Merge pull request #201 from alanquillin/FixUserImpersonation

alanquillin · alanquillin · commit ec85a831470d · 2013-09-25T09:44:54.000-07:00
Fixed bug with user impersonation and added List Endpoints method
diff --git a/src/corelib/Core/Domain/ExtendedEndpoint.cs b/src/corelib/Core/Domain/ExtendedEndpoint.cs
@@ -0,0 +1,37 @@
+using System.Diagnostics;
+using Newtonsoft.Json;
+
+namespace net.openstack.Core.Domain
+{
+    /// <summary>
+    /// Represents an endpoint for a tenant that is returned outside of the <see cref="ServiceCatalog"/>.
+    /// </summary>
+    /// <threadsafety static="true" instance="false"/>
+    /// <seealso href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listEndpointsForToken_v2.0_tokens__tokenId__endpoints_Token_Operations.html">List Token Endpoints (OpenStack Identity Service API v2.0 Reference)</seealso>
+    [JsonObject(MemberSerialization.OptIn)]
+    [DebuggerDisplay("{Name,nq} ({Type,nq})")]
+    public class ExtendedEndpoint : Endpoint
+    {
+        /// <summary>
+        /// Gets the id of the endpoint, which may be a vendor-specific id.
+        /// </summary>
+        /// <seealso href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listEndpointsForToken_v2.0_tokens__tokenId__endpoints_Token_Operations.html">List Token Endpoints (OpenStack Identity Service API v2.0 Reference)</seealso>
+        [JsonProperty("id")]
+        public string Id { get; private set; }
+
+        /// <summary>
+        /// Gets the display name of the service, which may be a vendor-specific
+        /// product name.
+        /// </summary>
+        /// <seealso href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listEndpointsForToken_v2.0_tokens__tokenId__endpoints_Token_Operations.html">List Token Endpoints (OpenStack Identity Service API v2.0 Reference)</seealso>
+        [JsonProperty("name")]
+        public string Name { get; private set; }
+
+        /// <summary>
+        /// Gets the canonical name of the specification implemented by this service.
+        /// </summary>
+        /// <seealso href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listEndpointsForToken_v2.0_tokens__tokenId__endpoints_Token_Operations.html">List Token Endpoint (OpenStack Identity Service API v2.0 Reference)</seealso>
+        [JsonProperty("type")]
+        public string Type { get; private set; }
+    }
+}
diff --git a/src/corelib/Core/Domain/ServiceCatalog.cs b/src/corelib/Core/Domain/ServiceCatalog.cs
@@ -14,6 +14,31 @@ namespace net.openstack.Core.Domain
     [DebuggerDisplay("{Name,nq} ({Type,nq})")]
     public class ServiceCatalog
     {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ServiceCatalog"/> class.
+        /// </summary>
+        /// <remarks>
+        /// This constructor is used by the JSON deserializer.
+        /// </remarks>
+        [JsonConstructor]
+        protected ServiceCatalog()
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="ServiceCatalog"/> class
+        /// with the specified name, username, and endpoints.
+        /// </summary>
+        /// <param name="name">The display name of the service.</param>
+        /// <param name="type">The canonical name of the service.</param>
+        /// <param name="endpoints">A collection of <see cref="Endpoint"/> objects describing the service endpoints.</param>
+        public ServiceCatalog(string name, string type, Endpoint[] endpoints)
+        {
+            Name = name;
+            Type = type;
+            Endpoints = endpoints;
+        }
+
         /// <summary>
         /// Gets the endpoints for the service.
         /// </summary>
diff --git a/src/corelib/Core/Domain/UserAccess.cs b/src/corelib/Core/Domain/UserAccess.cs
@@ -10,6 +10,31 @@ namespace net.openstack.Core.Domain
     [JsonObject(MemberSerialization.OptIn)]
     public class UserAccess
     {
+        /// <summary>
+        /// Initializes a new instance of the <see cref="UserAccess"/> class.
+        /// </summary>
+        /// <remarks>
+        /// This constructor is used by the JSON deserializer.
+        /// </remarks>
+        [JsonConstructor]
+        protected UserAccess()
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="UserAccess"/> class
+        /// with the specified token, user, and service catalog.
+        /// </summary>
+        /// <param name="token">The <see cref="IdentityToken "/>.</param>
+        /// <param name="user">The <see cref="UserDetails"/>.</param>
+        /// <param name="serviceCatalog">List of <see cref="ServiceCatalog"/>s.</param>
+        public UserAccess(IdentityToken token, UserDetails user, ServiceCatalog[] serviceCatalog)
+        {
+            Token = token;
+            User = user;
+            ServiceCatalog = serviceCatalog;
+        }
+
         /// <summary>
         /// Gets the <see cref="IdentityToken"/> which allows providers to make authenticated
         /// calls to API methods.
diff --git a/src/corelib/Core/Providers/IIdentityProvider.cs b/src/corelib/Core/Providers/IIdentityProvider.cs
@@ -268,6 +268,20 @@ public interface IIdentityProvider
         /// <seealso href="">Get User Credentials (OpenStack Identity Service API v2.0 Reference)</seealso>
         UserCredential GetUserCredential(string userId, string credentialKey, CloudIdentity identity = null);
 
+        /// <summary>
+        /// Lists the endpoints associated to a given authentication token.
+        /// </summary>
+        /// <param name="token">The authentication token Id. This is obtained from <see cref="IdentityToken.Id"/></param>
+        /// <param name="identity">The cloud identity to use for this request. If not specified, the default identity for the current provider instance will be used.</param>
+        /// <returns>A collection of <see cref="ExtendedEndpoint"/> objects containing endpoint details.</returns>
+        /// <exception cref="ArgumentNullException">If <paramref name="token"/> is <c>null</c>.</exception>
+        /// <exception cref="ArgumentException">If <paramref name="token"/> is empty.</exception>
+        /// <exception cref="NotSupportedException">If the provider does not support the given <paramref name="identity"/> type.</exception>
+        /// <exception cref="InvalidOperationException">If <paramref name="identity"/> is <c>null</c> and no default identity is available for the provider.</exception>
+        /// <exception cref="ResponseException">If the authentication request failed or the token does not exist.</exception>
+        /// <seealso href="http://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listEndpointsForToken_v2.0_tokens__tokenId__endpoints_Token_Operations.html">List Token Endpoints (OpenStack Identity Service API v2.0 Reference)</seealso>
+        IEnumerable<ExtendedEndpoint> ListEndpoints(string token, CloudIdentity identity = null);
+
         /// <summary>
         /// Gets the default <see cref="CloudIdentity"/> to use for requests from this provider.
         /// If no default identity is available, the value is <c>null</c>.
diff --git a/src/corelib/Providers/Rackspace/CloudIdentityProvider.cs b/src/corelib/Providers/Rackspace/CloudIdentityProvider.cs
@@ -681,6 +681,9 @@ public UserAccess GetUserAccess(CloudIdentity identity, bool forceCacheRefresh =
             if (identity == null)
                 identity = DefaultIdentity;
 
+            if (identity is RackspaceImpersonationIdentity)
+                return Impersonate(identity as RackspaceImpersonationIdentity, forceCacheRefresh);
+
             var rackspaceCloudIdentity = identity as RackspaceCloudIdentity;
 
             if (rackspaceCloudIdentity == null)
@@ -718,25 +721,54 @@ public UserAccess GetUserAccess(CloudIdentity identity, bool forceCacheRefresh =
         /// <exception cref="NotSupportedException">If the provider does not support the given <paramref name="identity"/> type.</exception>
         /// <exception cref="InvalidOperationException">If <paramref name="identity"/> is <c>null</c> and no default identity is available for the provider.</exception>
         /// <exception cref="ResponseException">If the authentication request failed.</exception>
-        public UserAccess Impersonate(RackspaceImpersonationIdentity identity, bool forceCacheRefresh = false)
+        private UserAccess Impersonate(RackspaceImpersonationIdentity identity, bool forceCacheRefresh = false)
         {
             if (identity == null)
                 throw new ArgumentNullException("identity");
 
-            var impToken = _userAccessCache.Get(string.Format("imp/{0}/{1}", identity.UserToImpersonate.Domain, identity.UserToImpersonate.Username), () => {
+            var impToken = _userAccessCache.Get(string.Format("{0}/imp/{1}/{2}", identity.Username, identity.UserToImpersonate.Domain == null ? "none" : identity.UserToImpersonate.Domain.Name, identity.UserToImpersonate.Username), () =>
+            {
                 const string urlPath = "/v2.0/RAX-AUTH/impersonation-tokens";
-                var request = BuildImpersonationRequestJson(urlPath, identity.UserToImpersonate.Username, 600);
-                var response = ExecuteRESTRequest<UserImpersonationResponse>(identity, new Uri(_urlBase, urlPath), HttpMethod.POST, request);
-
+                var request = BuildImpersonationRequestJson(identity.UserToImpersonate.Username, 600);
+                var parentIdentity = new RackspaceCloudIdentity(identity);
+                var response = ExecuteRESTRequest<UserImpersonationResponse>(parentIdentity, new Uri(_urlBase, urlPath), HttpMethod.POST, request);
                 if (response == null || response.Data == null || response.Data.UserAccess == null)
                     return null;
 
-                return response.Data.UserAccess;
+                IdentityToken impersonationToken = response.Data.UserAccess.Token;
+                if (impersonationToken == null)
+                    return null;
+
+                var userAccess = ValidateToken(impersonationToken.Id, identity: parentIdentity);
+                if (userAccess == null)
+                    return null;
+
+                var endpoints = ListEndpoints(impersonationToken.Id, parentIdentity);
+
+                var serviceCatalog = BuildServiceCatalog(endpoints);
+
+                return new UserAccess(userAccess.Token, userAccess.User, serviceCatalog);
             }, forceCacheRefresh);
 
             return impToken;
         }
 
+        private static ServiceCatalog[] BuildServiceCatalog(IEnumerable<ExtendedEndpoint> endpoints)
+        {
+            var serviceCatalog = new List<ServiceCatalog>();
+            var services = endpoints.Select(e => Tuple.Create(e.Type, e.Name)).Distinct();
+
+            foreach (var service in services)
+            {
+                string type = service.Item1;
+                string name = service.Item2;
+                IEnumerable<ExtendedEndpoint> serviceEndpoints = endpoints.Where(endpoint => string.Equals(type, endpoint.Type, StringComparison.OrdinalIgnoreCase) && string.Equals(name, endpoint.Name, StringComparison.OrdinalIgnoreCase));
+                serviceCatalog.Add(new ServiceCatalog(name, type, serviceEndpoints.ToArray()));
+            }
+
+            return serviceCatalog.ToArray();
+        }
+
         /// <inheritdoc/>
         public UserAccess ValidateToken(string token, string tenantId = null, CloudIdentity identity = null)
         {
@@ -759,14 +791,30 @@ public UserAccess ValidateToken(string token, string tenantId = null, CloudIdent
             return response.Data.UserAccess;
         }
 
-        private JObject BuildImpersonationRequestJson(string path, string userName, int expirationInSeconds)
+        /// <inheritdoc/>
+        public IEnumerable<ExtendedEndpoint> ListEndpoints(string token, CloudIdentity identity = null)
+        {
+            if (token == null)
+                throw new ArgumentNullException("token");
+            if (string.IsNullOrEmpty(token))
+                throw new ArgumentException("token cannot be empty");
+
+            var response = ExecuteRESTRequest<ListEndpointsResponse>(identity, new Uri(_urlBase, string.Format("/v2.0/tokens/{0}/endpoints", token)), HttpMethod.GET);
+
+
+            if (response == null || response.Data == null)
+                return null;
+
+            return response.Data.Endpoints;
+        }
+
+        private JObject BuildImpersonationRequestJson(string userName, int expirationInSeconds)
         {
             var request = new JObject();
             var impInfo = new JObject();
             var user = new JObject { { "username", userName }, { "expire-in-seconds", expirationInSeconds } };
             impInfo.Add("user", user);
-            var parts = path.Split('/');
-            request.Add(string.Format("{0}:impersonation", parts[1]), impInfo);
+            request.Add("RAX-AUTH:impersonation", impInfo);
 
             return request;
         }
diff --git a/src/corelib/Providers/Rackspace/Objects/Response/ListEndpointsResponse.cs b/src/corelib/Providers/Rackspace/Objects/Response/ListEndpointsResponse.cs
@@ -0,0 +1,21 @@
+﻿using Newtonsoft.Json;
+using net.openstack.Core.Domain;
+
+namespace net.openstack.Providers.Rackspace.Objects.Response
+{
+    /// <summary>
+    /// This models the JSON response used for the List Endpoints request.
+    /// </summary>
+    /// <seealso href="hhttp://docs.openstack.org/api/openstack-identity-service/2.0/content/GET_listEndpointsForToken_v2.0_tokens__tokenId__endpoints_Token_Operations.html">List Token Endpoints (OpenStack Identity Service API v2.0 Reference)</seealso>
+    /// <threadsafety static="true" instance="false"/>
+    [JsonObject(MemberSerialization.OptIn)]
+    internal class ListEndpointsResponse
+    {
+        /// <summary>
+        /// Gets additional information about the endpoints.
+        /// </summary>
+        /// <seealso cref="UserAccess"/>
+        [JsonProperty("endpoints")]
+        public ExtendedEndpoint[] Endpoints { get; private set; }
+    }
+}
diff --git a/src/corelib/Providers/Rackspace/Objects/Response/UserImpersonationResponse.cs b/src/corelib/Providers/Rackspace/Objects/Response/UserImpersonationResponse.cs
@@ -3,10 +3,41 @@ namespace net.openstack.Providers.Rackspace.Objects.Response
     using net.openstack.Core.Domain;
     using Newtonsoft.Json;
 
+    /// <summary>
+    /// This models the JSON response used for the Impersonate User request.
+    /// </summary>
+    /// <remarks>
+    /// The Impersonate User API is a Rackspace-specific extension to the OpenStack
+    /// Identity Service, and is documented in the Rackspace <strong>Cloud Identity
+    /// Admin Developer Guide - API v2.0</strong>.
+    /// </remarks>
+    /// <threadsafety static="true" instance="false"/>
     [JsonObject(MemberSerialization.OptIn)]
     internal class UserImpersonationResponse
     {
-        [JsonProperty("userAccess")]
-        public UserAccess UserAccess { get; private set; }
+        /// <summary>
+        /// Gets the details for the response.
+        /// </summary>
+        [JsonProperty("access")]
+        public UserImpersonationData UserAccess { get; private set; }
+
+        /// <summary>
+        /// This models the JSON body containing details for the Impersonate User response.
+        /// </summary>
+        /// <threadsafety static="true" instance="false"/>
+        [JsonObject(MemberSerialization.OptIn)]
+        internal class UserImpersonationData
+        {
+            /// <summary>
+            /// Gets the <see cref="IdentityToken"/> which allows providers to make
+            /// impersonated calls to API methods.
+            /// </summary>
+            [JsonProperty("token")]
+            public IdentityToken Token
+            {
+                get;
+                private set;
+            }
+        }
     }
 }
diff --git a/src/corelib/corelib.v3.5.csproj b/src/corelib/corelib.v3.5.csproj
@@ -65,6 +65,7 @@
     <Compile Include="Core\Domain\Converters\SimpleStringJsonConverter`1.cs" />
     <Compile Include="Core\Domain\Converters\IPAddressSimpleConverter.cs" />
     <Compile Include="Core\Domain\DiskConfiguration.cs" />
+    <Compile Include="Core\Domain\ExtendedEndpoint.cs" />
     <Compile Include="Core\Domain\ImageState.cs" />
     <Compile Include="Core\Domain\IPAddressList.cs" />
     <Compile Include="Core\Domain\PowerState.cs" />
@@ -157,6 +158,7 @@
     <Compile Include="Providers\Rackspace\Objects\Request\NamespaceDoc.cs" />
     <Compile Include="Providers\Rackspace\Objects\Request\PasswordCredential.cs" />
     <Compile Include="Providers\Rackspace\Objects\Response\BulkDeleteResponse.cs" />
+    <Compile Include="Providers\Rackspace\Objects\Response\ListEndpointsResponse.cs" />
     <Compile Include="Providers\Rackspace\Objects\Response\MetadataItemResponse.cs" />
     <Compile Include="Providers\Rackspace\Objects\Response\ListVirtualInterfacesResponse.cs" />
     <Compile Include="Providers\Rackspace\Objects\Response\NamespaceDoc.cs" />
diff --git a/src/corelib/corelib.v4.0.csproj b/src/corelib/corelib.v4.0.csproj
@@ -55,6 +55,7 @@
     <Compile Include="Core\Domain\Converters\SimpleStringJsonConverter`1.cs" />
     <Compile Include="Core\Domain\Converters\IPAddressSimpleConverter.cs" />
     <Compile Include="Core\Domain\DiskConfiguration.cs" />
+    <Compile Include="Core\Domain\ExtendedEndpoint.cs" />
     <Compile Include="Core\Domain\ImageState.cs" />
     <Compile Include="Core\Domain\IPAddressList.cs" />
     <Compile Include="Core\Domain\PowerState.cs" />
@@ -147,6 +148,7 @@
     <Compile Include="Providers\Rackspace\Objects\Request\NamespaceDoc.cs" />
     <Compile Include="Providers\Rackspace\Objects\Request\PasswordCredential.cs" />
     <Compile Include="Providers\Rackspace\Objects\Response\BulkDeleteResponse.cs" />
+    <Compile Include="Providers\Rackspace\Objects\Response\ListEndpointsResponse.cs" />
     <Compile Include="Providers\Rackspace\Objects\Response\MetadataItemResponse.cs" />
     <Compile Include="Providers\Rackspace\Objects\Response\ListVirtualInterfacesResponse.cs" />
     <Compile Include="Providers\Rackspace\Objects\Response\NamespaceDoc.cs" />
diff --git a/src/testing/integration/Providers/Rackspace/UserIdentityTests.cs b/src/testing/integration/Providers/Rackspace/UserIdentityTests.cs
@@ -9,6 +9,7 @@
     using net.openstack.Core.Providers;
     using net.openstack.Providers.Rackspace;
     using Newtonsoft.Json;
+    using HttpStatusCode = System.Net.HttpStatusCode;
     using Path = System.IO.Path;
 
     /// <summary>
@@ -84,15 +85,54 @@ public void TestValidateToken()
             Assert.IsNotNull(userAccess.Token);
             Assert.IsNotNull(userAccess.Token.Id);
 
-            UserAccess validated = provider.ValidateToken(userAccess.Token.Id);
-            Assert.IsNotNull(validated);
-            Assert.IsNotNull(validated.Token);
-            Assert.AreEqual(userAccess.Token.Id, validated.Token.Id);
+            try
+            {
+                UserAccess validated = provider.ValidateToken(userAccess.Token.Id);
+                Assert.IsNotNull(validated);
+                Assert.IsNotNull(validated.Token);
+                Assert.AreEqual(userAccess.Token.Id, validated.Token.Id);
+
+                Assert.IsNotNull(validated.User);
+                Assert.AreEqual(userAccess.User.Id, validated.User.Id);
+                Assert.AreEqual(userAccess.User.Name, validated.User.Name);
+                Assert.AreEqual(userAccess.User.DefaultRegion, validated.User.DefaultRegion);
+            }
+            catch (UserNotAuthorizedException ex)
+            {
+                if (ex.Response.StatusCode != HttpStatusCode.Forbidden)
+                    throw;
+
+                Assert.Inconclusive("The service does not allow this user to access the Validate Token API.");
+            }
+        }
 
-            Assert.IsNotNull(validated.User);
-            Assert.AreEqual(userAccess.User.Id, validated.User.Id);
-            Assert.AreEqual(userAccess.User.Name, validated.User.Name);
-            Assert.AreEqual(userAccess.User.DefaultRegion, validated.User.DefaultRegion);
+        /// <summary>
+        /// This method tests the basic functionality of the <see cref="IIdentityProvider.ListEndpoints"/>
+        /// method for an authenticated user.
+        /// </summary>
+        [TestMethod]
+        [TestCategory(TestCategories.User)]
+        [TestCategory(TestCategories.Identity)]
+        public void TestListEndpoints()
+        {
+            IIdentityProvider provider = new CloudIdentityProvider(Bootstrapper.Settings.TestIdentity);
+            UserAccess userAccess = provider.Authenticate();
+            Assert.IsNotNull(userAccess);
+            Assert.IsNotNull(userAccess.Token);
+            Assert.IsNotNull(userAccess.Token.Id);
+
+            try
+            {
+                IEnumerable<ExtendedEndpoint> endpoints = provider.ListEndpoints(userAccess.Token.Id);
+                Console.WriteLine(JsonConvert.SerializeObject(userAccess, Formatting.Indented));
+            }
+            catch (UserNotAuthorizedException ex)
+            {
+                if (ex.Response.StatusCode != HttpStatusCode.Forbidden)
+                    throw;
+
+                Assert.Inconclusive("The service does not allow this user to access the List Endpoints API.");
+            }
         }
 
         [TestMethod]
