1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
/*-
* ============LICENSE_START=======================================================
* ONAP - SO
* ================================================================================
* Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.so.cloud.authentication;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.function.Predicate;
import org.onap.so.config.beans.PoConfig;
import org.onap.so.db.catalog.beans.CloudIdentity;
import org.onap.so.db.catalog.beans.CloudSite;
import org.onap.so.openstack.exceptions.MsoException;
import org.onap.so.openstack.utils.MsoTenantUtils;
import org.onap.so.openstack.utils.MsoTenantUtilsFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.woorea.openstack.base.client.OpenStackConnectException;
import com.woorea.openstack.base.client.OpenStackRequest;
import com.woorea.openstack.base.client.OpenStackResponse;
import com.woorea.openstack.base.client.OpenStackResponseException;
import com.woorea.openstack.keystone.v3.Keystone;
import com.woorea.openstack.keystone.v3.model.Authentication;
import com.woorea.openstack.keystone.v3.model.Token;
import com.woorea.openstack.keystone.v3.model.Token.Service;
import net.jodah.failsafe.Failsafe;
import net.jodah.failsafe.RetryPolicy;
@Component
public class KeystoneV3Authentication {
@Autowired
private AuthenticationMethodFactory authenticationMethodFactory;
@Autowired
private MsoTenantUtilsFactory tenantUtilsFactory;
@Autowired
private PoConfig poConfig;
public KeystoneAuthHolder getToken(CloudSite cloudSite, String tenantId, String type) throws MsoException {
String cloudId = cloudSite.getId();
String region = cloudSite.getRegionId();
CloudIdentity cloudIdentity = cloudSite.getIdentityService();
MsoTenantUtils tenantUtils =
tenantUtilsFactory.getTenantUtilsByServerType(cloudIdentity.getIdentityServerType());
String keystoneUrl = tenantUtils.getKeystoneUrl(cloudId, cloudIdentity);
Keystone keystoneTenantClient = new Keystone(keystoneUrl);
Authentication v3Credentials = authenticationMethodFactory.getAuthenticationForV3(cloudIdentity, tenantId);
OpenStackRequest<Token> v3Request = keystoneTenantClient.tokens().authenticate(v3Credentials);
return makeRequest(v3Request, type, region);
}
protected KeystoneAuthHolder makeRequest(OpenStackRequest<Token> v3Request, String type, String region) {
OpenStackResponse response = Failsafe.with(createRetryPolicy()).get(() -> {
return v3Request.request();
});
String id = response.header("X-Subject-Token");
Token token = response.getEntity(Token.class);
KeystoneAuthHolder result = new KeystoneAuthHolder();
result.setId(id);
result.setexpiration(token.getExpiresAt());
result.setServiceUrl(findEndpointURL(token.getCatalog(), type, region, "public"));
return result;
}
protected RetryPolicy<OpenStackResponse> createRetryPolicy() {
List<Predicate<Throwable>> result = new ArrayList<>();
result.add(e -> {
return e.getCause() instanceof OpenStackResponseException
&& Arrays.asList(poConfig.getRetryCodes().split(","))
.contains(Integer.toString(((OpenStackResponseException) e).getStatus()));
});
result.add(e -> {
return e.getCause() instanceof OpenStackConnectException;
});
Predicate<Throwable> pred = result.stream().reduce(Predicate::or).orElse(x -> false);
RetryPolicy<OpenStackResponse> policy = new RetryPolicy<OpenStackResponse>().handleIf(error -> pred.test(error))
.withDelay(Duration.ofSeconds(poConfig.getRetryDelay())).withMaxRetries(poConfig.getRetryCount());
return policy;
}
protected String findEndpointURL(List<Service> serviceCatalog, String type, String region, String facing) {
for (Service service : serviceCatalog) {
if (type.equals(service.getType())) {
for (Service.Endpoint endpoint : service.getEndpoints()) {
if (region == null || region.equals(endpoint.getRegion())) {
if (facing.equals(endpoint.getInterface())) {
return endpoint.getUrl();
}
}
}
}
}
throw new ServiceEndpointNotFoundException(
"endpoint url not found: type:" + type + " region: " + region + " facing: " + facing);
}
}
|
