provider/openstack: Add Swauth/Swift Authentication

This commit adds the ability to authenticate with Swauth/Swift. This can be used in Swift-only environments that do not have a Keystone service for authentication.
2016-11-08 05:30:55 +00:00 · 2016-11-08 05:30:55 +00:00 · 74189c5211
parent f0a5deae83
commit 74189c5211
4 changed files with 38 additions and 9 deletions
--- a/builtin/providers/openstack/config.go
+++ b/builtin/providers/openstack/config.go
@ -9,6 +9,7 @@ import (

 	"github.com/gophercloud/gophercloud"
 	"github.com/gophercloud/gophercloud/openstack"
+	"github.com/gophercloud/gophercloud/openstack/objectstorage/v1/swauth"
 )

 type Config struct {
@ -21,6 +22,7 @@ type Config struct {
 	IdentityEndpoint string
 	Insecure         bool
 	Password         string
+	Swauth           bool
 	TenantID         string
 	TenantName       string
 	Token            string
@ -95,9 +97,12 @@ func (c *Config) loadAndValidate() error {
 	transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}
 	client.HTTPClient.Transport = transport

-	err = openstack.Authenticate(client, ao)
-	if err != nil {
-		return err
+	// If using Swift Authentication, there's no need to validate authentication normally.
+	if !c.Swauth {
+		err = openstack.Authenticate(client, ao)
+		if err != nil {
+			return err
+		}
 	}

 	c.osClient = client
@ -134,6 +139,14 @@ func (c *Config) networkingV2Client(region string) (*gophercloud.ServiceClient,
 }

 func (c *Config) objectStorageV1Client(region string) (*gophercloud.ServiceClient, error) {
+	// If Swift Authentication is being used, return a swauth client.
+	if c.Swauth {
+		return swauth.NewObjectStorageV1(c.osClient, swauth.AuthOpts{
+			User: c.Username,
+			Key:  c.Password,
+		})
+	}
+
 	return openstack.NewObjectStorageV1(c.osClient, gophercloud.EndpointOpts{
 		Region:       region,
 		Availability: c.getEndpointType(),
--- a/builtin/providers/openstack/provider.go
+++ b/builtin/providers/openstack/provider.go
@ -125,6 +125,13 @@ func Provider() terraform.ResourceProvider {
 				DefaultFunc: schema.EnvDefaultFunc("OS_KEY", ""),
 				Description: descriptions["key"],
 			},
+
+			"swauth": &schema.Schema{
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OS_SWAUTH", ""),
+				Description: descriptions["swauth"],
+			},
 		},

 		ResourcesMap: map[string]*schema.Resource{
@ -196,6 +203,9 @@ func init() {
 		"cert": "A client certificate to authenticate with.",

 		"key": "A client private key to authenticate with.",
+
+		"swauth": "Use Swift's authentication system instead of Keystone. Only used for\n" +
+			"interaction with Swift.",
 	}
 }

@ -210,6 +220,7 @@ func configureProvider(d *schema.ResourceData) (interface{}, error) {
 		IdentityEndpoint: d.Get("auth_url").(string),
 		Insecure:         d.Get("insecure").(bool),
 		Password:         d.Get("password").(string),
+		Swauth:           d.Get("swauth").(bool),
 		Token:            d.Get("token").(string),
 		TenantID:         d.Get("tenant_id").(string),
 		TenantName:       d.Get("tenant_name").(string),
--- a/builtin/providers/openstack/resource_openstack_objectstorage_container_v1_test.go
+++ b/builtin/providers/openstack/resource_openstack_objectstorage_container_v1_test.go
@ -56,22 +56,20 @@ func testAccCheckObjectStorageV1ContainerDestroy(s *terraform.State) error {

 var testAccObjectStorageV1Container_basic = fmt.Sprintf(`
 	resource "openstack_objectstorage_container_v1" "container_1" {
-		region = "%s"
 		name = "tf-test-container"
 		metadata {
 			test = "true"
 		}
 		content_type = "application/json"
-	}`,
-	OS_REGION_NAME)
+	}
+`)

 var testAccObjectStorageV1Container_update = fmt.Sprintf(`
 	resource "openstack_objectstorage_container_v1" "container_1" {
-		region = "%s"
 		name = "tf-test-container"
 		metadata {
 			test = "true"
 		}
 		content_type = "text/plain"
-	}`,
-	OS_REGION_NAME)
+	}
+`)
--- a/website/source/docs/providers/openstack/index.html.markdown
+++ b/website/source/docs/providers/openstack/index.html.markdown
@ -86,6 +86,13 @@ The following arguments are supported:
  service catalog. It can be set using the OS_ENDPOINT_TYPE environment
  variable. If not set, public endpoints is used.

+* `swauth` - (Optional) Set to `true` to authenticate against Swauth, a
+  Swift-native authentication system. If omitted, the `OS_SWAUTH` environment
+  variable is used. You must also set `username` to the Swauth/Swift username
+  such as `username:project`. Set the `password` to the Swauth/Swift key.
+  Finally, set `auth_url` as the location of the Swift service. Note that this
+  will only work when used with the OpenStack Object Storage resources.
+
 ## Rackspace Compatibility

 Using this OpenStack provider with Rackspace is not supported and not