Add support and documentation for authenticating with the HP public cloud

sharwell · sharwell · commit 751bd64a94a4 · 2014-02-21T13:29:43.000-06:00
diff --git a/src/Documentation/Content/Authentication/HPAuthentication.aml b/src/Documentation/Content/Authentication/HPAuthentication.aml
@@ -0,0 +1,94 @@
+﻿<?xml version="1.0" encoding="utf-8"?>
+<topic id="182a1c50-9b73-4d72-abe3-b3578caedfa6" revisionNumber="1">
+  <developerConceptualDocument
+    xmlns="http://ddue.schemas.microsoft.com/authoring/2003/5"
+    xmlns:xlink="http://www.w3.org/1999/xlink">
+
+    <summary>
+      <para>
+        This page describes the process for authenticating against the HP Public Cloud.
+      </para>
+    </summary>
+
+    <introduction>
+      <para></para>
+    </introduction>
+
+    <section address="UsageNotes">
+      <title>Usage Notes</title>
+      <content>
+        <para>
+          Client authentication against the HP Cloud Identity Service requires the
+          following.
+        </para>
+        <list class="ordered">
+          <listItem>
+            <para>
+              Create an instance of <codeEntityReference>T:net.openstack.Core.Domain.CloudIdentityWithProject</codeEntityReference>
+              and initialize its properties with the desired authentication credentials. The
+              <codeEntityReference>T:net.openstack.Core.Domain.CloudIdentityWithProject</codeEntityReference>
+              credentials class allows the <codeInline>tenantName</codeInline> and <codeInline>tenantId</codeInline>
+              properties described in the HP documentation on <externalLink>
+                <linkText>Scoped Tokens</linkText>
+                <linkUri>http://docs.hpcloud.com/api/identity/#scoped-tokens</linkUri>
+              </externalLink> to be defined.
+            </para>
+            <list class="bullet">
+              <listItem>
+                <para>
+                  To authenticate using access key credentials, specify the access key in the
+                  <codeEntityReference>P:net.openstack.Core.Domain.CloudIdentity.APIKey</codeEntityReference>
+                  property and the secret key in the
+                  <codeEntityReference>P:net.openstack.Core.Domain.CloudIdentity.Password</codeEntityReference>
+                  property.
+                </para>
+              </listItem>
+              <listItem>
+                <para>
+                  To authenticate using a username and password, set the
+                  <codeEntityReference>P:net.openstack.Core.Domain.CloudIdentity.Username</codeEntityReference>
+                  and <codeEntityReference>P:net.openstack.Core.Domain.CloudIdentity.Password</codeEntityReference>
+                  properties, leaving
+                  <codeEntityReference>P:net.openstack.Core.Domain.CloudIdentity.APIKey</codeEntityReference> unset.
+                </para>
+              </listItem>
+            </list>
+          </listItem>
+          <listItem>
+            <para>
+              Create an instance of <codeEntityReference>T:net.openstack.Providers.Hp.HpIdentityProvider</codeEntityReference>,
+              and pass the previously created credentials to the constructor.
+            </para>
+          </listItem>
+          <listItem>
+            <para>
+              When creating a service provider instance, such as <codeEntityReference>T:net.openstack.Providers.Rackspace.CloudFilesProvider</codeEntityReference>,
+              pass <markup>
+                <span class="input">null</span>
+              </markup> for the <codeEntityReference>T:net.openstack.Core.Domain.CloudIdentity</codeEntityReference>
+              parameter and the identity provider from the previous step as the
+              <codeEntityReference>T:net.openstack.Core.Providers.IIdentityProvider</codeEntityReference>
+              parameter.
+            </para>
+          </listItem>
+        </list>
+      </content>
+    </section>
+
+    <section address="Limitations">
+      <title>Limitations</title>
+      <content>
+        <para>
+          The <codeEntityReference>T:net.openstack.Providers.Hp.HpIdentityProvider</codeEntityReference> implementation
+          does not support all API operations implemented by the HP Cloud Identity Service. In addition, the current
+          implementation of this provider uses Identity Service v2 for authentication.
+        </para>
+      </content>
+    </section>
+
+    <relatedTopics>
+      <codeEntityReference>T:net.openstack.Core.Domain.CloudIdentityWithProject</codeEntityReference>
+      <codeEntityReference>T:net.openstack.Providers.Hp.HpIdentityProvider</codeEntityReference>
+    </relatedTopics>
+  </developerConceptualDocument>
+</topic>
diff --git a/src/Documentation/Documentation.v3.5.shfbproj b/src/Documentation/Documentation.v3.5.shfbproj
@@ -133,6 +133,7 @@
   <ItemGroup>
     <None Include="Content\AsynchronousServices.aml" />
     <None Include="Content\Authentication\Authentication.aml" />
+    <None Include="Content\Authentication\HPAuthentication.aml" />
     <None Include="Content\Authentication\OpenStackAuthentication.aml" />
     <None Include="Content\Authentication\RackspaceAuthentication.aml" />
     <None Include="Content\License.aml" />
diff --git a/src/Documentation/Documentation.v4.0.shfbproj b/src/Documentation/Documentation.v4.0.shfbproj
@@ -140,6 +140,7 @@
   <ItemGroup>
     <None Include="Content\AsynchronousServices.aml" />
     <None Include="Content\Authentication\Authentication.aml" />
+    <None Include="Content\Authentication\HPAuthentication.aml" />
     <None Include="Content\Authentication\OpenStackAuthentication.aml" />
     <None Include="Content\Authentication\RackspaceAuthentication.aml" />
     <None Include="Content\License.aml" />
diff --git a/src/Documentation/OpenStackSDK.content b/src/Documentation/OpenStackSDK.content
@@ -19,6 +19,7 @@
   <Topic id="32cc6156-3b31-4450-b209-b55fcfc0a210" visible="True" title="Asynchronous Services" />
   <Topic id="92e2ae00-a53d-4efb-925f-2772495e9b6d" visible="True" isExpanded="true" title="Authentication">
     <Topic id="1bb35d97-0c79-4e98-a2ae-6c1eef098ba7" visible="True" title="OpenStack Authentication" />
+    <Topic id="182a1c50-9b73-4d72-abe3-b3578caedfa6" visible="True" title="HP Authentication" />
     <Topic id="9135e7f8-b287-44ca-9faf-802a50dbad1a" visible="True" title="Rackspace Authentication" />
   </Topic>
 </Topics>
diff --git a/src/corelib/Providers/Hp/HpIdentityProvider.cs b/src/corelib/Providers/Hp/HpIdentityProvider.cs
@@ -0,0 +1,186 @@
+﻿namespace net.openstack.Providers.Hp
+{
+    using System;
+    using net.openstack.Core.Caching;
+    using net.openstack.Core.Domain;
+    using Newtonsoft.Json.Linq;
+    using CloudIdentityProvider = net.openstack.Providers.Rackspace.CloudIdentityProvider;
+    using HttpMethod = JSIStudios.SimpleRESTServices.Client.HttpMethod;
+    using IIdentityProvider = net.openstack.Core.Providers.IIdentityProvider;
+    using IRestService = JSIStudios.SimpleRESTServices.Client.IRestService;
+    using JsonRestServices = JSIStudios.SimpleRESTServices.Client.Json.JsonRestServices;
+
+    /// <summary>
+    /// Provides an implementation of <see cref="IIdentityProvider"/> for operating with
+    /// HP's Cloud Identity product. This provider supports authentication using a username/password
+    /// combination or an access key/secret key combinatiton, and supports scoped tokens
+    /// when credentials are represented with <see cref="CloudIdentityWithProject"/>.
+    /// </summary>
+    /// <seealso href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/">OpenStack Identity Service API v2.0 Reference</seealso>
+    /// <seealso href="http://docs.hpcloud.com/api/identity/">HP Cloud v12.12 Identity Services API</seealso>
+    /// <threadsafety static="true" instance="false"/>
+    /// <preliminary/>
+    public class HpIdentityProvider : CloudIdentityProvider
+    {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="HpIdentityProvider"/> class
+        /// with no default identity, the <see cref="PredefinedHpIdentityEndpoints.Default"/> base URL, and the default REST service
+        /// implementation and token cache.
+        /// </summary>
+        public HpIdentityProvider()
+            : this(PredefinedHpIdentityEndpoints.Default, null, null, null)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="HpIdentityProvider"/> class
+        /// with the specified default identity, the <see cref="PredefinedHpIdentityEndpoints.Default"/> base URL, and the default REST service
+        /// implementation and token cache.
+        /// </summary>
+        /// <param name="defaultIdentity">The default identity to use for calls that do not explicitly specify an identity. If this value is <see langword="null"/>, no default identity is available so all calls must specify an explicit identity.</param>
+        public HpIdentityProvider(CloudIdentity defaultIdentity)
+            : this(PredefinedHpIdentityEndpoints.Default, defaultIdentity, null, null)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="HpIdentityProvider"/> class
+        /// with no default identity, the <see cref="PredefinedHpIdentityEndpoints.Default"/> base URL, and the default REST service
+        /// implementation, and token cache.
+        /// </summary>
+        /// <param name="restService">The implementation of <see cref="IRestService"/> to use for executing REST requests. If this value is <see langword="null"/>, the provider will use a new instance of <see cref="JsonRestServices"/>.</param>
+        /// <param name="tokenCache">The cache to use for caching user access tokens. If this value is <see langword="null"/>, the provider will use <see cref="UserAccessCache.Instance"/>.</param>
+        public HpIdentityProvider(IRestService restService, ICache<UserAccess> tokenCache)
+            : this(PredefinedHpIdentityEndpoints.Default, null, restService, tokenCache)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="HpIdentityProvider"/> class
+        /// using the <see cref="PredefinedHpIdentityEndpoints.Default"/> base URL and provided values.
+        /// </summary>
+        /// <param name="defaultIdentity">The default identity to use for calls that do not explicitly specify an identity. If this value is <see langword="null"/>, no default identity is available so all calls must specify an explicit identity.</param>
+        /// <param name="restService">The implementation of <see cref="IRestService"/> to use for executing REST requests. If this value is <see langword="null"/>, the provider will use a new instance of <see cref="JsonRestServices"/>.</param>
+        /// <param name="tokenCache">The cache to use for caching user access tokens. If this value is <see langword="null"/>, the provider will use <see cref="UserAccessCache.Instance"/>.</param>
+        public HpIdentityProvider(CloudIdentity defaultIdentity, IRestService restService, ICache<UserAccess> tokenCache)
+            : this(PredefinedHpIdentityEndpoints.Default, defaultIdentity, restService, tokenCache)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="HpIdentityProvider"/> class
+        /// with no default identity, the specified base URL, and the default REST service
+        /// implementation and token cache.
+        /// </summary>
+        /// <param name="urlBase">The base URL for the cloud instance. Predefined URLs are available in <see cref="PredefinedHpIdentityEndpoints"/>.</param>
+        /// <exception cref="ArgumentNullException">If <paramref name="urlBase"/> is <see langword="null"/>.</exception>
+        public HpIdentityProvider(Uri urlBase)
+            : this(urlBase, null, null, null)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="HpIdentityProvider"/> class
+        /// with the specified default identity and base URL, and the default REST service
+        /// implementation and token cache.
+        /// </summary>
+        /// <param name="urlBase">The base URL for the cloud instance. Predefined URLs are available in <see cref="PredefinedHpIdentityEndpoints"/>.</param>
+        /// <param name="defaultIdentity">The default identity to use for calls that do not explicitly specify an identity. If this value is <see langword="null"/>, no default identity is available so all calls must specify an explicit identity.</param>
+        /// <exception cref="ArgumentNullException">If <paramref name="urlBase"/> is <see langword="null"/>.</exception>
+        public HpIdentityProvider(Uri urlBase, CloudIdentity defaultIdentity)
+            : this(urlBase, defaultIdentity, null, null)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="HpIdentityProvider"/> class
+        /// with no default identity, and the specified base URL, REST service
+        /// implementation, and token cache.
+        /// </summary>
+        /// <param name="urlBase">The base URL for the cloud instance. Predefined URLs are available in <see cref="PredefinedHpIdentityEndpoints"/>.</param>
+        /// <param name="restService">The implementation of <see cref="IRestService"/> to use for executing REST requests. If this value is <see langword="null"/>, the provider will use a new instance of <see cref="JsonRestServices"/>.</param>
+        /// <param name="tokenCache">The cache to use for caching user access tokens. If this value is <see langword="null"/>, the provider will use <see cref="UserAccessCache.Instance"/>.</param>
+        /// <exception cref="ArgumentNullException">If <paramref name="urlBase"/> is <see langword="null"/>.</exception>
+        public HpIdentityProvider(Uri urlBase, IRestService restService, ICache<UserAccess> tokenCache)
+            : this(urlBase, null, restService, tokenCache)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="HpIdentityProvider"/> class
+        /// using the provided values.
+        /// </summary>
+        /// <param name="urlBase">The base URL for the cloud instance. Predefined URLs are available in <see cref="PredefinedHpIdentityEndpoints"/>.</param>
+        /// <param name="defaultIdentity">The default identity to use for calls that do not explicitly specify an identity. If this value is <see langword="null"/>, no default identity is available so all calls must specify an explicit identity.</param>
+        /// <param name="restService">The implementation of <see cref="IRestService"/> to use for executing REST requests. If this value is <see langword="null"/>, the provider will use a new instance of <see cref="JsonRestServices"/>.</param>
+        /// <param name="tokenCache">The cache to use for caching user access tokens. If this value is <see langword="null"/>, the provider will use <see cref="UserAccessCache.Instance"/>.</param>
+        /// <exception cref="ArgumentNullException">If <paramref name="urlBase"/> is <see langword="null"/>.</exception>
+        public HpIdentityProvider(Uri urlBase, CloudIdentity defaultIdentity, IRestService restService, ICache<UserAccess> tokenCache)
+            : base(defaultIdentity, restService, tokenCache, urlBase)
+        {
+            if (urlBase == null)
+                throw new ArgumentNullException("urlBase");
+        }
+
+        /// <inheritdoc/>
+        public override UserAccess GetUserAccess(CloudIdentity identity, bool forceCacheRefresh = false)
+        {
+            if (identity == null)
+                throw new ArgumentNullException("identity");
+
+            CloudIdentityWithProject identityWithProject = identity as CloudIdentityWithProject;
+            if (identityWithProject == null)
+            {
+                if (identity.GetType() != typeof(CloudIdentity))
+                    throw new NotSupportedException(string.Format("{0} does not support credentials of type {1}", GetType().Name, identity.GetType().Name));
+            }
+
+            Func<UserAccess> refreshCallback =
+                () =>
+                {
+                    JObject credentialsObject;
+                    if (!string.IsNullOrEmpty(identity.APIKey))
+                    {
+                        credentialsObject = new JObject(
+                            new JProperty("apiAccessKeyCredentials", new JObject(
+                                new JProperty("accessKey", identity.APIKey),
+                                new JProperty("secretKey", identity.Password))));
+                    }
+                    else
+                    {
+                        credentialsObject = new JObject(
+                            new JProperty("passwordCredentials", new JObject(
+                                new JProperty("username", identity.Username),
+                                new JProperty("password", identity.Password))));
+                    }
+
+                    JObject authObject = new JObject(credentialsObject);
+                    if (identityWithProject != null && identityWithProject.ProjectId != null)
+                        authObject.Add("tenantId", JToken.FromObject(identityWithProject.ProjectId));
+                    if (identityWithProject != null && !string.IsNullOrEmpty(identityWithProject.ProjectName))
+                        authObject.Add("tenantName", JToken.FromObject(identityWithProject.ProjectName));
+
+                    JObject requestBody = new JObject(
+                        new JProperty("auth", authObject));
+
+                    var response = ExecuteRESTRequest<JObject>(identity, new Uri(UrlBase, "/v2.0/tokens"), HttpMethod.POST, requestBody, isTokenRequest: true);
+                    if (response == null || response.Data == null)
+                        return null;
+
+                    JToken userAccessObject = response.Data["access"];
+                    if (userAccessObject == null)
+                        return null;
+
+                    UserAccess access = userAccessObject.ToObject<UserAccess>();
+                    if (access == null || access.Token == null)
+                        return null;
+
+                    return access;
+                };
+            string key = string.Format("{0}:{1}/{2}/{3}/{4}", UrlBase, identityWithProject != null ? identityWithProject.ProjectId : null, identity.Username, identity.APIKey, identity.Password);
+            var userAccess = TokenCache.Get(key, refreshCallback, forceCacheRefresh);
+
+            return userAccess;
+        }
+    }
+}
diff --git a/src/corelib/Providers/Hp/NamespaceDoc.cs b/src/corelib/Providers/Hp/NamespaceDoc.cs
@@ -0,0 +1,14 @@
+﻿namespace net.openstack.Providers.Hp
+{
+    using System.Runtime.CompilerServices;
+
+    /// <summary>
+    /// The <see cref="net.openstack.Providers.Hp"/> namespaces provide an
+    /// implementation of the core OpenStack interfaces for accessing HP cloud
+    /// products and services, as well as additional HP-specific functionality.
+    /// </summary>
+    [CompilerGenerated]
+    internal class NamespaceDoc
+    {
+    }
+}
diff --git a/src/corelib/Providers/Hp/PredefinedHpIdentityEndpoints.cs b/src/corelib/Providers/Hp/PredefinedHpIdentityEndpoints.cs
@@ -0,0 +1,42 @@
+﻿namespace net.openstack.Providers.Hp
+{
+    using System;
+
+    /// <summary>
+    /// Provides endpoints for the HP Cloud Identity Service.
+    /// </summary>
+    /// <remarks>
+    /// As HP accounts are global, any region can be used for conducting identity
+    /// operations. Choose the region closest to you for improved performance, or
+    /// use <see cref="Default"/> for general API operations.
+    /// </remarks>
+    /// <threadsafety static="true" instance="false"/>
+    /// <preliminary/>
+    public static class PredefinedHpIdentityEndpoints
+    {
+        /// <summary>
+        /// Gets the HP Cloud Identity Service endpoint for the US-West region.
+        /// </summary>
+        /// <remarks>
+        /// As HP accounts are global, any region can be used for conducting identity
+        /// operations. Choose the region closest to you for improved performance, or
+        /// use <see cref="Default"/> for general API operations.
+        /// </remarks>
+        public static readonly Uri UsWest = new Uri("https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0/");
+
+        /// <summary>
+        /// Gets the HP Cloud Identity Service endpoint for the US-East region.
+        /// </summary>
+        /// <remarks>
+        /// As HP accounts are global, any region can be used for conducting identity
+        /// operations. Choose the region closest to you for improved performance, or
+        /// use <see cref="Default"/> for general API operations.
+        /// </remarks>
+        public static readonly Uri UsEast = new Uri("https://region-b.geo-1.identity.hpcloudsvc.com:35357/v2.0/");
+
+        /// <summary>
+        /// Gets the default endpoint for the HP Cloud Identity Service.
+        /// </summary>
+        public static readonly Uri Default = UsEast;
+    }
+}
diff --git a/src/corelib/corelib.v3.5.csproj b/src/corelib/corelib.v3.5.csproj
diff --git a/src/corelib/corelib.v4.0.csproj b/src/corelib/corelib.v4.0.csproj
