New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
identity: use AuthOptionsBuilder for v2 auth #2655
base: master
Are you sure you want to change the base?
Conversation
I tried my best not to make an API change here. The unfortunate result is that I do think that my approach to handling the setting of |
Taking advantage of gophercloud/gophercloud#2655, simplify how we can implement Rackspace API key authentication. This allows us to implement just the Rackspace specific bits out of tree but utilize the rest of gophercloud for all other authentication mechanisms.
Taking advantage of gophercloud/gophercloud#2655, simplify how we can implement Rackspace API key authentication. This allows us to implement just the Rackspace specific bits out of tree but utilize the rest of gophercloud for all other authentication mechanisms.
Just wondering if you've had any thoughts on this approach @pierreprinetti ? |
This LGTM but I'll like to see Pierre's review on this one. |
I noticed @mandre marked this as a major semver bump. If that's the case and I'll have to wait for 2.0 for this then would it make more sense to not add a method and instead change the existing one? |
Hoping you've got some feedback here @pierreprinetti |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change looks beautifully done. I have just a couple questions inline.
We will have to test the hell out of this PR when it's ready to merge.
Rather than creating a tokens2.AuthOptions inside the authentication flow for identity v2, allow any structure that implements the tokens2.AuthBuilderOptions interface to be used. The interface is modified to add a CanReauth function like the v3 version has but provides a default implementation. The gophercloud.AuthOptions already implements this interface so there is no change to its API. This will allow an out of tree identity v2 auth mechanism to be implemented, just like the v3. fixes gophercloud#2651. ref gophercloud#1330.
I've opened #3030 as well which performs the same changes in a non |
Thank you for this, and sorry for the time it's taken to get a review. I am not convinced that we need a type assertion, and I would only use that as a last resort. For example: how do you prevent an infinite reauth loop with custom types? One alternative could be embedding and overloading the CanReauth method. Can you please see if this makes sense? diff --git a/openstack/client.go b/openstack/client.go
index dfe5e53e..07cc6d40 100644
--- a/openstack/client.go
+++ b/openstack/client.go
@@ -113,6 +113,12 @@ func AuthenticateV2(ctx context.Context, client *gophercloud.ProviderClient, opt
return v2auth(ctx, client, "", options, eo)
}
+type v2TokenNoReauth struct {
+ tokens2.AuthOptionsBuilder
+}
+
+func (v2TokenNoReauth) CanReauth() bool { return false }
+
func v2auth(ctx context.Context, client *gophercloud.ProviderClient, endpoint string, options tokens2.AuthOptionsBuilder, eo gophercloud.EndpointOpts) error {
v2Client, err := NewIdentityV2(client, eo)
if err != nil {
@@ -143,21 +149,8 @@ func v2auth(ctx context.Context, client *gophercloud.ProviderClient, endpoint st
tac.SetThrowaway(true)
tac.ReauthFunc = nil
tac.SetTokenAndAuthResult(nil)
- var tao tokens2.AuthOptionsBuilder
- switch ot := options.(type) {
- case *gophercloud.AuthOptions:
- o := *ot
- o.AllowReauth = false
- tao = &o
- case *tokens2.AuthOptions:
- o := *ot
- o.AllowReauth = false
- tao = &o
- default:
- tao = options
- }
client.ReauthFunc = func(ctx context.Context) error {
- err := v2auth(ctx, &tac, endpoint, tao, eo)
+ err := v2auth(ctx, &tac, endpoint, &v2TokenNoReauth{options}, eo)
if err != nil {
return err
}
diff --git a/openstack/client_test.go b/openstack/client_test.go
new file mode 100644
index 00000000..68a9fdb0
--- /dev/null
+++ b/openstack/client_test.go
@@ -0,0 +1,5 @@
+package openstack
+
+import tokens2 "github.com/gophercloud/gophercloud/v2/openstack/identity/v2/tokens"
+
+var _ tokens2.AuthOptionsBuilder = &v2TokenNoReauth{} |
Rather than creating a tokens2.AuthOptions inside the authentication flow for identity v2, allow any structure that implements the tokens2.AuthBuilderOptions interface to be used. The interface is modified to add a CanReauth function like the v3 version has but provides a default implementation. The gophercloud.AuthOptions already implements this interface so there is no change to its API. Lastly add an AuthenticateV2Ext function which will allow an out of tree identity v2 auth mechanism to be implemented. fixes #2651. ref #1330.