- auth_params = {
- 'username' => resource[:name],
- 'password' => resource[:password],
- 'tenant_name' => resource[:tenant],
- 'auth_url' => endpoint,
- }
- # LP#1408754
- # Ideally this would be checked with the `openstack token issue` command,
- # but that command is not available with version 0.3.0 of openstackclient
- # which is what ships on Ubuntu during Juno.
- # Instead we'll check whether the user can authenticate with curl.
- creds_hash = {
- :auth => {
- :passwordCredentials => {
- :username => auth_params['username'],
- :password => auth_params['password'],
- }
- }
- }
- url = URI.parse(endpoint)
- # There is issue with ipv6 where address has to be in brackets, this causes the
- # underlying ruby TCPSocket to fail. Net::HTTP.new will fail without brackets on
- # joining the ipv6 address with :port or passing brackets to TCPSocket. It was
- # found that if we use Net::HTTP.start with url.hostname the incriminated code
- # won't be hit.
- use_ssl = url.scheme == "https" ? true : false
- http = Net::HTTP.start(url.hostname, url.port, {:use_ssl => use_ssl})
- request = Net::HTTP::Post.new('/v2.0/tokens')
- request.body = creds_hash.to_json
- request.content_type = 'application/json'
- response = http.request(request)
- if response.code.to_i == 401 || response.code.to_i == 403 # 401 => unauthorized, 403 => userDisabled
- return nil
- elsif ! (response.code == 200 || response.code == 203)
- return resource[:password]
+ # Password validation
+ credentials = Puppet::Provider::Openstack::CredentialsV2_0.new
+ credentials.auth_url = self.class.get_endpoint
+ credentials.password = resource[:password]
+ credentials.project_name = resource[:tenant]
+ credentials.username = resource[:name]
+ begin
+ token = Puppet::Provider::Openstack.request('token', 'issue', ['--format', 'value'], credentials)
+ rescue Puppet::Error::OpenstackUnauthorizedError
+ # password is invalid