From 74189c52111a46a97d88a79fe7becb9892008e81 Mon Sep 17 00:00:00 2001 From: Joe Topjian Date: Tue, 8 Nov 2016 05:30:55 +0000 Subject: [PATCH] provider/openstack: Add Swauth/Swift Authentication This commit adds the ability to authenticate with Swauth/Swift. This can be used in Swift-only environments that do not have a Keystone service for authentication. --- builtin/providers/openstack/config.go | 19 ++++++++++++++++--- builtin/providers/openstack/provider.go | 11 +++++++++++ ...enstack_objectstorage_container_v1_test.go | 10 ++++------ .../providers/openstack/index.html.markdown | 7 +++++++ 4 files changed, 38 insertions(+), 9 deletions(-) diff --git a/builtin/providers/openstack/config.go b/builtin/providers/openstack/config.go index 98d638ce7b..860db0b5d6 100644 --- a/builtin/providers/openstack/config.go +++ b/builtin/providers/openstack/config.go @@ -9,6 +9,7 @@ import ( "github.com/gophercloud/gophercloud" "github.com/gophercloud/gophercloud/openstack" + "github.com/gophercloud/gophercloud/openstack/objectstorage/v1/swauth" ) type Config struct { @@ -21,6 +22,7 @@ type Config struct { IdentityEndpoint string Insecure bool Password string + Swauth bool TenantID string TenantName string Token string @@ -95,9 +97,12 @@ func (c *Config) loadAndValidate() error { transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config} client.HTTPClient.Transport = transport - err = openstack.Authenticate(client, ao) - if err != nil { - return err + // If using Swift Authentication, there's no need to validate authentication normally. + if !c.Swauth { + err = openstack.Authenticate(client, ao) + if err != nil { + return err + } } c.osClient = client @@ -134,6 +139,14 @@ func (c *Config) networkingV2Client(region string) (*gophercloud.ServiceClient, } func (c *Config) objectStorageV1Client(region string) (*gophercloud.ServiceClient, error) { + // If Swift Authentication is being used, return a swauth client. + if c.Swauth { + return swauth.NewObjectStorageV1(c.osClient, swauth.AuthOpts{ + User: c.Username, + Key: c.Password, + }) + } + return openstack.NewObjectStorageV1(c.osClient, gophercloud.EndpointOpts{ Region: region, Availability: c.getEndpointType(), diff --git a/builtin/providers/openstack/provider.go b/builtin/providers/openstack/provider.go index e6ef6e32f1..6e7434a94b 100644 --- a/builtin/providers/openstack/provider.go +++ b/builtin/providers/openstack/provider.go @@ -125,6 +125,13 @@ func Provider() terraform.ResourceProvider { DefaultFunc: schema.EnvDefaultFunc("OS_KEY", ""), Description: descriptions["key"], }, + + "swauth": &schema.Schema{ + Type: schema.TypeBool, + Optional: true, + DefaultFunc: schema.EnvDefaultFunc("OS_SWAUTH", ""), + Description: descriptions["swauth"], + }, }, ResourcesMap: map[string]*schema.Resource{ @@ -196,6 +203,9 @@ func init() { "cert": "A client certificate to authenticate with.", "key": "A client private key to authenticate with.", + + "swauth": "Use Swift's authentication system instead of Keystone. Only used for\n" + + "interaction with Swift.", } } @@ -210,6 +220,7 @@ func configureProvider(d *schema.ResourceData) (interface{}, error) { IdentityEndpoint: d.Get("auth_url").(string), Insecure: d.Get("insecure").(bool), Password: d.Get("password").(string), + Swauth: d.Get("swauth").(bool), Token: d.Get("token").(string), TenantID: d.Get("tenant_id").(string), TenantName: d.Get("tenant_name").(string), diff --git a/builtin/providers/openstack/resource_openstack_objectstorage_container_v1_test.go b/builtin/providers/openstack/resource_openstack_objectstorage_container_v1_test.go index 9047fa26ee..4e6ef693c7 100644 --- a/builtin/providers/openstack/resource_openstack_objectstorage_container_v1_test.go +++ b/builtin/providers/openstack/resource_openstack_objectstorage_container_v1_test.go @@ -56,22 +56,20 @@ func testAccCheckObjectStorageV1ContainerDestroy(s *terraform.State) error { var testAccObjectStorageV1Container_basic = fmt.Sprintf(` resource "openstack_objectstorage_container_v1" "container_1" { - region = "%s" name = "tf-test-container" metadata { test = "true" } content_type = "application/json" - }`, - OS_REGION_NAME) + } +`) var testAccObjectStorageV1Container_update = fmt.Sprintf(` resource "openstack_objectstorage_container_v1" "container_1" { - region = "%s" name = "tf-test-container" metadata { test = "true" } content_type = "text/plain" - }`, - OS_REGION_NAME) + } +`) diff --git a/website/source/docs/providers/openstack/index.html.markdown b/website/source/docs/providers/openstack/index.html.markdown index 9711cfbb2b..8ece031493 100644 --- a/website/source/docs/providers/openstack/index.html.markdown +++ b/website/source/docs/providers/openstack/index.html.markdown @@ -86,6 +86,13 @@ The following arguments are supported: service catalog. It can be set using the OS_ENDPOINT_TYPE environment variable. If not set, public endpoints is used. +* `swauth` - (Optional) Set to `true` to authenticate against Swauth, a + Swift-native authentication system. If omitted, the `OS_SWAUTH` environment + variable is used. You must also set `username` to the Swauth/Swift username + such as `username:project`. Set the `password` to the Swauth/Swift key. + Finally, set `auth_url` as the location of the Swift service. Note that this + will only work when used with the OpenStack Object Storage resources. + ## Rackspace Compatibility Using this OpenStack provider with Rackspace is not supported and not