OpenstackIdentity
This gem provides a really simple way to authenticate against the OpenStack Identity service using OmniAuth.
It should be considered alpha quality at this point, with little to no tests in place.
Installation
Add this line to your application's Gemfile:
gem 'omniauth-openstack-identity'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-openstack-identity
Usage
This gem supports both version 2 & version 3 of the Keystone API. You can use version 2, version 3 or both.
Assuming you are using a Rails application, add the requisite provider(s) to your omniauth.rb file like so:
Rails.application.config.middleware.use OmniAuth::Builder do
...
provider :developer unless Rails.env.production?
# Identity v2 endpoint will look like this: http://10.10.10.10:5000/v2.0
provider :openstack_identity_v2, "<identity v2 endpoint>"
# Identity v3 endpoint will look like this: http://10.10.10.10:5000/v3
provider :openstack_identity_v3, "<identity v3 endpoint>"
...
end
Assuming a Sinatra app, add the requisite provider(s) inline like so:
require 'omniauth-openstack-identity'
use OmniAuth::Strategies::OpenstackIdentityV2, "<identity v2 endpoint>"
use OmniAuth::Strategies::OpenstackIdentityV3, "<identity v3 endpoint>"
Authentication Options
Identity/Keystone Version 2
Option 1 - Unscoped token via Username+Password
-
Input: Username: demo Password: password
-
Output: { "access":{ "token":{ "issued_at":"2014-06-23T21:38:16.239131", "expires":"2014-06-24T21:38:16Z", "id":"MIIC7wYJKoZIhvcNAQcCoIIC4DCCAtwCAQExCTAHBgUrDgMCGjCCAUUGCSqGSIb3DQEHAaCCATYEggEyeyJhY2Nlc3MiOiB7InRva2VuIjogeyJpc3N1ZWRfYXQiOiAiMjAxNC0wNi0yM1QyMTozODoxNi4yMzkxMzEiLCAiZXhwaXJlcyI6ICIyMDE0LTA2LTI0VDIxOjM4OjE2WiIsICJpZCI6ICJwbGFjZWhvbGRlciJ9LCAic2VydmljZUNhdGFsb2ciOiBbXSwgInVzZXIiOiB7InVzZXJuYW1lIjogImRlbW8iLCAicm9sZXNfbGlua3MiOiBbXSwgImlkIjogImE1ZjkwMGEwYTgyZDRiNjZhZTM3MDQ5NmU2NWY3MWMxIiwgInJvbGVzIjogW10sICJuYW1lIjogImRlbW8ifSwgIm1ldGFkYXRhIjogeyJpc19hZG1pbiI6IDAsICJyb2xlcyI6IFtdfX19MYIBgTCCAX0CAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tAgEBMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUABIIBAHPbhW7hiw5+CMOL0+5cc7zvLASY-kaWmdfhoBL1Cb5lgQsaBAFGObFJeH4bNJyiTR6c0IT93cvlN-DluGXZ-6DREGVlKUe9V9i-z+6XqGnnhJ4KwOeZoGPOwc2Vjh+NOlYw3c59DaDhWRL92DxhEgtuQK7ktrrNLEJ-kVyBqljHxgSNSkS7yev1kwwnYd26wg1--1jajzul5lHxzXXgEfvC9diKgXe9kOJTBTIy-lpH4zVYyTJpZFNRR9B7WpOrc+dt8QZdbHjCF3fKweUMFJTnjwtduYzm4-qqxizwOJXOqUEWdksRdxVDhslql1LhqBirLXcGyshYwAWxKtvZuBM=" }, "serviceCatalog":[ ], "user":{ "username":"demo", "roles_links":[ ], "id":"a5f900a0a82d4b66ae370496e65f71c1", "roles":[ ], "name":"demo" }, "metadata":{ "is_admin":0, "roles":[ ] } } }
Identity/Keystone Version 3
Option 1 - Unscoped token via Username+Password
-
Input: Username: demo Password: password
-
Output: { "token":{ "issued_at":"2014-06-23T21:42:04.858746Z", "extras":{ }, "methods":[ "password" ], "expires_at":"2014-06-24T21:42:04.858696Z", "user":{ "domain":{ "id":"default", "name":"Default" }, "id":"a5f900a0a82d4b66ae370496e65f71c1", "name":"demo" } } }
Auth Hash Schema
The following information is provided back to you for this provider:
{
uid: user_id # user ID from api response
info: {
},
credentials: {
username: username,
secret: password,
token: auth_token # from Keystone
},
extra: { raw_info: full_raw_api_response (from Keystone) }
}
Contributing
- Fork it ( https://github.com/[my-github-username]/omniauth-openstack-identity/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request