File Coverage

line	stmt	bran	cond	sub	pod	time	code
1							#
2							# Copyright (c) 2018 cPanel, L.L.C.
3							# All rights reserved.
4							# http://cpanel.net/
5							#
6							# Distributed under the terms of the MIT license. See the LICENSE file for
7							# further details.
8							#
9							package OpenStack::Client::Auth;
10
11	1			1		13334	use strict;
	1					2
	1					32
12	1			1		5	use warnings;
	1					2
	1					24
13
14	1			1		406	use OpenStack::Client ();
	1					3
	1					177
15
16							=encoding utf8
17
18							=head1 NAME
19
20							OpenStack::Client::Auth - OpenStack Keystone authentication and authorization
21
22							=head1 SYNOPSIS
23
24							use OpenStack::Client::Auth ();
25
26							my $auth = OpenStack::Client::Auth->new('http://openstack.foo.bar:5000/v2.0',
27							'tenant' => $ENV{'OS_TENANT_NAME'},
28							'username' => $ENV{'OS_USERNAME'},
29							'password' => $ENV{'OS_PASSWORD'}
30							);
31
32							my $glance = $auth->service('image',
33							'region' => $ENV{'OS_REGION_NAME'}
34							);
35
36							=head1 DESCRIPTION
37
38							C provides an interface for obtaining authorization
39							to access other OpenStack cloud services.
40
41							=head1 AUTHORIZING WITH KEYSTONE
42
43							=over
44
45							=item Cnew(I<$endpoint>, I<%args>)>
46
47							Contact the OpenStack Keystone API at the address provided in I<$endpoint>, and
48							obtain an authorization token and set of endpoints for which the client is
49							allowed to access. Credentials are specified in I<%args>; the following named
50							values are required:
51
52							=over
53
54							=item * B
55
56							The OpenStack tenant (project) name
57
58							=item * B
59
60							The OpenStack user name
61
62							=item * B
63
64							The OpenStack password
65
66							=item * B
67
68							The version of the Glance API to negotiate with. Default is C<2.0>, but
69							C<3> is also accepted.
70
71							=item * B
72
73							When negotiating with an Identity v3 endpoint, the information provided here
74							is passed in the B property of the B portion of the request body
75							submitted to the endpoint.
76
77							=item * B
78
79							When negotiating with an Identity v3 endpoint, the name of the domain to
80							authenticate to.
81
82							=back
83
84							When successful, this method will return an object containing the following:
85
86							=over
87
88							=item * response
89
90							The full decoded JSON authorization response from Keystone
91
92							=item * services
93
94							A hash containing services the client has authorization to
95
96							=item * clients
97
98							An initially empty hash that would contain L objects obtained
99							for any requested OpenStack services
100
101							=back
102
103							=cut
104
105							sub new ($$%) {
106	31			31	1	13619	my ($class, $endpoint, %args) = @_;
107
108	31					105	my %CLASSES = (
109							'2.0' => 'OpenStack::Client::Auth::v2',
110							'3' => 'OpenStack::Client::Auth::v3'
111							);
112
113	31	100				91	unless (defined $endpoint) {
114	1					17	die 'No OpenStack authentication endpoint provided';
115							}
116
117	30		100			82	$args{'version'} ||= '2.0';
118
119	30	100				81	unless (defined $CLASSES{$args{'version'}}) {
120	1					10	die "Unsupported Identity endpoint version $args{'version'}";
121							}
122
123	29					45	local $@;
124
125	1	50		1		536	eval qq{
	1			1		3
	1			1		9
	1			1		7
	1			1		2
	1			1		8
	1			1		9
	1			1		2
	1			1		9
	1			1		6
	1			1		3
	1			1		9
	1			1		7
	1			1		2
	1			1		8
	1			1		7
	1			1		2
	1			1		10
	1			1		532
	1			1		3
	1			1		8
	1			1		6
	1			1		2
	1			1		9
	1			1		7
	1			1		3
	1			1		8
	1			1		15
	1			1		2
	1					10
	1					7
	1					2
	1					9
	1					7
	1					2
	1					9
	1					8
	1					2
	1					9
	1					7
	1					2
	1					9
	1					7
	1					2
	1					9
	1					7
	1					3
	1					9
	1					11
	1					2
	1					10
	1					7
	1					3
	1					10
	1					7
	1					3
	1					8
	1					7
	1					6
	1					9
	1					7
	1					3
	1					8
	1					14
	1					2
	1					9
	1					8
	1					2
	1					9
	1					7
	1					3
	1					9
	1					7
	1					2
	1					9
	1					7
	1					2
	1					10
	1					7
	1					2
	1					9
	1					12
	1					3
	1					8
	1					7
	1					2
	1					8
	29					2048
126							use $CLASSES{$args{'version'}} ();
127							1;
128							} or die $@;
129
130	29					187	return $CLASSES{$args{'version'}}->new($endpoint, %args);
131							}
132
133							=back
134
135							=head1 RETRIEVING RESPONSE
136
137							=over
138
139							=item C<$auth-Eresponse()>
140
141							Return the full decoded response from the Keystone API.
142
143							=back
144
145							=head1 ACCESSING AUTHORIZATION DATA
146
147							=over
148
149							=item C<$auth-Eaccess()>
150
151							Return the service access data stored in the current object.
152
153							=back
154
155							=head1 ACCESSING TOKEN DATA
156
157							=over
158
159							=item C<$auth-Etoken()>
160
161							Return the authorization token data stored in the current object.
162
163							=back
164
165							=head1 OBTAINING LIST OF SERVICES AUTHORIZED
166
167							=over
168
169							=item C<$auth-Eservices()>
170
171							Return a list of service types the OpenStack user is authorized to access.
172
173							=back
174
175							=head1 ACCESSING SERVICES AUTHORIZED
176
177							=over
178
179							=item C<$auth-Eservice(I<$type>, I<%opts>)>
180
181							Obtain a client to the OpenStack service I<$type>, where I<$type> is usually
182							one of:
183
184							=over
185
186							=item * B
187
188							=item * B
189
190							=item * B
191
192							=item * B
193
194							=item * B
195
196							=item * B
197
198							=back
199
200							The following values may be specified in I<%opts> to help locate the most
201							appropriate endpoint for a given service:
202
203							=over
204
205							=item * B
206
207							When specified, use a specific URI to gain access to a named service endpoint.
208							This might be useful for non-production development or testing scenarios.
209
210							=item * B
211
212							When specified, attempt to obtain a client for the very endpoint indicated by
213							that identifier.
214
215							=item * B
216
217							When specified, attempt to obtain a client for the endpoint for that region.
218							When not specified, the a client for the first endpoint found for service
219							I<$type> is returned instead.
220
221							=item * B
222
223							When specified and set to one of 'public', 'internal' or 'admin', return a
224							client for the corresponding public, internal or admin endpoint. The default
225							endpoint is the public endpoint.
226
227							=back
228
229							=back
230
231							=head1 AUTHOR
232
233							Written by Alexandra Hrefna Hilmisdóttir
234
235							=head1 COPYRIGHT
236
237							Copyright (c) 2018 cPanel, L.L.C. Released under the terms of the MIT license.
238							See LICENSE for further details.
239
240							=cut
241
242							1;