dex/connector/keystone/keystone.go

// Package keystone provides authentication strategy using Keystone.
package keystone

import (
	"bytes"
	"context"
	"encoding/json"
	"fmt"
	"io"
	"net/http"

	"github.com/dexidp/dex/connector"
	"github.com/dexidp/dex/pkg/log"
)

type conn struct {
	Domain        string
	Host          string
	AdminUsername string
	AdminPassword string
	Logger        log.Logger
}

type userKeystone struct {
	Domain domainKeystone `json:"domain"`
	ID     string         `json:"id"`
	Name   string         `json:"name"`
}

type domainKeystone struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

// Config holds the configuration parameters for Keystone connector.
// Keystone should expose API v3
// An example config:
//	connectors:
//		type: keystone
//		id: keystone
//		name: Keystone
//		config:
//			keystoneHost: http://example:5000
//			domain: default
//			keystoneUsername: demo
//			keystonePassword: DEMO_PASS
type Config struct {
	Domain        string `json:"domain"`
	Host          string `json:"keystoneHost"`
	AdminUsername string `json:"keystoneUsername"`
	AdminPassword string `json:"keystonePassword"`
}

type loginRequestData struct {
	auth `json:"auth"`
}

type auth struct {
	Identity identity `json:"identity"`
}

type identity struct {
	Methods  []string `json:"methods"`
	Password password `json:"password"`
}

type password struct {
	User user `json:"user"`
}

type user struct {
	Name     string `json:"name"`
	Domain   domain `json:"domain"`
	Password string `json:"password"`
}

type domain struct {
	ID string `json:"id"`
}

type token struct {
	User userKeystone `json:"user"`
}

type tokenResponse struct {
	Token token `json:"token"`
}

type group struct {
	ID   string `json:"id"`
	Name string `json:"name"`
}

type groupsResponse struct {
	Groups []group `json:"groups"`
}

type userResponse struct {
	User struct {
		Name  string `json:"name"`
		Email string `json:"email"`
		ID    string `json:"id"`
	} `json:"user"`
}

var (
	_ connector.PasswordConnector = &conn{}
	_ connector.RefreshConnector  = &conn{}
)

// Open returns an authentication strategy using Keystone.
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
	return &conn{
		c.Domain,
		c.Host,
		c.AdminUsername,
		c.AdminPassword,
		logger,
	}, nil
}

func (p *conn) Close() error { return nil }

func (p *conn) Login(ctx context.Context, scopes connector.Scopes, username, password string) (identity connector.Identity, validPassword bool, err error) {
	resp, err := p.getTokenResponse(ctx, username, password)
	if err != nil {
		return identity, false, fmt.Errorf("keystone: error %v", err)
	}
	if resp.StatusCode/100 != 2 {
		return identity, false, fmt.Errorf("keystone login: error %v", resp.StatusCode)
	}
	if resp.StatusCode != 201 {
		return identity, false, nil
	}
	token := resp.Header.Get("X-Subject-Token")
	data, err := io.ReadAll(resp.Body)
	if err != nil {
		return identity, false, err
	}
	defer resp.Body.Close()
	tokenResp := new(tokenResponse)
	err = json.Unmarshal(data, &tokenResp)
	if err != nil {
		return identity, false, fmt.Errorf("keystone: invalid token response: %v", err)
	}
	if scopes.Groups {
		groups, err := p.getUserGroups(ctx, tokenResp.Token.User.ID, token)
		if err != nil {
			return identity, false, err
		}
		identity.Groups = groups
	}
	identity.Username = username
	identity.UserID = tokenResp.Token.User.ID

	user, err := p.getUser(ctx, tokenResp.Token.User.ID, token)
	if err != nil {
		return identity, false, err
	}
	if user.User.Email != "" {
		identity.Email = user.User.Email
		identity.EmailVerified = true
	}

	return identity, true, nil
}

func (p *conn) Prompt() string { return "username" }

func (p *conn) Refresh(
	ctx context.Context, scopes connector.Scopes, identity connector.Identity,
) (connector.Identity, error) {
	token, err := p.getAdminToken(ctx)
	if err != nil {
		return identity, fmt.Errorf("keystone: failed to obtain admin token: %v", err)
	}
	ok, err := p.checkIfUserExists(ctx, identity.UserID, token)
	if err != nil {
		return identity, err
	}
	if !ok {
		return identity, fmt.Errorf("keystone: user %q does not exist", identity.UserID)
	}
	if scopes.Groups {
		groups, err := p.getUserGroups(ctx, identity.UserID, token)
		if err != nil {
			return identity, err
		}
		identity.Groups = groups
	}
	return identity, nil
}

func (p *conn) getTokenResponse(ctx context.Context, username, pass string) (response *http.Response, err error) {
	client := &http.Client{}
	jsonData := loginRequestData{
		auth: auth{
			Identity: identity{
				Methods: []string{"password"},
				Password: password{
					User: user{
						Name:     username,
						Domain:   domain{ID: p.Domain},
						Password: pass,
					},
				},
			},
		},
	}
	jsonValue, err := json.Marshal(jsonData)
	if err != nil {
		return nil, err
	}
	// https://developer.openstack.org/api-ref/identity/v3/#password-authentication-with-unscoped-authorization
	authTokenURL := p.Host + "/v3/auth/tokens/"
	req, err := http.NewRequest("POST", authTokenURL, bytes.NewBuffer(jsonValue))
	if err != nil {
		return nil, err
	}

	req.Header.Set("Content-Type", "application/json")
	req = req.WithContext(ctx)

	return client.Do(req)
}

func (p *conn) getAdminToken(ctx context.Context) (string, error) {
	resp, err := p.getTokenResponse(ctx, p.AdminUsername, p.AdminPassword)
	if err != nil {
		return "", err
	}
	defer resp.Body.Close()

	token := resp.Header.Get("X-Subject-Token")
	return token, nil
}

func (p *conn) checkIfUserExists(ctx context.Context, userID string, token string) (bool, error) {
	user, err := p.getUser(ctx, userID, token)
	return user != nil, err
}

func (p *conn) getUser(ctx context.Context, userID string, token string) (*userResponse, error) {
	// https://developer.openstack.org/api-ref/identity/v3/#show-user-details
	userURL := p.Host + "/v3/users/" + userID
	client := &http.Client{}
	req, err := http.NewRequest("GET", userURL, nil)
	if err != nil {
		return nil, err
	}

	req.Header.Set("X-Auth-Token", token)
	req = req.WithContext(ctx)
	resp, err := client.Do(req)
	if err != nil {
		return nil, err
	}
	defer resp.Body.Close()

	if resp.StatusCode != 200 {
		return nil, err
	}

	data, err := io.ReadAll(resp.Body)
	if err != nil {
		return nil, err
	}

	user := userResponse{}
	err = json.Unmarshal(data, &user)
	if err != nil {
		return nil, err
	}

	return &user, nil
}

func (p *conn) getUserGroups(ctx context.Context, userID string, token string) ([]string, error) {
	client := &http.Client{}
	// https://developer.openstack.org/api-ref/identity/v3/#list-groups-to-which-a-user-belongs
	groupsURL := p.Host + "/v3/users/" + userID + "/groups"
	req, err := http.NewRequest("GET", groupsURL, nil)
	if err != nil {
		return nil, err
	}
	req.Header.Set("X-Auth-Token", token)
	req = req.WithContext(ctx)
	resp, err := client.Do(req)
	if err != nil {
		p.Logger.Errorf("keystone: error while fetching user %q groups\n", userID)
		return nil, err
	}

	data, err := io.ReadAll(resp.Body)
	if err != nil {
		return nil, err
	}
	defer resp.Body.Close()

	groupsResp := new(groupsResponse)

	err = json.Unmarshal(data, &groupsResp)
	if err != nil {
		return nil, err
	}

	groups := make([]string, len(groupsResp.Groups))
	for i, group := range groupsResp.Groups {
		groups[i] = group.Name
	}
	return groups, nil
}
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00			`// Package keystone provides authentication strategy using Keystone.`
			`package keystone`

			`import (`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`"bytes"`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00			`"context"`
			`"encoding/json"`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`"fmt"`
refactor: move from io/ioutil to io and os package The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> 2021-09-17 06:12:39 +00:00			`"io"`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`"net/http"`

			`"github.com/dexidp/dex/connector"`
Add logger interface and stop relying on Logrus directly 2019-02-22 12:19:23 +00:00			`"github.com/dexidp/dex/pkg/log"`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00			`)`

keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`type conn struct {`
			`Domain string`
			`Host string`
			`AdminUsername string`
			`AdminPassword string`
Add logger interface and stop relying on Logrus directly 2019-02-22 12:19:23 +00:00			`Logger log.Logger`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`}`

			`type userKeystone struct {`
			Domain domainKeystone `json:"domain"`
			ID string `json:"id"`
			Name string `json:"name"`
			`}`

			`type domainKeystone struct {`
			ID string `json:"id"`
			Name string `json:"name"`
			`}`

			`// Config holds the configuration parameters for Keystone connector.`
			`// Keystone should expose API v3`
			`// An example config:`
			`// connectors:`
			`// type: keystone`
			`// id: keystone`
			`// name: Keystone`
			`// config:`
			`// keystoneHost: http://example:5000`
			`// domain: default`
chore: add keystone connector icon and bump tests dependencies Signed-off-by: m.nabokikh <maksim.nabokikh@flant.com> 2021-03-11 07:32:25 +00:00			`// keystoneUsername: demo`
			`// keystonePassword: DEMO_PASS`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`type Config struct {`
			Domain string `json:"domain"`
			Host string `json:"keystoneHost"`
			AdminUsername string `json:"keystoneUsername"`
			AdminPassword string `json:"keystonePassword"`
			`}`

			`type loginRequestData struct {`
			auth `json:"auth"`
			`}`

			`type auth struct {`
			Identity identity `json:"identity"`
			`}`

			`type identity struct {`
			Methods []string `json:"methods"`
			Password password `json:"password"`
			`}`

			`type password struct {`
			User user `json:"user"`
			`}`

			`type user struct {`
			Name string `json:"name"`
			Domain domain `json:"domain"`
			Password string `json:"password"`
			`}`

			`type domain struct {`
			ID string `json:"id"`
			`}`

			`type token struct {`
			User userKeystone `json:"user"`
			`}`

			`type tokenResponse struct {`
			Token token `json:"token"`
			`}`

			`type group struct {`
			ID string `json:"id"`
			Name string `json:"name"`
			`}`

			`type groupsResponse struct {`
			Groups []group `json:"groups"`
			`}`

Added Email of Keystone to Identity (#1681) * Added Email of Keystone to Identity After the successful login to keystone, the Email of the logged in user is fetch from keystone and provided to `identity.Email`. This is useful for upstream software that uses the Email as the primary identification. * Removed unnecessary code from getUsers * Changed creation of userResponse in keystone * Fixing linter error Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de> 2020-04-06 13:40:17 +00:00			`type userResponse struct {`
			`User struct {`
			Name string `json:"name"`
			Email string `json:"email"`
			ID string `json:"id"`
			} `json:"user"`
			`}`

keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00			`var (`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`_ connector.PasswordConnector = &conn{}`
			`_ connector.RefreshConnector = &conn{}`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00			`)`

			`// Open returns an authentication strategy using Keystone.`
Add logger interface and stop relying on Logrus directly 2019-02-22 12:19:23 +00:00			`func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`return &conn{`
			`c.Domain,`
			`c.Host,`
			`c.AdminUsername,`
			`c.AdminPassword,`
Run fixer Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> 2020-11-03 19:50:09 +00:00			`logger,`
			`}, nil`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00			`}`

keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`func (p *conn) Close() error { return nil }`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`func (p *conn) Login(ctx context.Context, scopes connector.Scopes, username, password string) (identity connector.Identity, validPassword bool, err error) {`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`resp, err := p.getTokenResponse(ctx, username, password)`
			`if err != nil {`
			`return identity, false, fmt.Errorf("keystone: error %v", err)`
			`}`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`if resp.StatusCode/100 != 2 {`
			`return identity, false, fmt.Errorf("keystone login: error %v", resp.StatusCode)`
			`}`
			`if resp.StatusCode != 201 {`
			`return identity, false, nil`
			`}`
			`token := resp.Header.Get("X-Subject-Token")`
refactor: move from io/ioutil to io and os package The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> 2021-09-17 06:12:39 +00:00			`data, err := io.ReadAll(resp.Body)`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`if err != nil {`
			`return identity, false, err`
			`}`
			`defer resp.Body.Close()`
Run fixer Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> 2020-11-03 19:50:09 +00:00			`tokenResp := new(tokenResponse)`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`err = json.Unmarshal(data, &tokenResp)`
			`if err != nil {`
			`return identity, false, fmt.Errorf("keystone: invalid token response: %v", err)`
			`}`
			`if scopes.Groups {`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`groups, err := p.getUserGroups(ctx, tokenResp.Token.User.ID, token)`
			`if err != nil {`
			`return identity, false, err`
			`}`
			`identity.Groups = groups`
keystone: refresh token and groups 2018-11-27 10:28:46 +00:00			`}`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`identity.Username = username`
			`identity.UserID = tokenResp.Token.User.ID`
Added Email of Keystone to Identity (#1681) * Added Email of Keystone to Identity After the successful login to keystone, the Email of the logged in user is fetch from keystone and provided to `identity.Email`. This is useful for upstream software that uses the Email as the primary identification. * Removed unnecessary code from getUsers * Changed creation of userResponse in keystone * Fixing linter error Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de> 2020-04-06 13:40:17 +00:00
			`user, err := p.getUser(ctx, tokenResp.Token.User.ID, token)`
			`if err != nil {`
			`return identity, false, err`
			`}`
			`if user.User.Email != "" {`
			`identity.Email = user.User.Email`
			`identity.EmailVerified = true`
			`}`

keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`return identity, true, nil`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00			`}`

keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`func (p *conn) Prompt() string { return "username" }`
keystone: refresh token and groups 2018-11-27 10:28:46 +00:00
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`func (p *conn) Refresh(`
chore: fix lint violations Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> 2022-05-25 09:17:34 +00:00			`ctx context.Context, scopes connector.Scopes, identity connector.Identity,`
			`) (connector.Identity, error) {`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`token, err := p.getAdminToken(ctx)`
			`if err != nil {`
			`return identity, fmt.Errorf("keystone: failed to obtain admin token: %v", err)`
keystone: refresh token and groups 2018-11-27 10:28:46 +00:00			`}`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`ok, err := p.checkIfUserExists(ctx, identity.UserID, token)`
			`if err != nil {`
			`return identity, err`
			`}`
			`if !ok {`
			`return identity, fmt.Errorf("keystone: user %q does not exist", identity.UserID)`
			`}`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`if scopes.Groups {`
			`groups, err := p.getUserGroups(ctx, identity.UserID, token)`
			`if err != nil {`
			`return identity, err`
			`}`
			`identity.Groups = groups`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`}`
keystone: refresh token and groups 2018-11-27 10:28:46 +00:00			`return identity, nil`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00			`}`

keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`func (p conn) getTokenResponse(ctx context.Context, username, pass string) (response http.Response, err error) {`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`client := &http.Client{}`
			`jsonData := loginRequestData{`
			`auth: auth{`
			`Identity: identity{`
			`Methods: []string{"password"},`
			`Password: password{`
			`User: user{`
			`Name: username,`
			`Domain: domain{ID: p.Domain},`
			`Password: pass,`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00			`},`
			`},`
			`},`
			`},`
			`}`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`jsonValue, err := json.Marshal(jsonData)`
			`if err != nil {`
			`return nil, err`
			`}`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`// https://developer.openstack.org/api-ref/identity/v3/#password-authentication-with-unscoped-authorization`
			`authTokenURL := p.Host + "/v3/auth/tokens/"`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`req, err := http.NewRequest("POST", authTokenURL, bytes.NewBuffer(jsonValue))`
			`if err != nil {`
			`return nil, err`
			`}`

			`req.Header.Set("Content-Type", "application/json")`
			`req = req.WithContext(ctx)`

			`return client.Do(req)`
keystone: refresh token and groups 2018-11-27 10:28:46 +00:00			`}`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`func (p *conn) getAdminToken(ctx context.Context) (string, error) {`
			`resp, err := p.getTokenResponse(ctx, p.AdminUsername, p.AdminPassword)`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`if err != nil {`
			`return "", err`
			`}`
Fix bodyclose 2019-12-18 15:04:03 +00:00			`defer resp.Body.Close()`

keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`token := resp.Header.Get("X-Subject-Token")`
			`return token, nil`
keystone: refresh token and groups 2018-11-27 10:28:46 +00:00			`}`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`func (p *conn) checkIfUserExists(ctx context.Context, userID string, token string) (bool, error) {`
Added Email of Keystone to Identity (#1681) * Added Email of Keystone to Identity After the successful login to keystone, the Email of the logged in user is fetch from keystone and provided to `identity.Email`. This is useful for upstream software that uses the Email as the primary identification. * Removed unnecessary code from getUsers * Changed creation of userResponse in keystone * Fixing linter error Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de> 2020-04-06 13:40:17 +00:00			`user, err := p.getUser(ctx, userID, token)`
			`return user != nil, err`
			`}`

			`func (p conn) getUser(ctx context.Context, userID string, token string) (userResponse, error) {`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`// https://developer.openstack.org/api-ref/identity/v3/#show-user-details`
			`userURL := p.Host + "/v3/users/" + userID`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`client := &http.Client{}`
			`req, err := http.NewRequest("GET", userURL, nil)`
			`if err != nil {`
Added Email of Keystone to Identity (#1681) * Added Email of Keystone to Identity After the successful login to keystone, the Email of the logged in user is fetch from keystone and provided to `identity.Email`. This is useful for upstream software that uses the Email as the primary identification. * Removed unnecessary code from getUsers * Changed creation of userResponse in keystone * Fixing linter error Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de> 2020-04-06 13:40:17 +00:00			`return nil, err`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`}`

			`req.Header.Set("X-Auth-Token", token)`
			`req = req.WithContext(ctx)`
			`resp, err := client.Do(req)`
			`if err != nil {`
Added Email of Keystone to Identity (#1681) * Added Email of Keystone to Identity After the successful login to keystone, the Email of the logged in user is fetch from keystone and provided to `identity.Email`. This is useful for upstream software that uses the Email as the primary identification. * Removed unnecessary code from getUsers * Changed creation of userResponse in keystone * Fixing linter error Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de> 2020-04-06 13:40:17 +00:00			`return nil, err`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`}`
Fix bodyclose 2019-12-18 15:04:03 +00:00			`defer resp.Body.Close()`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00
Added Email of Keystone to Identity (#1681) * Added Email of Keystone to Identity After the successful login to keystone, the Email of the logged in user is fetch from keystone and provided to `identity.Email`. This is useful for upstream software that uses the Email as the primary identification. * Removed unnecessary code from getUsers * Changed creation of userResponse in keystone * Fixing linter error Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de> 2020-04-06 13:40:17 +00:00			`if resp.StatusCode != 200 {`
			`return nil, err`
			`}`

refactor: move from io/ioutil to io and os package The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> 2021-09-17 06:12:39 +00:00			`data, err := io.ReadAll(resp.Body)`
Added Email of Keystone to Identity (#1681) * Added Email of Keystone to Identity After the successful login to keystone, the Email of the logged in user is fetch from keystone and provided to `identity.Email`. This is useful for upstream software that uses the Email as the primary identification. * Removed unnecessary code from getUsers * Changed creation of userResponse in keystone * Fixing linter error Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de> 2020-04-06 13:40:17 +00:00			`if err != nil {`
			`return nil, err`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`}`
Added Email of Keystone to Identity (#1681) * Added Email of Keystone to Identity After the successful login to keystone, the Email of the logged in user is fetch from keystone and provided to `identity.Email`. This is useful for upstream software that uses the Email as the primary identification. * Removed unnecessary code from getUsers * Changed creation of userResponse in keystone * Fixing linter error Co-authored-by: Christoph Glaubitz <christoph.glaubitz@innovo-cloud.de> 2020-04-06 13:40:17 +00:00
			`user := userResponse{}`
			`err = json.Unmarshal(data, &user)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &user, nil`
keystone: squashed changes from knangia/dex 2018-11-26 14:51:03 +00:00			`}`

keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`func (p *conn) getUserGroups(ctx context.Context, userID string, token string) ([]string, error) {`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`client := &http.Client{}`
keystone: fetching groups only if requested, refactoring. 2018-12-20 16:25:22 +00:00			`// https://developer.openstack.org/api-ref/identity/v3/#list-groups-to-which-a-user-belongs`
			`groupsURL := p.Host + "/v3/users/" + userID + "/groups"`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`req, err := http.NewRequest("GET", groupsURL, nil)`
*: fix some lint issues Mostly gathered these using golangci-lint's deadcode and ineffassign linters. Signed-off-by: Stephan Renatus <srenatus@chef.io> 2019-07-30 09:08:57 +00:00			`if err != nil {`
			`return nil, err`
			`}`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`req.Header.Set("X-Auth-Token", token)`
			`req = req.WithContext(ctx)`
			`resp, err := client.Do(req)`
			`if err != nil {`
			`p.Logger.Errorf("keystone: error while fetching user %q groups\n", userID)`
			`return nil, err`
			`}`

refactor: move from io/ioutil to io and os package The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com> 2021-09-17 06:12:39 +00:00			`data, err := io.ReadAll(resp.Body)`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`defer resp.Body.Close()`

Run fixer Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> 2020-11-03 19:50:09 +00:00			`groupsResp := new(groupsResponse)`
keystone: test cases, refactoring and cleanup 2018-12-13 11:22:53 +00:00
			`err = json.Unmarshal(data, &groupsResp)`
			`if err != nil {`
			`return nil, err`
			`}`

			`groups := make([]string, len(groupsResp.Groups))`
			`for i, group := range groupsResp.Groups {`
			`groups[i] = group.Name`
			`}`
			`return groups, nil`
keystone: refresh token and groups 2018-11-27 10:28:46 +00:00			`}`