func newCredentials(spec environs.CloudSpec) (identity.Credentials, identity.AuthMode) {
credAttrs := spec.Credential.Attributes()
cred := identity.Credentials{
Region: spec.Region,
URL: spec.Endpoint,
TenantName: credAttrs[CredAttrTenantName],
}
// AuthType is validated when the environment is opened, so it's known
// to be one of these values.
var authMode identity.AuthMode
switch spec.Credential.AuthType() {
case cloud.UserPassAuthType:
// TODO(axw) we need a way of saying to use legacy auth.
cred.User = credAttrs[CredAttrUserName]
cred.Secrets = credAttrs[CredAttrPassword]
cred.DomainName = credAttrs[CredAttrDomainName]
authMode = identity.AuthUserPass
if cred.DomainName != "" {
authMode = identity.AuthUserPassV3
}
case cloud.AccessKeyAuthType:
cred.User = credAttrs[CredAttrAccessKey]
cred.Secrets = credAttrs[CredAttrSecretKey]
authMode = identity.AuthKeyPair
}
return cred, authMode
}