File Coverage

line	stmt	bran	cond	sub	pod	time	code
1							#
2							# Copyright (c) 2019 cPanel, L.L.C.
3							# All rights reserved.
4							# http://cpanel.net/
5							#
6							# Distributed under the terms of the MIT license. See the LICENSE file for
7							# further details.
8							#
9							package OpenStack::Client::Auth;
10
11	1			1		13470	use strict;
	1					3
	1					30
12	1			1		5	use warnings;
	1					2
	1					28
13
14	1			1		416	use OpenStack::Client ();
	1					3
	1					171
15
16							=encoding utf8
17
18							=head1 NAME
19
20							OpenStack::Client::Auth - OpenStack Keystone authentication and authorization
21
22							=head1 SYNOPSIS
23
24							use OpenStack::Client::Auth ();
25
26							my $auth = OpenStack::Client::Auth->new('http://openstack.foo.bar:5000/v2.0',
27							'tenant' => $ENV{'OS_TENANT_NAME'},
28							'username' => $ENV{'OS_USERNAME'},
29							'password' => $ENV{'OS_PASSWORD'}
30							);
31
32							# or you can also use API v3
33							$auth = OpenStack::Client::Auth->new(
34							$ENV{OS_AUTH_URL},
35							'username' => $ENV{'OS_USERNAME'},
36							'password' => $ENV{'OS_PASSWORD'},
37							'version' => 3,
38							# provide a scope to get a catalog
39							'scope' => {
40							project => {
41							name => $ENV{'OS_PROJECT_NAME'},
42							domain => { id => 'default' },
43							}
44							}
45							);
46
47							my $glance = $auth->service('image',
48							'region' => $ENV{'OS_REGION_NAME'}
49							);
50
51							=head1 DESCRIPTION
52
53							C provides an interface for obtaining authorization
54							to access other OpenStack cloud services.
55
56							=head1 AUTHORIZING WITH KEYSTONE
57
58							=over
59
60							=item Cnew(I<$endpoint>, I<%args>)>
61
62							Contact the OpenStack Keystone API at the address provided in I<$endpoint>, and
63							obtain an authorization token and set of endpoints for which the client is
64							allowed to access. Credentials are specified in I<%args>; the following named
65							values are required:
66
67							=over
68
69							=item * B
70
71							The OpenStack tenant (project) name
72
73							=item * B
74
75							The OpenStack user name
76
77							=item * B
78
79							The OpenStack password
80
81							=item * B
82
83							The version of the Glance API to negotiate with. Default is C<2.0>, but
84							C<3> is also accepted.
85
86							=item * B
87
88							When negotiating with an Identity v3 endpoint, the information provided here
89							is passed in the B property of the B portion of the request body
90							submitted to the endpoint.
91
92							=item * B
93
94							When negotiating with an Identity v3 endpoint, the name of the domain to
95							authenticate to.
96
97							=back
98
99							When successful, this method will return an object containing the following:
100
101							=over
102
103							=item * response
104
105							The full decoded JSON authorization response from Keystone
106
107							=item * services
108
109							A hash containing services the client has authorization to
110
111							=item * clients
112
113							An initially empty hash that would contain L objects obtained
114							for any requested OpenStack services
115
116							=back
117
118							=cut
119
120							sub new ($$%) {
121	29			29	1	12981	my ($class, $endpoint, %args) = @_;
122
123	29					95	my %CLASSES = (
124							'2.0' => 'OpenStack::Client::Auth::v2',
125							'3' => 'OpenStack::Client::Auth::v3'
126							);
127
128	29	100				87	unless (defined $endpoint) {
129	1					15	die 'No OpenStack authentication endpoint provided';
130							}
131
132	28		100			75	$args{'version'} ||= '2.0';
133
134	28	100				73	unless (defined $CLASSES{$args{'version'}}) {
135	1					11	die "Unsupported Identity endpoint version $args{'version'}";
136							}
137
138	27					43	local $@;
139
140	1	50		1		542	eval qq{
	1			1		3
	1			1		8
	1			1		7
	1			1		2
	1			1		9
	1			1		7
	1			1		2
	1			1		8
	1			1		7
	1			1		2
	1			1		8
	1			1		7
	1			1		3
	1			1		9
	1			1		572
	1			1		4
	1			1		8
	1			1		6
	1			1		2
	1			1		9
	1			1		8
	1			1		2
	1			1		9
	1			1		32
	1			1		4
	1			1		11
	1					7
	1					3
	1					27
	1					8
	1					2
	1					9
	1					8
	1					2
	1					10
	1					8
	1					2
	1					10
	1					7
	1					3
	1					8
	1					8
	1					3
	1					10
	1					7
	1					3
	1					9
	1					7
	1					2
	1					9
	1					8
	1					3
	1					9
	1					8
	1					2
	1					10
	1					7
	1					2
	1					10
	1					8
	1					2
	1					9
	1					7
	1					2
	1					10
	1					7
	1					2
	1					9
	1					7
	1					2
	1					10
	1					7
	1					3
	1					8
	1					7
	1					2
	1					10
	1					7
	1					3
	1					10
	27					1821
141							use $CLASSES{$args{'version'}} ();
142							1;
143							} or die $@;
144
145	27					185	return $CLASSES{$args{'version'}}->new($endpoint, %args);
146							}
147
148							=back
149
150							=head1 RETRIEVING RESPONSE
151
152							=over
153
154							=item C<$auth-Eresponse()>
155
156							Return the full decoded response from the Keystone API.
157
158							=back
159
160							=head1 ACCESSING AUTHORIZATION DATA
161
162							=over
163
164							=item C<$auth-Eaccess()>
165
166							Return the service access data stored in the current object.
167
168							=back
169
170							=head1 ACCESSING TOKEN DATA
171
172							=over
173
174							=item C<$auth-Etoken()>
175
176							Return the authorization token data stored in the current object.
177
178							=back
179
180							=head1 OBTAINING LIST OF SERVICES AUTHORIZED
181
182							=over
183
184							=item C<$auth-Eservices()>
185
186							Return a list of service types the OpenStack user is authorized to access.
187
188							=back
189
190							=head1 ACCESSING SERVICES AUTHORIZED
191
192							=over
193
194							=item C<$auth-Eservice(I<$type>, I<%opts>)>
195
196							Obtain a client to the OpenStack service I<$type>, where I<$type> is usually
197							one of:
198
199							=over
200
201							=item * B
202
203							=item * B
204
205							=item * B
206
207							=item * B
208
209							=item * B
210
211							=item * B
212
213							=back
214
215							The following values may be specified in I<%opts> to help locate the most
216							appropriate endpoint for a given service:
217
218							=over
219
220							=item * B
221
222							When specified, use a specific URI to gain access to a named service endpoint.
223							This might be useful for non-production development or testing scenarios.
224
225							=item * B
226
227							When specified, attempt to obtain a client for the very endpoint indicated by
228							that identifier.
229
230							=item * B
231
232							When specified, attempt to obtain a client for the endpoint for that region.
233							When not specified, the a client for the first endpoint found for service
234							I<$type> is returned instead.
235
236							=item * B
237
238							When specified and set to one of 'public', 'internal' or 'admin', return a
239							client for the corresponding public, internal or admin endpoint. The default
240							endpoint is the public endpoint.
241
242							=back
243
244							=back
245
246							=head1 AUTHOR
247
248							Written by Alexandra Hrefna Maheu
249
250							=head1 COPYRIGHT
251
252							Copyright (c) 2019 cPanel, L.L.C. Released under the terms of the MIT license.
253							See LICENSE for further details.
254
255							=cut
256
257							1;