Keystone V3: Introduce OAuth1 auth support

[kayrus]

Resolves #1418

@jtopjian let me know if you find something wrong in this code before I start code cleanup.

[coveralls]

Coverage increased (+0.05%) to 79.354% when pulling 15939e1 on kayrus:oauth into 456b0b6 on gophercloud:master.

[theopenlab-ci]

Build succeeded.

• gophercloud-unittest : SUCCESS in 3m 23s
• gophercloud-acceptance-test : SUCCESS in 2h 14m 11s
• gophercloud-acceptance-test-ironic : SUCCESS in 42m 05s

[theopenlab-ci]

Build failed.

• gophercloud-unittest : SUCCESS in 3m 45s
• gophercloud-acceptance-test : FAILURE in 1h 41m 10s
• gophercloud-acceptance-test-ironic : SUCCESS in 33m 16s

[theopenlab-ci]

Build succeeded.

• gophercloud-unittest : SUCCESS in 3m 18s
• gophercloud-acceptance-test : SUCCESS in 2h 18m 48s
• gophercloud-acceptance-test-ironic : SUCCESS in 45m 28s

[kayrus]

@jtopjian done cleanup, ready for review.

[jtopjian]

@kayrus Thank you for working on this.

This is a lot to take in and unfortunately I didn't have enough time to do a full review today. I've left two comments for now.

In addition, it looks like a lot of the opts structs are missing builder interfaces - we should probably include those.

I hope to have more time tomorrow to continue looking at this - I'm sorry about that.

[jtopjian]

Should there be an else here?

[kayrus]

No, but you pointed me to the fact, that there is no need to pass "nonce" as a parameter, since oauth_nonce is already parsed by gophercloud.BuildQueryString.

[jtopjian]

I was able to get around this by doing the following:

func TestAuthenticate(t *testing.T) {
  l, _ := net.Listen("tcp", "127.0.0.1:33199")
  th.Server = httptest.NewUnstartedServer(th.Mux)
  th.Server.Listener = l
  th.Server.Start()

  //th.SetupHTTP()
  defer th.TeardownHTTP()
  HandleAuthenticate(t)
...

However, the test is still failing, but I'm not sure why.

I'd definitely like to see this conditional removed somehow, though.

[kayrus]

I created an extra testhelper function to listen the static port. Additionally I noticed that using "https://identity:443/" URL containing the default port is not supported by oauth, therefore I modified the logic to normalize URLs with default port.

[kayrus]

In addition, it looks like a lot of the opts structs are missing builder interfaces - we should probably include those.

I don't think that build interface is necessary here. I don't expect that oauth method must be extended by additional parameters or logic.

I hope to have more time tomorrow to continue looking at this - I'm sorry about that.

No worries.

[jtopjian]

I don't think that build interface is necessary here. I don't expect that oauth method must be extended by additional parameters or logic.

We should include the builder interfaces even if we can't think of a reason to use them. Any time in the past that I have assumed they wouldn't be used, someone usually reports how they're missing :)

[theopenlab-ci]

Build succeeded.

• gophercloud-unittest : SUCCESS in 3m 50s
• gophercloud-acceptance-test : SUCCESS in 2h 16m 23s
• gophercloud-acceptance-test-ironic : SUCCESS in 45m 51s

[kayrus]

We should include the builder interfaces even if we can't think of a reason to use them. Any time in the past that I have assumed they wouldn't be used, someone usually reports how they're missing :)

I need to rewrite existing logic, since opts.OAuthConsumerSecret and opts.OAuthTokenSecret are used inside Create funcs. This requires type assertion and I'd like to avoid this.

[jtopjian]

Right, I see. I'm not trying to cause large rewrites, but I think if the Create function is tightly coupled to the opts structure, it might be another good indication that an interface is needed.

The interface methods can be pretty flexible with their return values, so that might be a way to link the Create function to the opts structure.

[kayrus]

@jtopjian As you mentioned Create function is tightly coupled to the opts structure. Therefore I used type assertion, because I have to, otherwise I cannot get an access to secrets.

As for the rest Create functions, done.

[theopenlab-ci]

Build succeeded.

• gophercloud-unittest : SUCCESS in 3m 13s
• gophercloud-acceptance-test : SUCCESS in 2h 12m 49s
• gophercloud-acceptance-test-ironic : SUCCESS in 42m 15s

[kayrus]

@jtopjian the only way to properly introduce the build interface for Create function is to extend the tokens.AuthOptionsBuilder interface with ToTokenV3CreateHeaders(string, string) (map[string]string, error) method. What do you think?

[jtopjian]

Could you create a new method to return the required information specific to this package?

[kayrus]

@jtopjian Not sure if I understood you correctly, but see my latest commit.

[jtopjian]

Yes, that should work.

[kayrus]

@jtopjian while I took a look on these interfaces. I noticed that there is no need to pass scope map into the ToTokenV3CreateMap(scope map[string]interface{}) (map[string]interface{}, error) interface. We can call ToTokenV3ScopeMap method directly inside the ToTokenV3CreateMap method.
Thoughts?

UPD: Ignore my comment. It was done by purpose, since v3/tokens package passes scope, generated inside the v3/tokens package to gophercloud.AuthOptions.ToTokenV3CreateMap method.

[theopenlab-ci]

Build failed.

• gophercloud-unittest : SUCCESS in 3m 51s
• gophercloud-acceptance-test : TIMED_OUT in 3h 01m 52s
• gophercloud-acceptance-test-ironic : SUCCESS in 36m 45s

[kayrus]

recheck

[theopenlab-ci]

Build succeeded.

• gophercloud-unittest : SUCCESS in 2m 52s
• gophercloud-acceptance-test : SUCCESS in 2h 42m 13s
• gophercloud-acceptance-test-ironic : SUCCESS in 53m 22s

[jtopjian]

@kayrus Thank you for working on this. The general logic looks good and I appreciate the time you took investigating how to successfully generate oauth1-based requests.

I've done some refactoring to this which you can see here (jtopjian@5aad4d7). Let me know what you think.

[kayrus]

@jtopjian thanks for you time. I added my comments. Don't hesitate to commit directly to my branch to run the CI/CD pipeline next time. Github repo owners have this ability by default.

[jtopjian]

Don't hesitate to commit directly to my branch to run the CI/CD pipeline next time.

Thanks for the review - I've made changes per your comments and will commit to this branch. I didn't want to do that initially until you had a first look.

[theopenlab-ci]

Build failed.

• gophercloud-unittest : SUCCESS in 2m 33s
• gophercloud-acceptance-test : FAILURE in 56m 42s
• gophercloud-acceptance-test-ironic : SUCCESS in 52m 02s

[theopenlab-ci]

Build succeeded.

• gophercloud-unittest : SUCCESS in 3m 43s
• gophercloud-acceptance-test : SUCCESS in 1h 43m 32s
• gophercloud-acceptance-test-ironic : SUCCESS in 51m 36s

[theopenlab-ci]

Build succeeded.

• gophercloud-unittest : SUCCESS in 3m 41s
• gophercloud-acceptance-test : SUCCESS in 1h 38m 01s
• gophercloud-acceptance-test-ironic : SUCCESS in 55m 54s

[kayrus]

@jtopjian rebased to master

[kayrus]

@jtopjian can you hold with this PR? Considering the #1949 I'd like to introduce a proper logic to extract/parse the TokenResult. Otherwise if Extract() is not called, the response body will remain open.

[theopenlab-ci]

Build succeeded.

• gophercloud-unittest : SUCCESS in 3m 37s
• gophercloud-acceptance-test : SUCCESS in 1h 44m 00s
• gophercloud-acceptance-test-ironic : SUCCESS in 57m 48s

[theopenlab-ci]

Build failed.

• gophercloud-unittest : SUCCESS in 3m 44s
• gophercloud-acceptance-test : FAILURE in 17m 22s
• gophercloud-acceptance-test-ironic : SUCCESS in 46m 14s

[kayrus]

recheck

[theopenlab-ci]

Build succeeded.

• gophercloud-unittest : SUCCESS in 4m 14s
• gophercloud-acceptance-test : SUCCESS in 1h 38m 47s
• gophercloud-acceptance-test-ironic : SUCCESS in 51m 29s

[kayrus]

@jtopjian PR is ready

[jtopjian]

LGTM - thank you!