provider/openstack: Openstack Provider Updates (#9725)
* provider/openstack: Adding Identity v3 compatible environment variables * provider/openstack: Adding missing environment variables * provider/openstack: line spacing for provider options * provider/openstack: Making password sensitive * provider/openstack: Adding descriptions to provider options * provider/openstack: Clean up provider documentation * provider/openstack: clean up EndpointType check
This commit is contained in:
parent
9b2b21b583
commit
266b5ab598
|
@ -12,43 +12,53 @@ import (
|
|||
)
|
||||
|
||||
type Config struct {
|
||||
Username string
|
||||
UserID string
|
||||
Password string
|
||||
Token string
|
||||
IdentityEndpoint string
|
||||
TenantID string
|
||||
TenantName string
|
||||
DomainID string
|
||||
DomainName string
|
||||
Insecure bool
|
||||
EndpointType string
|
||||
CACertFile string
|
||||
ClientCertFile string
|
||||
ClientKeyFile string
|
||||
DomainID string
|
||||
DomainName string
|
||||
EndpointType string
|
||||
IdentityEndpoint string
|
||||
Insecure bool
|
||||
Password string
|
||||
TenantID string
|
||||
TenantName string
|
||||
Token string
|
||||
Username string
|
||||
UserID string
|
||||
|
||||
osClient *gophercloud.ProviderClient
|
||||
}
|
||||
|
||||
func (c *Config) loadAndValidate() error {
|
||||
validEndpoint := false
|
||||
validEndpoints := []string{
|
||||
"internal", "internalURL",
|
||||
"admin", "adminURL",
|
||||
"public", "publicURL",
|
||||
"",
|
||||
}
|
||||
|
||||
if c.EndpointType != "internal" && c.EndpointType != "internalURL" &&
|
||||
c.EndpointType != "admin" && c.EndpointType != "adminURL" &&
|
||||
c.EndpointType != "public" && c.EndpointType != "publicURL" &&
|
||||
c.EndpointType != "" {
|
||||
for _, endpoint := range validEndpoints {
|
||||
if c.EndpointType == endpoint {
|
||||
validEndpoint = true
|
||||
}
|
||||
}
|
||||
|
||||
if !validEndpoint {
|
||||
return fmt.Errorf("Invalid endpoint type provided")
|
||||
}
|
||||
|
||||
ao := gophercloud.AuthOptions{
|
||||
Username: c.Username,
|
||||
UserID: c.UserID,
|
||||
Password: c.Password,
|
||||
TokenID: c.Token,
|
||||
IdentityEndpoint: c.IdentityEndpoint,
|
||||
TenantID: c.TenantID,
|
||||
TenantName: c.TenantName,
|
||||
DomainID: c.DomainID,
|
||||
DomainName: c.DomainName,
|
||||
IdentityEndpoint: c.IdentityEndpoint,
|
||||
Password: c.Password,
|
||||
TenantID: c.TenantID,
|
||||
TenantName: c.TenantName,
|
||||
TokenID: c.Token,
|
||||
Username: c.Username,
|
||||
UserID: c.UserID,
|
||||
}
|
||||
|
||||
client, err := openstack.NewClient(ao.IdentityEndpoint)
|
||||
|
@ -58,7 +68,6 @@ func (c *Config) loadAndValidate() error {
|
|||
|
||||
config := &tls.Config{}
|
||||
if c.CACertFile != "" {
|
||||
|
||||
caCert, err := ioutil.ReadFile(c.CACertFile)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -68,6 +77,7 @@ func (c *Config) loadAndValidate() error {
|
|||
caCertPool.AppendCertsFromPEM(caCert)
|
||||
config.RootCAs = caCertPool
|
||||
}
|
||||
|
||||
if c.Insecure {
|
||||
config.InsecureSkipVerify = true
|
||||
}
|
||||
|
@ -81,6 +91,7 @@ func (c *Config) loadAndValidate() error {
|
|||
config.Certificates = []tls.Certificate{cert}
|
||||
config.BuildNameToCertificate()
|
||||
}
|
||||
|
||||
transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}
|
||||
client.HTTPClient.Transport = transport
|
||||
|
||||
|
|
|
@ -17,71 +17,113 @@ func Provider() terraform.ResourceProvider {
|
|||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_AUTH_URL", nil),
|
||||
Description: descriptions["auth_url"],
|
||||
},
|
||||
|
||||
"user_name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_USERNAME", ""),
|
||||
Description: descriptions["user_name"],
|
||||
},
|
||||
|
||||
"user_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "",
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_USER_ID", ""),
|
||||
Description: descriptions["user_name"],
|
||||
},
|
||||
|
||||
"tenant_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "",
|
||||
DefaultFunc: schema.MultiEnvDefaultFunc([]string{
|
||||
"OS_TENANT_ID",
|
||||
"OS_PROJECT_ID",
|
||||
}, ""),
|
||||
Description: descriptions["tenant_id"],
|
||||
},
|
||||
|
||||
"tenant_name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_TENANT_NAME", nil),
|
||||
DefaultFunc: schema.MultiEnvDefaultFunc([]string{
|
||||
"OS_TENANT_NAME",
|
||||
"OS_PROJECT_NAME",
|
||||
}, ""),
|
||||
Description: descriptions["tenant_name"],
|
||||
},
|
||||
|
||||
"password": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Sensitive: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_PASSWORD", ""),
|
||||
Description: descriptions["password"],
|
||||
},
|
||||
|
||||
"token": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_AUTH_TOKEN", ""),
|
||||
Description: descriptions["token"],
|
||||
},
|
||||
|
||||
"domain_id": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_DOMAIN_ID", ""),
|
||||
DefaultFunc: schema.MultiEnvDefaultFunc([]string{
|
||||
"OS_USER_DOMAIN_ID",
|
||||
"OS_PROJECT_DOMAIN_ID",
|
||||
"OS_DOMAIN_ID",
|
||||
}, ""),
|
||||
Description: descriptions["domain_id"],
|
||||
},
|
||||
|
||||
"domain_name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_DOMAIN_NAME", ""),
|
||||
DefaultFunc: schema.MultiEnvDefaultFunc([]string{
|
||||
"OS_USER_DOMAIN_NAME",
|
||||
"OS_PROJECT_DOMAIN_NAME",
|
||||
"OS_DOMAIN_NAME",
|
||||
"OS_DEFAULT_DOMAIN",
|
||||
}, ""),
|
||||
Description: descriptions["domain_name"],
|
||||
},
|
||||
|
||||
"insecure": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
Default: false,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_INSECURE", ""),
|
||||
Description: descriptions["insecure"],
|
||||
},
|
||||
|
||||
"endpoint_type": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_ENDPOINT_TYPE", ""),
|
||||
},
|
||||
|
||||
"cacert_file": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_CACERT", ""),
|
||||
Description: descriptions["cacert_file"],
|
||||
},
|
||||
|
||||
"cert": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_CERT", ""),
|
||||
Description: descriptions["cert"],
|
||||
},
|
||||
|
||||
"key": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_KEY", ""),
|
||||
Description: descriptions["key"],
|
||||
},
|
||||
},
|
||||
|
||||
|
@ -121,22 +163,58 @@ func Provider() terraform.ResourceProvider {
|
|||
}
|
||||
}
|
||||
|
||||
var descriptions map[string]string
|
||||
|
||||
func init() {
|
||||
descriptions = map[string]string{
|
||||
"auth_url": "The Identity authentication URL.",
|
||||
|
||||
"user_name": "Username to login with.",
|
||||
|
||||
"user_id": "User ID to login with.",
|
||||
|
||||
"tenant_id": "The ID of the Tenant (Identity v2) or Project (Identity v3)\n" +
|
||||
"to login with.",
|
||||
|
||||
"tenant_name": "The name of the Tenant (Identity v2) or Project (Identity v3)\n" +
|
||||
"to login with.",
|
||||
|
||||
"password": "Password to login with.",
|
||||
|
||||
"token": "Authentication token to use as an alternative to username/password.",
|
||||
|
||||
"domain_id": "The ID of the Domain to scope to (Identity v3).",
|
||||
|
||||
"domain_name": "The name of the Domain to scope to (Identity v3).",
|
||||
|
||||
"insecure": "Trust self-signed certificates.",
|
||||
|
||||
"cacert_file": "A Custom CA certificate.",
|
||||
|
||||
"endpoint_type": "The catalog endpoint type to use.",
|
||||
|
||||
"cert": "A client certificate to authenticate with.",
|
||||
|
||||
"key": "A client private key to authenticate with.",
|
||||
}
|
||||
}
|
||||
|
||||
func configureProvider(d *schema.ResourceData) (interface{}, error) {
|
||||
config := Config{
|
||||
CACertFile: d.Get("cacert_file").(string),
|
||||
ClientCertFile: d.Get("cert").(string),
|
||||
ClientKeyFile: d.Get("key").(string),
|
||||
DomainID: d.Get("domain_id").(string),
|
||||
DomainName: d.Get("domain_name").(string),
|
||||
EndpointType: d.Get("endpoint_type").(string),
|
||||
IdentityEndpoint: d.Get("auth_url").(string),
|
||||
Username: d.Get("user_name").(string),
|
||||
UserID: d.Get("user_id").(string),
|
||||
Insecure: d.Get("insecure").(bool),
|
||||
Password: d.Get("password").(string),
|
||||
Token: d.Get("token").(string),
|
||||
TenantID: d.Get("tenant_id").(string),
|
||||
TenantName: d.Get("tenant_name").(string),
|
||||
DomainID: d.Get("domain_id").(string),
|
||||
DomainName: d.Get("domain_name").(string),
|
||||
Insecure: d.Get("insecure").(bool),
|
||||
EndpointType: d.Get("endpoint_type").(string),
|
||||
CACertFile: d.Get("cacert_file").(string),
|
||||
ClientCertFile: d.Get("cert").(string),
|
||||
ClientKeyFile: d.Get("key").(string),
|
||||
Username: d.Get("user_name").(string),
|
||||
UserID: d.Get("user_id").(string),
|
||||
}
|
||||
|
||||
if err := config.loadAndValidate(); err != nil {
|
||||
|
|
|
@ -35,37 +35,43 @@ resource "openstack_compute_instance_v2" "test-server" {
|
|||
|
||||
The following arguments are supported:
|
||||
|
||||
* `auth_url` - (Required) If omitted, the `OS_AUTH_URL` environment
|
||||
variable is used.
|
||||
* `auth_url` - (Required) The Identity authentication URL. If omitted, the
|
||||
`OS_AUTH_URL` environment variable is used.
|
||||
|
||||
* `user_name` - (Optional; Required for Identity V2) If omitted, the
|
||||
* `user_name` - (Optional) The Username to login with. If omitted, the
|
||||
`OS_USERNAME` environment variable is used.
|
||||
|
||||
* `user_id` - (Optional)
|
||||
* `user_id` - (Optional) The User ID to login with. If omitted, the
|
||||
`OS_USER_ID` environment variable is used.
|
||||
|
||||
* `password` - (Optional; Required if not using `api_key`) If omitted, the
|
||||
* `tenant_id` - (Optional) The ID of the Tenant (Identity v2) or Project
|
||||
(Identity v3) to login with. If omitted, the `OS_TENANT_ID` or
|
||||
`OS_PROJECT_ID` environment variables are used.
|
||||
|
||||
* `tenant_name` - (Optional) The Name of the Tenant (Identity v2) or Project
|
||||
(Identity v3) to login with. If omitted, the `OS_TENANT_NAME` or
|
||||
`OS_PROJECT_NAME` environment variable are used.
|
||||
|
||||
* `password` - (Optional) The Password to login with. If omitted, the
|
||||
`OS_PASSWORD` environment variable is used.
|
||||
|
||||
* `token` - (Optional; Required if not using `user_name` and `password`)
|
||||
A token is an expiring, temporary means of access issued via the
|
||||
Keystone service. By specifying a token, you do not have to
|
||||
specify a username/password combination, since the token was
|
||||
already created by a username/password out of band of Terraform.
|
||||
If omitted, the `OS_AUTH_TOKEN` environment variable is used.
|
||||
A token is an expiring, temporary means of access issued via the Keystone
|
||||
service. By specifying a token, you do not have to specify a username/password
|
||||
combination, since the token was already created by a username/password out of
|
||||
band of Terraform. If omitted, the `OS_AUTH_TOKEN` environment variable is used.
|
||||
|
||||
* `domain_id` - (Optional) If omitted, the `OS_DOMAIN_ID` environment
|
||||
variable is used.
|
||||
* `domain_id` - (Optional) The ID of the Domain to scope to (Identity v3). If
|
||||
If omitted, the following environment variables are checked (in this order):
|
||||
`OS_USER_DOMAIN_ID`, `OS_PROJECT_DOMAIN_ID`, `OS_DOMAIN_ID`.
|
||||
|
||||
* `domain_name` - (Optional) If omitted, the `OS_DOMAIN_NAME`
|
||||
environment variable is used.
|
||||
* `domain_name` - (Optional) The Name of the Domain to scope to (Identity v3).
|
||||
If omitted, the following environment variables are checked (in this order):
|
||||
`OS_USER_DOMAIN_NAME`, `OS_PROJECT_DOMAIN_NAME`, `OS_DOMAIN_NAME`,
|
||||
`DEFAULT_DOMAIN`.
|
||||
|
||||
* `tenant_id` - (Optional)
|
||||
|
||||
* `tenant_name` - (Optional) If omitted, the `OS_TENANT_NAME` environment
|
||||
variable is used.
|
||||
|
||||
* `insecure` - (Optional) Explicitly allow the provider to perform
|
||||
"insecure" SSL requests. If omitted, default value is `false`
|
||||
* `insecure` - (Optional) Trust self-signed SSL certificates. If omitted, the
|
||||
`OS_INSECURE` environment variable is used.
|
||||
|
||||
* `cacert_file` - (Optional) Specify a custom CA certificate when communicating
|
||||
over SSL. If omitted, the `OS_CACERT` environment variable is used.
|
||||
|
|
Loading…
Reference in New Issue