bump(github.com/rackspace/gophercloud): e00690e87603abe613e9f02c816c7c4bef82e063

vendor/github.com/rackspace/gophercloud/openstack/identity/v3/extensions/trust/request.go

@@ -0,0 +1,83 @@
+package trust
+
+import (
+	"github.com/rackspace/gophercloud"
+	"github.com/rackspace/gophercloud/openstack"
+	token3 "github.com/rackspace/gophercloud/openstack/identity/v3/tokens"
+)
+
+type AuthOptionsExt struct {
+	token3.AuthOptions
+	TrustID string
+}
+
+func (ao AuthOptionsExt) ToAuthOptionsV3Map(c *gophercloud.ServiceClient, scope *token3.Scope) (map[string]interface{}, error) {
+	//Passing scope value to nil to add scope later in this function.
+	authMap, err := ao.AuthOptions.ToAuthOptionsV3Map(c, nil)
+	if err != nil {
+		return nil, err
+	}
+	authMap = authMap["auth"].(map[string]interface{})
+
+	// Add a "scope" element if a Scope has been provided.
+	if ao.TrustID != "" {
+		// TrustID provided.
+		authMap["scope"] = map[string]interface{}{
+			"OS-TRUST:trust": map[string]interface{}{
+				"id": ao.TrustID,
+			},
+		}
+	} else {
+		return nil, token3.ErrScopeEmpty
+	}
+	return map[string]interface{}{"auth": authMap}, nil
+}
+
+// AuthenticateV3 explicitly authenticates against the identity v3 service.
+func AuthenticateV3Trust(client *gophercloud.ProviderClient, options AuthOptionsExt) error {
+	return trustv3auth(client, "", options)
+}
+
+func trustv3auth(client *gophercloud.ProviderClient, endpoint string, options AuthOptionsExt) error {
+	//In case of Trust TokenId would be Provided so we have to populate the value in service client
+	//to not throw password error,also if it is not provided it will be empty which maintains
+	//the current implementation.
+	client.TokenID = options.AuthOptions.TokenID
+	// Override the generated service endpoint with the one returned by the version endpoint.
+	v3Client := openstack.NewIdentityV3(client)
+	if endpoint != "" {
+		v3Client.Endpoint = endpoint
+	}
+
+	// copy the auth options to a local variable that we can change. `options`
+	// needs to stay as-is for reauth purposes
+	v3Options := options
+
+	var scope *token3.Scope
+
+	result := token3.Create(v3Client, v3Options, scope)
+
+	token, err := result.ExtractToken()
+	if err != nil {
+		return err
+	}
+
+	catalog, err := result.ExtractServiceCatalog()
+	if err != nil {
+		return err
+	}
+
+	client.TokenID = token.ID
+
+	if options.AuthOptions.AllowReauth {
+		client.ReauthFunc = func() error {
+			client.TokenID = ""
+			return trustv3auth(client, endpoint, options)
+		}
+	}
+	client.EndpointLocator = func(opts gophercloud.EndpointOpts) (string, error) {
+		return openstack.V3EndpointURL(catalog, opts)
+	}
+
+	return nil
+}

vendor/github.com/rackspace/gophercloud/openstack/identity/v3/tokens/errors.go

@@ -52,8 +52,8 @@ var (
 	// It may also indicate that both a DomainID and a DomainName were provided at once.
 	ErrDomainIDOrDomainName = errors.New("You must provide exactly one of DomainID or DomainName to authenticate by Username")
 
-	// ErrMissingPassword indicates that no password was provided and no token is available.
-	ErrMissingPassword = errors.New("You must provide a password to authenticate")
+	// ErrMissingPassword indicates that no password and no token were provided and no token is available.
+	ErrMissingPassword = errors.New("You must provide a password or a token to authenticate")
 
 	// ErrScopeDomainIDOrDomainName indicates that a domain ID or Name was required in a Scope, but not present.
 	ErrScopeDomainIDOrDomainName = errors.New("You must provide exactly one of DomainID or DomainName in a Scope with ProjectName")

vendor/github.com/rackspace/gophercloud/openstack/identity/v3/tokens/requests.go

@@ -20,155 +20,142 @@ func subjectTokenHeaders(c *gophercloud.ServiceClient, subjectToken string) map[
 	}
 }
 
-// Create authenticates and either generates a new token, or changes the Scope of an existing token.
-func Create(c *gophercloud.ServiceClient, options gophercloud.AuthOptions, scope *Scope) CreateResult {
-	type domainReq struct {
-		ID   *string `json:"id,omitempty"`
-		Name *string `json:"name,omitempty"`
-	}
+// AuthOptionsV3er describes any argument that may be passed to the Create call.
+type AuthOptionsV3er interface {
 
-	type projectReq struct {
-		Domain *domainReq `json:"domain,omitempty"`
-		Name   *string    `json:"name,omitempty"`
-		ID     *string    `json:"id,omitempty"`
-	}
+        // ToTokenCreateMap assembles the Create request body, returning an error if parameters are
+        // missing or inconsistent.
+        ToAuthOptionsV3Map(c *gophercloud.ServiceClient, scope *Scope) (map[string]interface{}, error)
+}
 
-	type userReq struct {
-		ID       *string    `json:"id,omitempty"`
-		Name     *string    `json:"name,omitempty"`
-		Password string     `json:"password"`
-		Domain   *domainReq `json:"domain,omitempty"`
-	}
+// AuthOptions wraps a gophercloud AuthOptions in order to adhere to the AuthOptionsV3er
+// interface.
+type AuthOptions struct {
+        gophercloud.AuthOptions
+}
 
-	type passwordReq struct {
-		User userReq `json:"user"`
-	}
-
-	type tokenReq struct {
-		ID string `json:"id"`
-	}
-
-	type identityReq struct {
-		Methods  []string     `json:"methods"`
-		Password *passwordReq `json:"password,omitempty"`
-		Token    *tokenReq    `json:"token,omitempty"`
-	}
-
-	type scopeReq struct {
-		Domain  *domainReq  `json:"domain,omitempty"`
-		Project *projectReq `json:"project,omitempty"`
-	}
-
-	type authReq struct {
-		Identity identityReq `json:"identity"`
-		Scope    *scopeReq   `json:"scope,omitempty"`
-	}
-
-	type request struct {
-		Auth authReq `json:"auth"`
-	}
+func (options AuthOptions) ToAuthOptionsV3Map(c *gophercloud.ServiceClient, scope *Scope) (map[string]interface{}, error) {
+	// tokens3.Create logic
 
 	// Populate the request structure based on the provided arguments. Create and return an error
 	// if insufficient or incompatible information is present.
-	var req request
+	authMap := make(map[string]interface{})
 
 	// Test first for unrecognized arguments.
 	if options.APIKey != "" {
-		return createErr(ErrAPIKeyProvided)
+		return nil, ErrAPIKeyProvided
 	}
 	if options.TenantID != "" {
-		return createErr(ErrTenantIDProvided)
+		return nil, ErrTenantIDProvided
 	}
 	if options.TenantName != "" {
-		return createErr(ErrTenantNameProvided)
+		return nil, ErrTenantNameProvided
 	}
 
 	if options.Password == "" {
+		if options.TokenID != "" {
+			c.TokenID = options.TokenID
+		}
 		if c.TokenID != "" {
 			// Because we aren't using password authentication, it's an error to also provide any of the user-based authentication
 			// parameters.
 			if options.Username != "" {
-				return createErr(ErrUsernameWithToken)
+				return nil, ErrUsernameWithToken
 			}
 			if options.UserID != "" {
-				return createErr(ErrUserIDWithToken)
-			}
-			if options.DomainID != "" {
-				return createErr(ErrDomainIDWithToken)
-			}
-			if options.DomainName != "" {
-				return createErr(ErrDomainNameWithToken)
+				return nil, ErrUserIDWithToken
 			}
 
 			// Configure the request for Token authentication.
-			req.Auth.Identity.Methods = []string{"token"}
-			req.Auth.Identity.Token = &tokenReq{
-				ID: c.TokenID,
+                        authMap["identity"] = map[string]interface{}{
+                                "methods": []string{"token"},
+                                "token": map[string]interface{}{
+                                        "id": c.TokenID,
+				},
 			}
+
 		} else {
 			// If no password or token ID are available, authentication can't continue.
-			return createErr(ErrMissingPassword)
+			return nil, ErrMissingPassword
 		}
 	} else {
 		// Password authentication.
-		req.Auth.Identity.Methods = []string{"password"}
 
 		// At least one of Username and UserID must be specified.
 		if options.Username == "" && options.UserID == "" {
-			return createErr(ErrUsernameOrUserID)
+			return nil, ErrUsernameOrUserID
 		}
 
 		if options.Username != "" {
 			// If Username is provided, UserID may not be provided.
 			if options.UserID != "" {
-				return createErr(ErrUsernameOrUserID)
+				return nil, ErrUsernameOrUserID
 			}
 
 			// Either DomainID or DomainName must also be specified.
 			if options.DomainID == "" && options.DomainName == "" {
-				return createErr(ErrDomainIDOrDomainName)
+				return nil, ErrDomainIDOrDomainName
 			}
 
 			if options.DomainID != "" {
 				if options.DomainName != "" {
-					return createErr(ErrDomainIDOrDomainName)
+					return nil, ErrDomainIDOrDomainName
 				}
 
 				// Configure the request for Username and Password authentication with a DomainID.
-				req.Auth.Identity.Password = &passwordReq{
-					User: userReq{
-						Name:     &options.Username,
-						Password: options.Password,
-						Domain:   &domainReq{ID: &options.DomainID},
+                                authMap["identity"] = map[string]interface{}{
+					"methods": []string{"password"},
+                                	"password" : map[string]interface{}{
+                                                "user": map[string]interface{}{
+                                                        "name": &options.Username,
+                                                        "password": options.Password,
+                                                        "domain": map[string]interface{}{
+                                                                "id": &options.DomainID,
+                                                        },
+                                                },
 					},
 				}
+
 			}
 
 			if options.DomainName != "" {
 				// Configure the request for Username and Password authentication with a DomainName.
-				req.Auth.Identity.Password = &passwordReq{
-					User: userReq{
-						Name:     &options.Username,
-						Password: options.Password,
-						Domain:   &domainReq{Name: &options.DomainName},
-					},
-				}
+                                authMap["identity"] = map[string]interface{}{
+					"methods": []string{"password"},
+                                        "password": map[string]interface{}{
+                                                 "user": map[string]interface{}{
+                                                         "name": &options.Username,
+                                                         "password": options.Password,
+                                                         "domain": map[string]interface{}{
+                                                                 "name": &options.DomainName,
+                                                         },
+                                                },
+                                         },
+                                 }
+
 			}
 		}
 
 		if options.UserID != "" {
 			// If UserID is specified, neither DomainID nor DomainName may be.
 			if options.DomainID != "" {
-				return createErr(ErrDomainIDWithUserID)
+				return nil, ErrDomainIDWithUserID
 			}
 			if options.DomainName != "" {
-				return createErr(ErrDomainNameWithUserID)
+				return nil, ErrDomainNameWithUserID
 			}
 
 			// Configure the request for UserID and Password authentication.
-			req.Auth.Identity.Password = &passwordReq{
-				User: userReq{ID: &options.UserID, Password: options.Password},
+                        authMap["identity"] = map[string]interface{}{
+				"methods": []string{"password"},
+                                "password" : map[string]interface{}{
+                                        "user": map[string]interface{}{
+                                                "id": &options.UserID,
+                                                "password": options.Password,
+                                        },
+                                },
 			}
+
 		}
 	}
 
@@ -178,64 +165,81 @@ func Create(c *gophercloud.ServiceClient, options gophercloud.AuthOptions, scope
 			// ProjectName provided: either DomainID or DomainName must also be supplied.
 			// ProjectID may not be supplied.
 			if scope.DomainID == "" && scope.DomainName == "" {
-				return createErr(ErrScopeDomainIDOrDomainName)
+				return nil, ErrScopeDomainIDOrDomainName
 			}
 			if scope.ProjectID != "" {
-				return createErr(ErrScopeProjectIDOrProjectName)
+				return nil, ErrScopeProjectIDOrProjectName
 			}
 
 			if scope.DomainID != "" {
 				// ProjectName + DomainID
-				req.Auth.Scope = &scopeReq{
-					Project: &projectReq{
-						Name:   &scope.ProjectName,
-						Domain: &domainReq{ID: &scope.DomainID},
-					},
+                                authMap["scope"] = map[string]interface{}{
+                                        "project": map[string]interface{}{
+                                                "domain": map[string]interface{}{
+                                                        "id": &scope.DomainID,
+                                                        },
+                                                "name": &scope.ProjectName,
+                                        },
 				}
 			}
 
 			if scope.DomainName != "" {
 				// ProjectName + DomainName
-				req.Auth.Scope = &scopeReq{
-					Project: &projectReq{
-						Name:   &scope.ProjectName,
-						Domain: &domainReq{Name: &scope.DomainName},
-					},
+                                authMap["scope"] = map[string]interface{}{
+                                        "project": map[string]interface{}{
+                                                "domain": map[string]interface{}{
+                                                        "name": &scope.DomainName,
+                                                        },
+                                                "name": &scope.ProjectName,
+                                        },
 				}
 			}
 		} else if scope.ProjectID != "" {
 			// ProjectID provided. ProjectName, DomainID, and DomainName may not be provided.
 			if scope.DomainID != "" {
-				return createErr(ErrScopeProjectIDAlone)
+				return nil, ErrScopeProjectIDAlone
 			}
 			if scope.DomainName != "" {
-				return createErr(ErrScopeProjectIDAlone)
+				return nil, ErrScopeProjectIDAlone
 			}
 
 			// ProjectID
-			req.Auth.Scope = &scopeReq{
-				Project: &projectReq{ID: &scope.ProjectID},
+                        authMap["scope"] = map[string]interface{}{
+                                "project": map[string]interface{}{
+                                        "id": &scope.ProjectID,
+                                        },
 			}
 		} else if scope.DomainID != "" {
 			// DomainID provided. ProjectID, ProjectName, and DomainName may not be provided.
 			if scope.DomainName != "" {
-				return createErr(ErrScopeDomainIDOrDomainName)
+				return nil, ErrScopeDomainIDOrDomainName
 			}
 
 			// DomainID
-			req.Auth.Scope = &scopeReq{
-				Domain: &domainReq{ID: &scope.DomainID},
+                        authMap["scope"] = map[string]interface{}{
+                                 "domain": map[string]interface{}{
+                                         "id": &scope.DomainID,
+                                         },
 			}
 		} else if scope.DomainName != "" {
-			return createErr(ErrScopeDomainName)
+			return nil, ErrScopeDomainName
 		} else {
-			return createErr(ErrScopeEmpty)
+			return nil, ErrScopeEmpty
 		}
 	}
+	return map[string]interface{}{"auth": authMap}, nil
+}
+
+// Create authenticates and either generates a new token, or changes the Scope of an existing token.
+func Create(c *gophercloud.ServiceClient, options AuthOptionsV3er, scope *Scope) CreateResult {
+        request, err := options.ToAuthOptionsV3Map(c, scope)
+        if err != nil {
+                return CreateResult{commonResult{gophercloud.Result{Err: err}}}
+        }
 
 	var result CreateResult
 	var response *http.Response
-	response, result.Err = c.Post(tokenURL(c), req, &result.Body, nil)
+	response, result.Err = c.Post(tokenURL(c), request, &result.Body, nil)
 	if result.Err != nil {
 		return result
 	}