Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] provider/openstack - Add support for identity v3 #7041

Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 45 additions & 23 deletions builtin/providers/openstack/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,26 @@ import (
)

type Config struct {
Username string
UserID string
Password string
Token string
APIKey string
IdentityEndpoint string
TenantID string
TenantName string
DomainID string
DomainName string
Insecure bool
EndpointType string
CACertFile string
DefaultDomain string
Username string
UserID string
UserDomainName string
UserDomainID string
Password string
Token string
APIKey string
IdentityEndpoint string
TenantID string // The tenant_* keyword is deprecated as
TenantName string // of the 1.7.0 release in favor of project_*
ProjectID string
ProjectName string
ProjectDomainID string
ProjectDomainName string
DomainID string
DomainName string
Insecure bool
EndpointType string
CACertFile string

osClient *gophercloud.ProviderClient
}
Expand All @@ -38,17 +45,32 @@ func (c *Config) loadAndValidate() error {
return fmt.Errorf("Invalid endpoint type provided")
}

// Check if using the old tenant notation or the project notation
if (c.TenantID == "" && c.TenantName == "") == (c.ProjectID == "" && c.ProjectName == "") {
return fmt.Errorf("Please provide either a tenant ID/name or a projet ID/name")
} else if c.ProjectID != "" || c.ProjectName != "" {
// If using ProjectID/Name, overwrite TenantID/Name because gophercloud doesn't support
// ProjectID/Name yet.
c.TenantID = c.ProjectID
c.TenantName = c.ProjectName
}

ao := gophercloud.AuthOptions{
Username: c.Username,
UserID: c.UserID,
Password: c.Password,
TokenID: c.Token,
APIKey: c.APIKey,
IdentityEndpoint: c.IdentityEndpoint,
TenantID: c.TenantID,
TenantName: c.TenantName,
DomainID: c.DomainID,
DomainName: c.DomainName,
DefaultDomain: c.DefaultDomain,
Username: c.Username,
UserID: c.UserID,
UserDomainID: c.UserDomainID,
UserDomainName: c.UserDomainName,
Password: c.Password,
TokenID: c.Token,
APIKey: c.APIKey,
IdentityEndpoint: c.IdentityEndpoint,
TenantID: c.TenantID,
TenantName: c.TenantName,
ProjectDomainID: c.ProjectDomainID,
ProjectDomainName: c.ProjectDomainName,
DomainID: c.DomainID,
DomainName: c.DomainName,
}

client, err := openstack.NewClient(ao.IdentityEndpoint)
Expand Down
78 changes: 60 additions & 18 deletions builtin/providers/openstack/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,12 @@ func Provider() terraform.ResourceProvider {
"auth_url": &schema.Schema{
Type: schema.TypeString,
Required: true,
DefaultFunc: schema.EnvDefaultFunc("OS_AUTH_URL", nil),
DefaultFunc: schema.EnvDefaultFunc("OS_AUTH_URL", ""),
},
"default_domain": &schema.Schema{
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OS_DEFAULT_DOMAIN", "default"),
},
"user_name": &schema.Schema{
Type: schema.TypeString,
Expand All @@ -28,15 +33,45 @@ func Provider() terraform.ResourceProvider {
Optional: true,
Default: "",
},
"user_domain_name": &schema.Schema{
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OS_USER_DOMAIN_NAME", ""),
},
"user_domain_id": &schema.Schema{
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OS_USER_DOMAIN_ID", ""),
},
"tenant_id": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "",
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OS_TENANT_ID", ""),
},
"tenant_name": &schema.Schema{
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OS_TENANT_NAME", nil),
DefaultFunc: schema.EnvDefaultFunc("OS_TENANT_NAME", ""),
},
"project_id": &schema.Schema{
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OS_PROJECT_ID", ""),
},
"project_name": &schema.Schema{
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OS_PROJECT_NAME", ""),
},
"project_domain_id": &schema.Schema{
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OS_PROJECT_DOMAIN_ID", ""),
},
"project_domain_name": &schema.Schema{
Type: schema.TypeString,
Optional: true,
DefaultFunc: schema.EnvDefaultFunc("OS_PROJECT_DOMAIN_NAME", ""),
},
"password": &schema.Schema{
Type: schema.TypeString,
Expand Down Expand Up @@ -112,19 +147,26 @@ func Provider() terraform.ResourceProvider {

func configureProvider(d *schema.ResourceData) (interface{}, error) {
config := Config{
IdentityEndpoint: d.Get("auth_url").(string),
Username: d.Get("user_name").(string),
UserID: d.Get("user_id").(string),
Password: d.Get("password").(string),
Token: d.Get("token").(string),
APIKey: d.Get("api_key").(string),
TenantID: d.Get("tenant_id").(string),
TenantName: d.Get("tenant_name").(string),
DomainID: d.Get("domain_id").(string),
DomainName: d.Get("domain_name").(string),
Insecure: d.Get("insecure").(bool),
EndpointType: d.Get("endpoint_type").(string),
CACertFile: d.Get("cacert_file").(string),
IdentityEndpoint: d.Get("auth_url").(string),
DefaultDomain: d.Get("default_domain").(string),
Username: d.Get("user_name").(string),
UserID: d.Get("user_id").(string),
UserDomainID: d.Get("user_domain_id").(string),
UserDomainName: d.Get("user_domain_name").(string),
Password: d.Get("password").(string),
Token: d.Get("token").(string),
APIKey: d.Get("api_key").(string),
TenantID: d.Get("tenant_id").(string),
TenantName: d.Get("tenant_name").(string),
ProjectID: d.Get("project_id").(string),
ProjectName: d.Get("project_name").(string),
ProjectDomainID: d.Get("project_domain_id").(string),
ProjectDomainName: d.Get("project_domain_name").(string),
DomainID: d.Get("domain_id").(string),
DomainName: d.Get("domain_name").(string),
Insecure: d.Get("insecure").(bool),
EndpointType: d.Get("endpoint_type").(string),
CACertFile: d.Get("cacert_file").(string),
}

if err := config.loadAndValidate(); err != nil {
Expand Down
34 changes: 30 additions & 4 deletions website/source/docs/providers/openstack/index.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -59,11 +59,11 @@ The following arguments are supported:
you can safely ignore this argument. If omitted, the `OS_API_KEY`
environment variable is used.

* `domain_id` - (Optional) If omitted, the `OS_DOMAIN_ID` environment
variable is used.
* `project_id` - (Optional) Project-level authentication scope. If omitted,
the `OS_PROJECT_ID` environment variable is used.

* `domain_name` - (Optional) If omitted, the `OS_DOMAIN_NAME`
environment variable is used.
* `project_name` - (Optional) `project_id` alternative. If omitted,
the `OS_PROJECT_NAME` environment variable is used.

* `tenant_id` - (Optional)

Expand All @@ -80,6 +80,32 @@ The following arguments are supported:
service catalog. It can be set using the OS_ENDPOINT_TYPE environment
variable. If not set, public endpoints is used.

Authenticating using Identity Server API v3:

* `user_domain_id` - (Optional) If the user is specified by name, then the
domain id of the user must also be specified in order to uniquely identify
the user. If omitted, the `OS_USER_DOMAIN_ID` environment variable is used.

* `user_domain_name` - (Optional) Alternatively to `user_domain_id`, the
domain name of the user may be used to uniquely identify the user. If
omitted, the `OS_USER_DOMAIN_NAME` environment variable is used.

* `project_domain_id` - (Optional) Project scoping using the project domain
id. If omitted, the `OS_PROJECT_DOMAIN_ID` environment variable is used.

* `project_domain_name` - (Optional) Project scoping using the project domain
name. If omitted, the `OS_PROJECT_DOMAIN_NAME` environment variable is used.

* `domain_id` - (Optional) Domain scoping using the domain id. If omitted,
the `OS_DOMAIN_ID` environment variable is used.

* `domain_name` - (Optional) Domain scoping using the domain name. If omitted,
the `OS_DOMAIN_NAME` environment variable is used.

* `default_domain` - (Optional) Default domain id if the user and project
share the same domain. If omitted, the `OS_DEFAULT_DOMAIN` environment
variable is used.

## Rackspace Compatibility

Using this OpenStack provider with Rackspace is not supported and not
Expand Down