provider/openstack: Add Swauth/Swift Authentication
This commit adds the ability to authenticate with Swauth/Swift. This can be used in Swift-only environments that do not have a Keystone service for authentication.
This commit is contained in:
parent
f0a5deae83
commit
74189c5211
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
"github.com/gophercloud/gophercloud"
|
||||
"github.com/gophercloud/gophercloud/openstack"
|
||||
"github.com/gophercloud/gophercloud/openstack/objectstorage/v1/swauth"
|
||||
)
|
||||
|
||||
type Config struct {
|
||||
|
@ -21,6 +22,7 @@ type Config struct {
|
|||
IdentityEndpoint string
|
||||
Insecure bool
|
||||
Password string
|
||||
Swauth bool
|
||||
TenantID string
|
||||
TenantName string
|
||||
Token string
|
||||
|
@ -95,9 +97,12 @@ func (c *Config) loadAndValidate() error {
|
|||
transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}
|
||||
client.HTTPClient.Transport = transport
|
||||
|
||||
err = openstack.Authenticate(client, ao)
|
||||
if err != nil {
|
||||
return err
|
||||
// If using Swift Authentication, there's no need to validate authentication normally.
|
||||
if !c.Swauth {
|
||||
err = openstack.Authenticate(client, ao)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
c.osClient = client
|
||||
|
@ -134,6 +139,14 @@ func (c *Config) networkingV2Client(region string) (*gophercloud.ServiceClient,
|
|||
}
|
||||
|
||||
func (c *Config) objectStorageV1Client(region string) (*gophercloud.ServiceClient, error) {
|
||||
// If Swift Authentication is being used, return a swauth client.
|
||||
if c.Swauth {
|
||||
return swauth.NewObjectStorageV1(c.osClient, swauth.AuthOpts{
|
||||
User: c.Username,
|
||||
Key: c.Password,
|
||||
})
|
||||
}
|
||||
|
||||
return openstack.NewObjectStorageV1(c.osClient, gophercloud.EndpointOpts{
|
||||
Region: region,
|
||||
Availability: c.getEndpointType(),
|
||||
|
|
|
@ -125,6 +125,13 @@ func Provider() terraform.ResourceProvider {
|
|||
DefaultFunc: schema.EnvDefaultFunc("OS_KEY", ""),
|
||||
Description: descriptions["key"],
|
||||
},
|
||||
|
||||
"swauth": &schema.Schema{
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
DefaultFunc: schema.EnvDefaultFunc("OS_SWAUTH", ""),
|
||||
Description: descriptions["swauth"],
|
||||
},
|
||||
},
|
||||
|
||||
ResourcesMap: map[string]*schema.Resource{
|
||||
|
@ -196,6 +203,9 @@ func init() {
|
|||
"cert": "A client certificate to authenticate with.",
|
||||
|
||||
"key": "A client private key to authenticate with.",
|
||||
|
||||
"swauth": "Use Swift's authentication system instead of Keystone. Only used for\n" +
|
||||
"interaction with Swift.",
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -210,6 +220,7 @@ func configureProvider(d *schema.ResourceData) (interface{}, error) {
|
|||
IdentityEndpoint: d.Get("auth_url").(string),
|
||||
Insecure: d.Get("insecure").(bool),
|
||||
Password: d.Get("password").(string),
|
||||
Swauth: d.Get("swauth").(bool),
|
||||
Token: d.Get("token").(string),
|
||||
TenantID: d.Get("tenant_id").(string),
|
||||
TenantName: d.Get("tenant_name").(string),
|
||||
|
|
|
@ -56,22 +56,20 @@ func testAccCheckObjectStorageV1ContainerDestroy(s *terraform.State) error {
|
|||
|
||||
var testAccObjectStorageV1Container_basic = fmt.Sprintf(`
|
||||
resource "openstack_objectstorage_container_v1" "container_1" {
|
||||
region = "%s"
|
||||
name = "tf-test-container"
|
||||
metadata {
|
||||
test = "true"
|
||||
}
|
||||
content_type = "application/json"
|
||||
}`,
|
||||
OS_REGION_NAME)
|
||||
}
|
||||
`)
|
||||
|
||||
var testAccObjectStorageV1Container_update = fmt.Sprintf(`
|
||||
resource "openstack_objectstorage_container_v1" "container_1" {
|
||||
region = "%s"
|
||||
name = "tf-test-container"
|
||||
metadata {
|
||||
test = "true"
|
||||
}
|
||||
content_type = "text/plain"
|
||||
}`,
|
||||
OS_REGION_NAME)
|
||||
}
|
||||
`)
|
||||
|
|
|
@ -86,6 +86,13 @@ The following arguments are supported:
|
|||
service catalog. It can be set using the OS_ENDPOINT_TYPE environment
|
||||
variable. If not set, public endpoints is used.
|
||||
|
||||
* `swauth` - (Optional) Set to `true` to authenticate against Swauth, a
|
||||
Swift-native authentication system. If omitted, the `OS_SWAUTH` environment
|
||||
variable is used. You must also set `username` to the Swauth/Swift username
|
||||
such as `username:project`. Set the `password` to the Swauth/Swift key.
|
||||
Finally, set `auth_url` as the location of the Swift service. Note that this
|
||||
will only work when used with the OpenStack Object Storage resources.
|
||||
|
||||
## Rackspace Compatibility
|
||||
|
||||
Using this OpenStack provider with Rackspace is not supported and not
|
||||
|
|
Loading…
Reference in New Issue