise Fog::Errors::NotFound.new("No endpoints available for region '#{openstack_region}'") end if openstack_region regions = service["endpoints"].map { |e| e['region'] }.uniq if regions.count > 1 raise Fog::Errors::NotFound.new("Multiple regions available choose one of these '#{regions.join(',')}'") end identity_service = get_service_v3(body, identity_service_type, nil, nil, :openstack_endpoint_path_matches => /\/v3/) if identity_service_type management_url = service['endpoints'].find { |e| e['interface']==endpoint_type }['url'] identity_url = identity_service['endpoints'].find { |e| e['interface']=='public' }['url'] if identity_service if body['token']['project'] tenant = body['token']['project'] elsif body['token']['user']['project'] tenant = body['token']['user']['project'] end return { :user => body['token']['user']['name'], :tenant => tenant, :identity_public_endpoint => identity_url, :server_management_url => management_url, :token => token, :expires => body['token']['expires_at'], :current_user_id => body['token']['user']['id'], :unscoped_token => options[:unscoped_token] } end def self.get_service(body, service_type=[], service_name=nil) if not body['access'].nil? body['access']['serviceCatalog'].find do |s| if service_name.nil? or service_name.empty? service_type.include?(s['type']) else service_type.include?(s['type']) and s['name'] == service_name end end elsif not body['token']['catalog'].nil? body['token']['catalog'].find do |s| if service_name.nil? or service_name.empty? service_type.include?(s['type']) else service_type.include?(s['type']) and s['name'] == service_name end end end end def self.retrieve_tokens_v2(options, connection_options = {}) api_key = options[:openstack_api_key].to_s username = options[:openstack_username].to_s tenant_name = options[:openstack_tenant].to_s auth_token = options[:openstack_auth_token] || options[:unscoped_token] uri = options[:openstack_auth_uri] omit_default_port = options[:openstack_auth_omit_default_port] identity_v2_connection = Fog::Core::Connection.new(uri.to_s, false, connection_options) request_body = {:auth => Hash.new} if auth_token request_body[:auth][:token] = { :id => auth_token } else request_body[:auth][:passwordCredentials] = { :username => username, :password => api_key } end request_body[:auth][:tenantName] = tenant_name if tenant_name request = { :expects => [200, 204], :headers => {'Content-Type' => 'application/json'}, :body => Fog::JSON.encode(request_body), :method => 'POST', :path => (uri.path and not uri.path.empty?) ? uri.path : 'v2.0' } request[:omit_default_port] = omit_default_port unless omit_default_port.nil? response = identity_v2_connection.request(request) Fog::JSON.decode(response.body) end def self.retrieve_tokens_v3(options, connection_options = {}) api_key = options[:openstack_api_key].to_s username = options[:openstack_username].to_s userid = options[:openstack_userid] domain_id = options[:openstack_domain_id] domain_name = options[:openstack_domain_name] project_domain = options[:openstack_project_domain] project_domain_id = options[:openstack_project_domain_id] user_domain = options[:openstack_user_domain] user_domain_id = options[:openstack_user_domain_id] project_name = options[:openstack_project_name] project_id = options[:openstack_project_id] auth_token = options[:openstack_auth_token] || options[:unscoped_token] uri = options[:openstack_auth_uri] omit_default_port = options[:openstack_auth_omit_default_port] cache_ttl = options[:openstack_cache_ttl] || 0 connection = Fog::Core::Connection.new(uri.to_s, false, connection_options) request_body = {:auth => {}} scope = {} if project_name || project_id scope[:project] = if project_id.nil? then if project_domain || project_domain_id {:name => project_name, :domain => project_domain_id.nil? ? {:name => project_domain} : {:id => project_domain_id}} else {:name => project_name, :domain => domain_id.nil? ? {:name => domain_name} : {:id => domain_id}} end else {:id => project_id} end elsif domain_name || domain_id scope[:domain] = domain_id.nil? ? {:name => domain_name} : {:id => domain_id} else # unscoped token end if auth_token request_body[:auth][:identity] = { :methods => %w{token}, :token => { :id => auth_token } } else request_body[:auth][:identity] = { :methods => %w{password}, :password => { :user => { :password => api_key } } } if userid request_body[:auth][:identity][:password][:user][:id] = userid else if user_domain || user_domain_id request_body[:auth][:identity][:password][:user].merge! :domain => user_domain_id.nil? ? {:name => user_domain} : {:id => user_domain_id} elsif domain_name || domain_id request_body[:auth][:identity][:password][:user].merge! :domain => domain_id.nil? ? {:name => domain_name} : {:id => domain_id} end request_body[:auth][:identity][:password][:user][:name] = username end end request_body[:auth][:scope] = scope unless scope.empty? path = (uri.path and not uri.path.empty?) ? uri.path : 'v3' response, expires = Fog::OpenStack.token_cache[{:body => request_body, :path => path}] if cache_ttl > 0 unless response && expires > Time.now request = { :expects => [201], :headers => {'Content-Type' => 'application/json'}, :body => Fog::JSON.encode(request_body), :method => 'POST', :path => path } request[:omit_default_port] = omit_default_port unless omit_default_port.nil? response = connection.request(request) if cache_ttl > 0 cache = Fog::OpenStack.token_cache cache[{:body => request_body, :path => path}] = response, Time.now + cache_ttl Fog::OpenStack.token_cache = cache end end [response.headers["X-Subject-Token"], Fog::JSON.decode(response.body)] end def self.get_service_v3(hash, service_type=[], service_name=nil, region=nil, options={}) # Find all services matching any of the types in service_type, filtered by service_name if it's non-nil services = hash['token']['catalog'].find_all do |s| if service_name.nil? or service_name.empty? service_type.include?(s['type']) else service_type.include?(s['type']) and s['name'] == service_name end end if hash['token']['catalog'] # Filter the found services by region (if specified) and whether the endpoint path matches the given regex (e.g. /\/v3/) services.find do |s| s['endpoints'].any? { |ep| endpoint_region?(ep, region) && endpoint_path_match?(ep, options[:openstack_endpoint_path_matches])} end if services end def self.endpoint_region?(endpoint, region) region.nil? || endpoint['region'] == region end def self.endpoint_path_match?(endpoint, match_regex) match_regex.nil? || URI(endpoint['url']).path =~ match_regex end def self.get_supported_version(supported_versions, uri, auth_token, connection_options = {}) supported_version = get_version(supported_versions, uri, auth_token, connection_options) version = supported_version['id'] if supported_version version_raise(supported_versions) if version.nil? version end def self.get_supported_version_path(supported_versions, uri, auth_token, connection_options = {}) supported_version = get_version(supported_versions, uri, auth_token, connection_options) link = supported_version['links'].find { |l| l['rel'] == 'self' } if supported_version path = URI.parse(link['href']).path if link version_raise(supported_versions) if path.nil? path.chomp '/' end def self.get_supported_microversion(supported_versions, uri, auth_token, connection_options = {}) supported_version = get_version(supported_versions, uri, auth_token, connection_options) supported_version['version'] if supported_version end # CGI.escape, but without special treatment on spaces def self.escape(str, extra_exclude_chars = '') str.gsub(/([^a-zA-Z0-9_.-#{extra_exclude_chars}]+)/) do '%' + $1.unpack('H2' * $1.bytesize).join('%').upcase end end def self.map_endpoint_type type case type when "publicURL" "public" when "internalURL" "internal" when "adminURL" "admin" end end def self.get_version(supported_versions, uri, auth_token, connection_options = {}) version_cache = "#{uri}#{supported_versions}" return @version[version_cache] if @version && @version[version_cache] connection = Fog::Core::Connection.new("#{uri.scheme}://#{uri.host}:#{uri.port}", false, connection_options) response = connection.request( :expects => [200, 204, 300], :headers => {'Content-Type' => 'application/json', 'Accept' => 'application/json', 'X-Auth-Token' => auth_token}, :method => 'GET' ) body = Fog::JSON.decode(response.body) @version = {} unless @version @version[version_cache] = extract_version_from_body(body, supported_versions) end def self.extract_version_from_body(body, supported_versions) return nil if body['versions'].empty? versions = body['versions'].kind_of?(Array) ? body['versions'] : body['versions']['values'] version = nil # order is important, preffered status should be first %w(CURRENT stable SUPPORTED DEPRECATED).each do |status| version = versions.find { |x| x['id'].match(supported_versions) && (x['status'] == status) } break if version end version end def self.version_raise(supported_versions) raise Fog::OpenStack::Errors::ServiceUnavailable, "OpenStack service only supports API versions #{supported_versions.inspect}" end end end