|
|
@@ -33,6 +33,7 @@ use OCP\ICache; |
|
|
|
use OCP\ILogger; |
|
|
|
use OpenStack\Common\Error\BadResponseError; |
|
|
|
use OpenStack\Common\Auth\Token; |
|
|
|
use OpenStack\Identity\v2\Models\Catalog; |
|
|
|
use OpenStack\Identity\v2\Service as IdentityV2Service; |
|
|
|
use OpenStack\Identity\v3\Service as IdentityV3Service; |
|
|
|
use OpenStack\OpenStack; |
|
|
@@ -47,6 +48,13 @@ class SwiftFactory { |
|
|
|
private $container = null; |
|
|
|
private $logger; |
|
|
|
|
|
|
|
const DEFAULT_OPTIONS = [ |
|
|
|
'autocreate' => false, |
|
|
|
'urlType' => 'publicURL', |
|
|
|
'catalogName' => 'swift', |
|
|
|
'catalogType' => 'object-store' |
|
|
|
]; |
|
|
|
|
|
|
|
public function __construct(ICache $cache, array $params, ILogger $logger) { |
|
|
|
$this->cache = $cache; |
|
|
|
$this->params = $params; |
|
|
@@ -62,11 +70,21 @@ class SwiftFactory { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
private function cacheToken(Token $token, string $cacheKey) { |
|
|
|
private function cacheToken(Token $token, string $serviceUrl, string $cacheKey) { |
|
|
|
if ($token instanceof \OpenStack\Identity\v3\Models\Token) { |
|
|
|
// for v3 the catalog is cached as part of the token, so no need to cache $serviceUrl separately |
|
|
|
$value = json_encode($token->export()); |
|
|
|
} else { |
|
|
|
$value = json_encode($token); |
|
|
|
/** @var \OpenStack\Identity\v2\Models\Token $token */ |
|
|
|
$value = json_encode([ |
|
|
|
'serviceUrl' => $serviceUrl, |
|
|
|
'token' => [ |
|
|
|
'issued_at' => $token->issuedAt->format('c'), |
|
|
|
'expires' => $token->expires->format('c'), |
|
|
|
'id' => $token->id, |
|
|
|
'tenant' => $token->tenant |
|
|
|
] |
|
|
|
]); |
|
|
|
} |
|
|
|
$this->cache->set($cacheKey . '/token', $value); |
|
|
|
} |
|
|
@@ -82,10 +100,6 @@ class SwiftFactory { |
|
|
|
if (!isset($this->params['container'])) { |
|
|
|
$this->params['container'] = 'nextcloud'; |
|
|
|
} |
|
|
|
if (!isset($this->params['autocreate'])) { |
|
|
|
// should only be true for tests |
|
|
|
$this->params['autocreate'] = false; |
|
|
|
} |
|
|
|
if (isset($this->params['user']) && is_array($this->params['user'])) { |
|
|
|
$userName = $this->params['user']['name']; |
|
|
|
} else { |
|
|
@@ -97,6 +111,7 @@ class SwiftFactory { |
|
|
|
if (!isset($this->params['tenantName']) && isset($this->params['tenant'])) { |
|
|
|
$this->params['tenantName'] = $this->params['tenant']; |
|
|
|
} |
|
|
|
$this->params = array_merge(self::DEFAULT_OPTIONS, $this->params); |
|
|
|
|
|
|
|
$cacheKey = $userName . '@' . $this->params['url'] . '/' . $this->params['container']; |
|
|
|
$token = $this->getCachedToken($cacheKey); |
|
|
@@ -114,7 +129,7 @@ class SwiftFactory { |
|
|
|
|
|
|
|
return $this->auth(IdentityV3Service::factory($httpClient), $cacheKey); |
|
|
|
} else { |
|
|
|
return $this->auth(IdentityV2Service::factory($httpClient), $cacheKey); |
|
|
|
return $this->auth(SwiftV2CachingAuthService::factory($httpClient), $cacheKey); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
@@ -127,25 +142,41 @@ class SwiftFactory { |
|
|
|
private function auth($authService, string $cacheKey) { |
|
|
|
$this->params['identityService'] = $authService; |
|
|
|
$this->params['authUrl'] = $this->params['url']; |
|
|
|
$client = new OpenStack($this->params); |
|
|
|
|
|
|
|
$cachedToken = $this->params['cachedToken']; |
|
|
|
$hasValidCachedToken = false; |
|
|
|
if (\is_array($cachedToken) && ($authService instanceof IdentityV3Service)) { |
|
|
|
$token = $authService->generateTokenFromCache($cachedToken); |
|
|
|
if (\is_null($token->catalog)) { |
|
|
|
$this->logger->warning('Invalid cached token for swift, no catalog set: ' . json_encode($cachedToken)); |
|
|
|
} else if ($token->hasExpired()) { |
|
|
|
$this->logger->debug('Cached token for swift expired'); |
|
|
|
if (\is_array($cachedToken)) { |
|
|
|
if ($authService instanceof IdentityV3Service) { |
|
|
|
$token = $authService->generateTokenFromCache($cachedToken); |
|
|
|
if (\is_null($token->catalog)) { |
|
|
|
$this->logger->warning('Invalid cached token for swift, no catalog set: ' . json_encode($cachedToken)); |
|
|
|
} else if ($token->hasExpired()) { |
|
|
|
$this->logger->debug('Cached token for swift expired'); |
|
|
|
} else { |
|
|
|
$hasValidCachedToken = true; |
|
|
|
} |
|
|
|
} else { |
|
|
|
$hasValidCachedToken = true; |
|
|
|
try { |
|
|
|
/** @var \OpenStack\Identity\v2\Models\Token $token */ |
|
|
|
$token = $authService->model(\OpenStack\Identity\v2\Models\Token::class, $cachedToken['token']); |
|
|
|
$now = new \DateTimeImmutable("now"); |
|
|
|
if ($token->expires > $now) { |
|
|
|
$hasValidCachedToken = true; |
|
|
|
$this->params['v2cachedToken'] = $token; |
|
|
|
$this->params['v2serviceUrl'] = $cachedToken['serviceUrl']; |
|
|
|
} else { |
|
|
|
$this->logger->debug('Cached token for swift expired'); |
|
|
|
} |
|
|
|
} catch (\Exception $e) { |
|
|
|
$this->logger->logException($e); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
if (!$hasValidCachedToken) { |
|
|
|
try { |
|
|
|
$token = $authService->generateToken($this->params); |
|
|
|
$this->cacheToken($token, $cacheKey); |
|
|
|
list($token, $serviceUrl) = $authService->authenticate($this->params); |
|
|
|
$this->cacheToken($token, $serviceUrl, $cacheKey); |
|
|
|
} catch (ConnectException $e) { |
|
|
|
throw new StorageAuthException('Failed to connect to keystone, verify the keystone url', $e); |
|
|
|
} catch (ClientException $e) { |
|
|
@@ -164,6 +195,9 @@ class SwiftFactory { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
$client = new OpenStack($this->params); |
|
|
|
|
|
|
|
return $client; |
|
|
|
} |
|
|
|
|