terraform/builtin/providers/openstack/config.go

package openstack

import (
	"crypto/tls"
	"crypto/x509"
	"fmt"
	"io/ioutil"
	"net/http"

	"github.com/gophercloud/gophercloud"
	"github.com/gophercloud/gophercloud/openstack"
	"github.com/gophercloud/gophercloud/openstack/objectstorage/v1/swauth"
)

type Config struct {
	CACertFile       string
	ClientCertFile   string
	ClientKeyFile    string
	DomainID         string
	DomainName       string
	EndpointType     string
	IdentityEndpoint string
	Insecure         bool
	Password         string
	Swauth           bool
	TenantID         string
	TenantName       string
	Token            string
	Username         string
	UserID           string

	osClient *gophercloud.ProviderClient
}

func (c *Config) loadAndValidate() error {
	validEndpoint := false
	validEndpoints := []string{
		"internal", "internalURL",
		"admin", "adminURL",
		"public", "publicURL",
		"",
	}

	for _, endpoint := range validEndpoints {
		if c.EndpointType == endpoint {
			validEndpoint = true
		}
	}

	if !validEndpoint {
		return fmt.Errorf("Invalid endpoint type provided")
	}

	ao := gophercloud.AuthOptions{
		DomainID:         c.DomainID,
		DomainName:       c.DomainName,
		IdentityEndpoint: c.IdentityEndpoint,
		Password:         c.Password,
		TenantID:         c.TenantID,
		TenantName:       c.TenantName,
		TokenID:          c.Token,
		Username:         c.Username,
		UserID:           c.UserID,
	}

	client, err := openstack.NewClient(ao.IdentityEndpoint)
	if err != nil {
		return err
	}

	config := &tls.Config{}
	if c.CACertFile != "" {
		caCert, err := ioutil.ReadFile(c.CACertFile)
		if err != nil {
			return err
		}

		caCertPool := x509.NewCertPool()
		caCertPool.AppendCertsFromPEM(caCert)
		config.RootCAs = caCertPool
	}

	if c.Insecure {
		config.InsecureSkipVerify = true
	}

	if c.ClientCertFile != "" && c.ClientKeyFile != "" {
		cert, err := tls.LoadX509KeyPair(c.ClientCertFile, c.ClientKeyFile)
		if err != nil {
			return err
		}

		config.Certificates = []tls.Certificate{cert}
		config.BuildNameToCertificate()
	}

	transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}
	client.HTTPClient.Transport = transport

	// If using Swift Authentication, there's no need to validate authentication normally.
	if !c.Swauth {
		err = openstack.Authenticate(client, ao)
		if err != nil {
			return err
		}
	}

	c.osClient = client

	return nil
}

func (c *Config) blockStorageV1Client(region string) (*gophercloud.ServiceClient, error) {
	return openstack.NewBlockStorageV1(c.osClient, gophercloud.EndpointOpts{
		Region:       region,
		Availability: c.getEndpointType(),
	})
}

func (c *Config) blockStorageV2Client(region string) (*gophercloud.ServiceClient, error) {
	return openstack.NewBlockStorageV2(c.osClient, gophercloud.EndpointOpts{
		Region:       region,
		Availability: c.getEndpointType(),
	})
}

func (c *Config) computeV2Client(region string) (*gophercloud.ServiceClient, error) {
	return openstack.NewComputeV2(c.osClient, gophercloud.EndpointOpts{
		Region:       region,
		Availability: c.getEndpointType(),
	})
}

func (c *Config) networkingV2Client(region string) (*gophercloud.ServiceClient, error) {
	return openstack.NewNetworkV2(c.osClient, gophercloud.EndpointOpts{
		Region:       region,
		Availability: c.getEndpointType(),
	})
}

func (c *Config) objectStorageV1Client(region string) (*gophercloud.ServiceClient, error) {
	// If Swift Authentication is being used, return a swauth client.
	if c.Swauth {
		return swauth.NewObjectStorageV1(c.osClient, swauth.AuthOpts{
			User: c.Username,
			Key:  c.Password,
		})
	}

	return openstack.NewObjectStorageV1(c.osClient, gophercloud.EndpointOpts{
		Region:       region,
		Availability: c.getEndpointType(),
	})
}

func (c *Config) getEndpointType() gophercloud.Availability {
	if c.EndpointType == "internal" || c.EndpointType == "internalURL" {
		return gophercloud.AvailabilityInternal
	}
	if c.EndpointType == "admin" || c.EndpointType == "adminURL" {
		return gophercloud.AvailabilityAdmin
	}
	return gophercloud.AvailabilityPublic
}
crud for openstack servers v2 2014-10-29 22:52:36 +01:00			`package openstack`

			`import (`
Allow to disable HTTPS certificate check 2015-04-15 14:58:01 +02:00			`"crypto/tls"`
Add optional cacert_file parameter to openstack provider Official OpenStack clients support specifing custom CA certificate file that should be used when communicating with OpenStack server. This patch adds similar behavior to Terraform OpenStack provider, by: - Using OS_CACERT environmental variable, if available - Using cacert_file provider parameter, if configured 2016-02-12 07:56:11 +01:00			`"crypto/x509"`
Enpoint type configuration for OpenStack provider Add the possibility to specify the endpoint type (public, admin, internal). The default remains the same (public). 2015-06-07 22:57:55 +02:00			`"fmt"`
Add optional cacert_file parameter to openstack provider Official OpenStack clients support specifing custom CA certificate file that should be used when communicating with OpenStack server. This patch adds similar behavior to Terraform OpenStack provider, by: - Using OS_CACERT environmental variable, if available - Using cacert_file provider parameter, if configured 2016-02-12 07:56:11 +01:00			`"io/ioutil"`
Allow to disable HTTPS certificate check 2015-04-15 14:58:01 +02:00			`"net/http"`

provider/openstack: gophercloud migration: Removing APIKey Attribute gophercloud/gophercloud no longer supports the APIKey authentication attribute. Removal of this attribute may impact users who were using the Terraform OpenStack provider in with vendor-modified clouds. 2016-09-03 17:27:45 +02:00			`"github.com/gophercloud/gophercloud"`
			`"github.com/gophercloud/gophercloud/openstack"`
provider/openstack: Add Swauth/Swift Authentication This commit adds the ability to authenticate with Swauth/Swift. This can be used in Swift-only environments that do not have a Keystone service for authentication. 2016-11-08 06:30:55 +01:00			`"github.com/gophercloud/gophercloud/openstack/objectstorage/v1/swauth"`
crud for openstack servers v2 2014-10-29 22:52:36 +01:00			`)`

			`type Config struct {`
Add optional cacert_file parameter to openstack provider Official OpenStack clients support specifing custom CA certificate file that should be used when communicating with OpenStack server. This patch adds similar behavior to Terraform OpenStack provider, by: - Using OS_CACERT environmental variable, if available - Using cacert_file provider parameter, if configured 2016-02-12 07:56:11 +01:00			`CACertFile string`
provider/openstack: Support client certificates Official OpenStack clients commonly support specifing a client certificate/key to enable SSL client authentication when communicating with OpenStack services. This patch enables such feature in Terraform with new parameters and environment variables: * 'cert' provider parameter or OS_CERT env variable to specify client certificate file, * 'key' provider parameter or OS_KEY env variable to specify client certificate private key file. 2016-04-21 11:39:49 +02:00			`ClientCertFile string`
			`ClientKeyFile string`
provider/openstack: Openstack Provider Updates (#9725) * provider/openstack: Adding Identity v3 compatible environment variables * provider/openstack: Adding missing environment variables * provider/openstack: line spacing for provider options * provider/openstack: Making password sensitive * provider/openstack: Adding descriptions to provider options * provider/openstack: Clean up provider documentation * provider/openstack: clean up EndpointType check 2016-11-01 14:16:39 +01:00			`DomainID string`
			`DomainName string`
			`EndpointType string`
			`IdentityEndpoint string`
			`Insecure bool`
			`Password string`
provider/openstack: Add Swauth/Swift Authentication This commit adds the ability to authenticate with Swauth/Swift. This can be used in Swift-only environments that do not have a Keystone service for authentication. 2016-11-08 06:30:55 +01:00			`Swauth bool`
provider/openstack: Openstack Provider Updates (#9725) * provider/openstack: Adding Identity v3 compatible environment variables * provider/openstack: Adding missing environment variables * provider/openstack: line spacing for provider options * provider/openstack: Making password sensitive * provider/openstack: Adding descriptions to provider options * provider/openstack: Clean up provider documentation * provider/openstack: clean up EndpointType check 2016-11-01 14:16:39 +01:00			`TenantID string`
			`TenantName string`
			`Token string`
			`Username string`
			`UserID string`
crud for openstack servers v2 2014-10-29 22:52:36 +01:00
add options for openstack identity v3 2015-01-26 05:00:57 +01:00			`osClient *gophercloud.ProviderClient`
crud for openstack servers v2 2014-10-29 22:52:36 +01:00			`}`

			`func (c *Config) loadAndValidate() error {`
provider/openstack: Openstack Provider Updates (#9725) * provider/openstack: Adding Identity v3 compatible environment variables * provider/openstack: Adding missing environment variables * provider/openstack: line spacing for provider options * provider/openstack: Making password sensitive * provider/openstack: Adding descriptions to provider options * provider/openstack: Clean up provider documentation * provider/openstack: clean up EndpointType check 2016-11-01 14:16:39 +01:00			`validEndpoint := false`
			`validEndpoints := []string{`
			`"internal", "internalURL",`
			`"admin", "adminURL",`
			`"public", "publicURL",`
			`"",`
			`}`

			`for _, endpoint := range validEndpoints {`
			`if c.EndpointType == endpoint {`
			`validEndpoint = true`
			`}`
			`}`
Enpoint type configuration for OpenStack provider Add the possibility to specify the endpoint type (public, admin, internal). The default remains the same (public). 2015-06-07 22:57:55 +02:00
provider/openstack: Openstack Provider Updates (#9725) * provider/openstack: Adding Identity v3 compatible environment variables * provider/openstack: Adding missing environment variables * provider/openstack: line spacing for provider options * provider/openstack: Making password sensitive * provider/openstack: Adding descriptions to provider options * provider/openstack: Clean up provider documentation * provider/openstack: clean up EndpointType check 2016-11-01 14:16:39 +01:00			`if !validEndpoint {`
Enpoint type configuration for OpenStack provider Add the possibility to specify the endpoint type (public, admin, internal). The default remains the same (public). 2015-06-07 22:57:55 +02:00			`return fmt.Errorf("Invalid endpoint type provided")`
			`}`

crud for openstack servers v2 2014-10-29 22:52:36 +01:00			`ao := gophercloud.AuthOptions{`
provider/openstack: Openstack Provider Updates (#9725) * provider/openstack: Adding Identity v3 compatible environment variables * provider/openstack: Adding missing environment variables * provider/openstack: line spacing for provider options * provider/openstack: Making password sensitive * provider/openstack: Adding descriptions to provider options * provider/openstack: Clean up provider documentation * provider/openstack: clean up EndpointType check 2016-11-01 14:16:39 +01:00			`DomainID: c.DomainID,`
			`DomainName: c.DomainName,`
crud for openstack servers v2 2014-10-29 22:52:36 +01:00			`IdentityEndpoint: c.IdentityEndpoint,`
provider/openstack: Openstack Provider Updates (#9725) * provider/openstack: Adding Identity v3 compatible environment variables * provider/openstack: Adding missing environment variables * provider/openstack: line spacing for provider options * provider/openstack: Making password sensitive * provider/openstack: Adding descriptions to provider options * provider/openstack: Clean up provider documentation * provider/openstack: clean up EndpointType check 2016-11-01 14:16:39 +01:00			`Password: c.Password,`
add options for openstack identity v3 2015-01-26 05:00:57 +01:00			`TenantID: c.TenantID,`
crud for neutron networks 2015-01-10 23:02:19 +01:00			`TenantName: c.TenantName,`
provider/openstack: Openstack Provider Updates (#9725) * provider/openstack: Adding Identity v3 compatible environment variables * provider/openstack: Adding missing environment variables * provider/openstack: line spacing for provider options * provider/openstack: Making password sensitive * provider/openstack: Adding descriptions to provider options * provider/openstack: Clean up provider documentation * provider/openstack: clean up EndpointType check 2016-11-01 14:16:39 +01:00			`TokenID: c.Token,`
			`Username: c.Username,`
			`UserID: c.UserID,`
crud for openstack servers v2 2014-10-29 22:52:36 +01:00			`}`

Allow to disable HTTPS certificate check 2015-04-15 14:58:01 +02:00			`client, err := openstack.NewClient(ao.IdentityEndpoint)`
			`if err != nil {`
			`return err`
			`}`

provider/openstack: Support client certificates Official OpenStack clients commonly support specifing a client certificate/key to enable SSL client authentication when communicating with OpenStack services. This patch enables such feature in Terraform with new parameters and environment variables: * 'cert' provider parameter or OS_CERT env variable to specify client certificate file, * 'key' provider parameter or OS_KEY env variable to specify client certificate private key file. 2016-04-21 11:39:49 +02:00			`config := &tls.Config{}`
Add optional cacert_file parameter to openstack provider Official OpenStack clients support specifing custom CA certificate file that should be used when communicating with OpenStack server. This patch adds similar behavior to Terraform OpenStack provider, by: - Using OS_CACERT environmental variable, if available - Using cacert_file provider parameter, if configured 2016-02-12 07:56:11 +01:00			`if c.CACertFile != "" {`
			`caCert, err := ioutil.ReadFile(c.CACertFile)`
			`if err != nil {`
			`return err`
			`}`

			`caCertPool := x509.NewCertPool()`
			`caCertPool.AppendCertsFromPEM(caCert)`
provider/openstack: Support client certificates Official OpenStack clients commonly support specifing a client certificate/key to enable SSL client authentication when communicating with OpenStack services. This patch enables such feature in Terraform with new parameters and environment variables: * 'cert' provider parameter or OS_CERT env variable to specify client certificate file, * 'key' provider parameter or OS_KEY env variable to specify client certificate private key file. 2016-04-21 11:39:49 +02:00			`config.RootCAs = caCertPool`
			`}`
provider/openstack: Openstack Provider Updates (#9725) * provider/openstack: Adding Identity v3 compatible environment variables * provider/openstack: Adding missing environment variables * provider/openstack: line spacing for provider options * provider/openstack: Making password sensitive * provider/openstack: Adding descriptions to provider options * provider/openstack: Clean up provider documentation * provider/openstack: clean up EndpointType check 2016-11-01 14:16:39 +01:00
provider/openstack: Support client certificates Official OpenStack clients commonly support specifing a client certificate/key to enable SSL client authentication when communicating with OpenStack services. This patch enables such feature in Terraform with new parameters and environment variables: * 'cert' provider parameter or OS_CERT env variable to specify client certificate file, * 'key' provider parameter or OS_KEY env variable to specify client certificate private key file. 2016-04-21 11:39:49 +02:00			`if c.Insecure {`
			`config.InsecureSkipVerify = true`
			`}`
Add optional cacert_file parameter to openstack provider Official OpenStack clients support specifing custom CA certificate file that should be used when communicating with OpenStack server. This patch adds similar behavior to Terraform OpenStack provider, by: - Using OS_CACERT environmental variable, if available - Using cacert_file provider parameter, if configured 2016-02-12 07:56:11 +01:00
provider/openstack: Support client certificates Official OpenStack clients commonly support specifing a client certificate/key to enable SSL client authentication when communicating with OpenStack services. This patch enables such feature in Terraform with new parameters and environment variables: * 'cert' provider parameter or OS_CERT env variable to specify client certificate file, * 'key' provider parameter or OS_KEY env variable to specify client certificate private key file. 2016-04-21 11:39:49 +02:00			`if c.ClientCertFile != "" && c.ClientKeyFile != "" {`
			`cert, err := tls.LoadX509KeyPair(c.ClientCertFile, c.ClientKeyFile)`
			`if err != nil {`
			`return err`
Add optional cacert_file parameter to openstack provider Official OpenStack clients support specifing custom CA certificate file that should be used when communicating with OpenStack server. This patch adds similar behavior to Terraform OpenStack provider, by: - Using OS_CACERT environmental variable, if available - Using cacert_file provider parameter, if configured 2016-02-12 07:56:11 +01:00			`}`

provider/openstack: Support client certificates Official OpenStack clients commonly support specifing a client certificate/key to enable SSL client authentication when communicating with OpenStack services. This patch enables such feature in Terraform with new parameters and environment variables: * 'cert' provider parameter or OS_CERT env variable to specify client certificate file, * 'key' provider parameter or OS_KEY env variable to specify client certificate private key file. 2016-04-21 11:39:49 +02:00			`config.Certificates = []tls.Certificate{cert}`
			`config.BuildNameToCertificate()`
Allow to disable HTTPS certificate check 2015-04-15 14:58:01 +02:00			`}`
provider/openstack: Openstack Provider Updates (#9725) * provider/openstack: Adding Identity v3 compatible environment variables * provider/openstack: Adding missing environment variables * provider/openstack: line spacing for provider options * provider/openstack: Making password sensitive * provider/openstack: Adding descriptions to provider options * provider/openstack: Clean up provider documentation * provider/openstack: clean up EndpointType check 2016-11-01 14:16:39 +01:00
Correct Proxy setting for openstack provider: issue 8735 2016-09-20 20:53:56 +02:00			`transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}`
provider/openstack: Support client certificates Official OpenStack clients commonly support specifing a client certificate/key to enable SSL client authentication when communicating with OpenStack services. This patch enables such feature in Terraform with new parameters and environment variables: * 'cert' provider parameter or OS_CERT env variable to specify client certificate file, * 'key' provider parameter or OS_KEY env variable to specify client certificate private key file. 2016-04-21 11:39:49 +02:00			`client.HTTPClient.Transport = transport`
Allow to disable HTTPS certificate check 2015-04-15 14:58:01 +02:00
provider/openstack: Add Swauth/Swift Authentication This commit adds the ability to authenticate with Swauth/Swift. This can be used in Swift-only environments that do not have a Keystone service for authentication. 2016-11-08 06:30:55 +01:00			`// If using Swift Authentication, there's no need to validate authentication normally.`
			`if !c.Swauth {`
			`err = openstack.Authenticate(client, ao)`
			`if err != nil {`
			`return err`
			`}`
crud for openstack servers v2 2014-10-29 22:52:36 +01:00			`}`

add options for openstack identity v3 2015-01-26 05:00:57 +01:00			`c.osClient = client`
crud for openstack servers v2 2014-10-29 22:52:36 +01:00
			`return nil`
			`}`
refactor service clients to *Config 2015-01-31 22:33:54 +01:00
add container and volume resources 2015-02-01 08:34:37 +01:00			`func (c Config) blockStorageV1Client(region string) (gophercloud.ServiceClient, error) {`
			`return openstack.NewBlockStorageV1(c.osClient, gophercloud.EndpointOpts{`
Enpoint type configuration for OpenStack provider Add the possibility to specify the endpoint type (public, admin, internal). The default remains the same (public). 2015-06-07 22:57:55 +02:00			`Region: region,`
			`Availability: c.getEndpointType(),`
provider/openstack openstack_blockstorage_volume_v2 resource This commit adds an openstack_blockstorage_volume_v2 resource. This resource is able to create volumes using the OpenStack Block Storage v2 API. 2016-05-16 22:37:58 +02:00			`})`
			`}`

			`func (c Config) blockStorageV2Client(region string) (gophercloud.ServiceClient, error) {`
			`return openstack.NewBlockStorageV2(c.osClient, gophercloud.EndpointOpts{`
			`Region: region,`
			`Availability: c.getEndpointType(),`
add container and volume resources 2015-02-01 08:34:37 +01:00			`})`
			`}`

refactor service clients to *Config 2015-01-31 22:33:54 +01:00			`func (c Config) computeV2Client(region string) (gophercloud.ServiceClient, error) {`
			`return openstack.NewComputeV2(c.osClient, gophercloud.EndpointOpts{`
Enpoint type configuration for OpenStack provider Add the possibility to specify the endpoint type (public, admin, internal). The default remains the same (public). 2015-06-07 22:57:55 +02:00			`Region: region,`
			`Availability: c.getEndpointType(),`
refactor service clients to *Config 2015-01-31 22:33:54 +01:00			`})`
			`}`

			`func (c Config) networkingV2Client(region string) (gophercloud.ServiceClient, error) {`
			`return openstack.NewNetworkV2(c.osClient, gophercloud.EndpointOpts{`
Enpoint type configuration for OpenStack provider Add the possibility to specify the endpoint type (public, admin, internal). The default remains the same (public). 2015-06-07 22:57:55 +02:00			`Region: region,`
			`Availability: c.getEndpointType(),`
refactor service clients to *Config 2015-01-31 22:33:54 +01:00			`})`
			`}`
object storage container v1 ops 2015-02-01 04:51:50 +01:00
			`func (c Config) objectStorageV1Client(region string) (gophercloud.ServiceClient, error) {`
provider/openstack: Add Swauth/Swift Authentication This commit adds the ability to authenticate with Swauth/Swift. This can be used in Swift-only environments that do not have a Keystone service for authentication. 2016-11-08 06:30:55 +01:00			`// If Swift Authentication is being used, return a swauth client.`
			`if c.Swauth {`
			`return swauth.NewObjectStorageV1(c.osClient, swauth.AuthOpts{`
			`User: c.Username,`
			`Key: c.Password,`
			`})`
			`}`

object storage container v1 ops 2015-02-01 04:51:50 +01:00			`return openstack.NewObjectStorageV1(c.osClient, gophercloud.EndpointOpts{`
Enpoint type configuration for OpenStack provider Add the possibility to specify the endpoint type (public, admin, internal). The default remains the same (public). 2015-06-07 22:57:55 +02:00			`Region: region,`
			`Availability: c.getEndpointType(),`
object storage container v1 ops 2015-02-01 04:51:50 +01:00			`})`
			`}`
Enpoint type configuration for OpenStack provider Add the possibility to specify the endpoint type (public, admin, internal). The default remains the same (public). 2015-06-07 22:57:55 +02:00
			`func (c *Config) getEndpointType() gophercloud.Availability {`
			`if c.EndpointType == "internal" \|\| c.EndpointType == "internalURL" {`
			`return gophercloud.AvailabilityInternal`
			`}`
			`if c.EndpointType == "admin" \|\| c.EndpointType == "adminURL" {`
			`return gophercloud.AvailabilityAdmin`
			`}`
			`return gophercloud.AvailabilityPublic`
			`}`