func (b *KeystoneAuthenticationBackend) Authenticate(username string, password string) (string, error) {
opts := gophercloud.AuthOptions{
IdentityEndpoint: b.AuthURL,
Username: username,
Password: password,
TenantName: b.Tenant,
}
provider, err := openstack.NewClient(b.AuthURL)
if err != nil {
return "", err
}
if err := openstack.Authenticate(provider, opts); err != nil {
return "", err
}
return provider.TokenID, nil
}
func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error {
if c.EndpointType != "internal" && c.EndpointType != "internalURL" &&
c.EndpointType != "admin" && c.EndpointType != "adminURL" &&
c.EndpointType != "public" && c.EndpointType != "publicURL" &&
c.EndpointType != "" {
return []error{fmt.Errorf("Invalid endpoint type provided")}
}
if c.Region == "" {
c.Region = os.Getenv("OS_REGION_NAME")
}
// Legacy RackSpace stuff. We're keeping this around to keep things BC.
if c.Password == "" {
c.Password = os.Getenv("SDK_PASSWORD")
}
if c.Region == "" {
c.Region = os.Getenv("SDK_REGION")
}
if c.TenantName == "" {
c.TenantName = os.Getenv("SDK_PROJECT")
}
if c.Username == "" {
c.Username = os.Getenv("SDK_USERNAME")
}
// Get as much as possible from the end
ao, _ := openstack.AuthOptionsFromEnv()
// Make sure we reauth as needed
ao.AllowReauth = true
// Override values if we have them in our config
overrides := []struct {
From, To *string
}{
{&c.Username, &ao.Username},
{&c.UserID, &ao.UserID},
{&c.Password, &ao.Password},
{&c.IdentityEndpoint, &ao.IdentityEndpoint},
{&c.TenantID, &ao.TenantID},
{&c.TenantName, &ao.TenantName},
{&c.DomainID, &ao.DomainID},
{&c.DomainName, &ao.DomainName},
}
for _, s := range overrides {
if *s.From != "" {
*s.To = *s.From
}
}
// Build the client itself
client, err := openstack.NewClient(ao.IdentityEndpoint)
if err != nil {
return []error{err}
}
// If we have insecure set, then create a custom HTTP client that
// ignores SSL errors.
if c.Insecure {
config := &tls.Config{InsecureSkipVerify: true}
transport := &http.Transport{TLSClientConfig: config}
client.HTTPClient.Transport = transport
}
// Auth
err = openstack.Authenticate(client, ao)
if err != nil {
return []error{err}
}
c.osClient = client
return nil
}
func (c *SwiftClient) validateConfig(conf map[string]string) (err error) {
authUrl, ok := conf["auth_url"]
if !ok {
authUrl = os.Getenv("OS_AUTH_URL")
if authUrl == "" {
return fmt.Errorf("missing 'auth_url' configuration or OS_AUTH_URL environment variable")
}
}
c.authurl = authUrl
username, ok := conf["user_name"]
if !ok {
username = os.Getenv("OS_USERNAME")
}
c.username = username
userID, ok := conf["user_id"]
if !ok {
userID = os.Getenv("OS_USER_ID")
}
c.userid = userID
token, ok := conf["token"]
if !ok {
token = os.Getenv("OS_AUTH_TOKEN")
}
c.token = token
password, ok := conf["password"]
if !ok {
password = os.Getenv("OS_PASSWORD")
}
c.password = password
if password == "" && token == "" {
return fmt.Errorf("missing either password or token configuration or OS_PASSWORD or OS_AUTH_TOKEN environment variable")
}
region, ok := conf["region_name"]
if !ok {
region = os.Getenv("OS_REGION_NAME")
}
c.region = region
tenantID, ok := conf["tenant_id"]
if !ok {
tenantID = multiEnv([]string{
"OS_TENANT_ID",
"OS_PROJECT_ID",
})
}
c.tenantid = tenantID
tenantName, ok := conf["tenant_name"]
if !ok {
tenantName = multiEnv([]string{
"OS_TENANT_NAME",
"OS_PROJECT_NAME",
})
}
c.tenantname = tenantName
domainID, ok := conf["domain_id"]
if !ok {
domainID = multiEnv([]string{
"OS_USER_DOMAIN_ID",
"OS_PROJECT_DOMAIN_ID",
"OS_DOMAIN_ID",
})
}
c.domainid = domainID
domainName, ok := conf["domain_name"]
if !ok {
domainName = multiEnv([]string{
"OS_USER_DOMAIN_NAME",
"OS_PROJECT_DOMAIN_NAME",
"OS_DOMAIN_NAME",
"DEFAULT_DOMAIN",
})
}
c.domainname = domainName
path, ok := conf["path"]
if !ok || path == "" {
return fmt.Errorf("missing 'path' configuration")
}
c.path = path
if archivepath, ok := conf["archive_path"]; ok {
log.Printf("[DEBUG] Archivepath set, enabling object versioning")
c.archive = true
c.archivepath = archivepath
}
if expire, ok := conf["expire_after"]; ok {
log.Printf("[DEBUG] Requested that remote state expires after %s", expire)
if strings.HasSuffix(expire, "d") {
log.Printf("[DEBUG] Got a days expire after duration. Converting to hours")
days, err := strconv.Atoi(expire[:len(expire)-1])
if err != nil {
return fmt.Errorf("Error converting expire_after value %s to int: %s", expire, err)
}
expire = fmt.Sprintf("%dh", days*24)
log.Printf("[DEBUG] Expire after %s hours", expire)
}
expireDur, err := time.ParseDuration(expire)
if err != nil {
log.Printf("[DEBUG] Error parsing duration %s: %s", expire, err)
return fmt.Errorf("Error parsing expire_after duration '%s': %s", expire, err)
}
log.Printf("[DEBUG] Seconds duration = %d", int(expireDur.Seconds()))
c.expireSecs = int(expireDur.Seconds())
}
c.insecure = false
raw, ok := conf["insecure"]
if !ok {
raw = os.Getenv("OS_INSECURE")
}
if raw != "" {
v, err := strconv.ParseBool(raw)
if err != nil {
return fmt.Errorf("'insecure' and 'OS_INSECURE' could not be parsed as bool: %s", err)
}
c.insecure = v
}
cacertFile, ok := conf["cacert_file"]
if !ok {
cacertFile = os.Getenv("OS_CACERT")
}
c.cacert = cacertFile
cert, ok := conf["cert"]
if !ok {
cert = os.Getenv("OS_CERT")
}
c.cert = cert
key, ok := conf["key"]
if !ok {
key = os.Getenv("OS_KEY")
}
c.key = key
ao := gophercloud.AuthOptions{
IdentityEndpoint: c.authurl,
UserID: c.userid,
Username: c.username,
TenantID: c.tenantid,
TenantName: c.tenantname,
Password: c.password,
TokenID: c.token,
DomainID: c.domainid,
DomainName: c.domainname,
}
provider, err := openstack.NewClient(ao.IdentityEndpoint)
if err != nil {
return err
}
config := &tls.Config{}
if c.cacert != "" {
caCert, err := ioutil.ReadFile(c.cacert)
if err != nil {
return err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
config.RootCAs = caCertPool
}
if c.insecure {
log.Printf("[DEBUG] Insecure mode set")
config.InsecureSkipVerify = true
}
if c.cert != "" && c.key != "" {
cert, err := tls.LoadX509KeyPair(c.cert, c.key)
if err != nil {
return err
}
config.Certificates = []tls.Certificate{cert}
config.BuildNameToCertificate()
}
transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}
provider.HTTPClient.Transport = transport
err = openstack.Authenticate(provider, ao)
if err != nil {
return err
}
c.client, err = openstack.NewObjectStorageV1(provider, gophercloud.EndpointOpts{
Region: c.region,
})
return err
}
func (c *Config) loadAndValidate() error {
if c.EndpointType != "internal" && c.EndpointType != "internalURL" &&
c.EndpointType != "admin" && c.EndpointType != "adminURL" &&
c.EndpointType != "public" && c.EndpointType != "publicURL" &&
c.EndpointType != "" {
return fmt.Errorf("Invalid endpoint type provided")
}
ao := gophercloud.AuthOptions{
Username: c.Username,
UserID: c.UserID,
Password: c.Password,
TokenID: c.Token,
IdentityEndpoint: c.IdentityEndpoint,
TenantID: c.TenantID,
TenantName: c.TenantName,
DomainID: c.DomainID,
DomainName: c.DomainName,
}
client, err := openstack.NewClient(ao.IdentityEndpoint)
if err != nil {
return err
}
config := &tls.Config{}
if c.CACertFile != "" {
caCert, err := ioutil.ReadFile(c.CACertFile)
if err != nil {
return err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
config.RootCAs = caCertPool
}
if c.Insecure {
config.InsecureSkipVerify = true
}
if c.ClientCertFile != "" && c.ClientKeyFile != "" {
cert, err := tls.LoadX509KeyPair(c.ClientCertFile, c.ClientKeyFile)
if err != nil {
return err
}
config.Certificates = []tls.Certificate{cert}
config.BuildNameToCertificate()
}
transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}
client.HTTPClient.Transport = transport
err = openstack.Authenticate(client, ao)
if err != nil {
return err
}
c.osClient = client
return nil
}
func (c *SwiftClient) validateConfig(conf map[string]string) (err error) {
authUrl, ok := conf["auth_url"]
if !ok {
authUrl = os.Getenv("OS_AUTH_URL")
if authUrl == "" {
return fmt.Errorf("missing 'auth_url' configuration or OS_AUTH_URL environment variable")
}
}
c.authurl = authUrl
username, ok := conf["user_name"]
if !ok {
username = os.Getenv("OS_USERNAME")
}
c.username = username
userID, ok := conf["user_id"]
if !ok {
userID = os.Getenv("OS_USER_ID")
}
c.userid = userID
password, ok := conf["password"]
if !ok {
password = os.Getenv("OS_PASSWORD")
if password == "" {
return fmt.Errorf("missing 'password' configuration or OS_PASSWORD environment variable")
}
}
c.password = password
region, ok := conf["region_name"]
if !ok {
region = os.Getenv("OS_REGION_NAME")
}
c.region = region
tenantID, ok := conf["tenant_id"]
if !ok {
tenantID = multiEnv([]string{
"OS_TENANT_ID",
"OS_PROJECT_ID",
})
}
c.tenantid = tenantID
tenantName, ok := conf["tenant_name"]
if !ok {
tenantName = multiEnv([]string{
"OS_TENANT_NAME",
"OS_PROJECT_NAME",
})
}
c.tenantname = tenantName
domainID, ok := conf["domain_id"]
if !ok {
domainID = multiEnv([]string{
"OS_USER_DOMAIN_ID",
"OS_PROJECT_DOMAIN_ID",
"OS_DOMAIN_ID",
})
}
c.domainid = domainID
domainName, ok := conf["domain_name"]
if !ok {
domainName = multiEnv([]string{
"OS_USER_DOMAIN_NAME",
"OS_PROJECT_DOMAIN_NAME",
"OS_DOMAIN_NAME",
"DEFAULT_DOMAIN",
})
}
c.domainname = domainName
path, ok := conf["path"]
if !ok || path == "" {
return fmt.Errorf("missing 'path' configuration")
}
c.path = path
c.insecure = false
raw, ok := conf["insecure"]
if !ok {
raw = os.Getenv("OS_INSECURE")
}
if raw != "" {
v, err := strconv.ParseBool(raw)
if err != nil {
return fmt.Errorf("'insecure' and 'OS_INSECURE' could not be parsed as bool: %s", err)
}
c.insecure = v
}
cacertFile, ok := conf["cacert_file"]
if !ok {
cacertFile = os.Getenv("OS_CACERT")
}
c.cacert = cacertFile
cert, ok := conf["cert"]
if !ok {
cert = os.Getenv("OS_CERT")
}
c.cert = cert
key, ok := conf["key"]
if !ok {
key = os.Getenv("OS_KEY")
}
c.key = key
ao := gophercloud.AuthOptions{
IdentityEndpoint: c.authurl,
UserID: c.userid,
Username: c.username,
TenantID: c.tenantid,
TenantName: c.tenantname,
Password: c.password,
DomainID: c.domainid,
DomainName: c.domainname,
}
provider, err := openstack.NewClient(ao.IdentityEndpoint)
if err != nil {
return err
}
config := &tls.Config{}
if c.cacert != "" {
caCert, err := ioutil.ReadFile(c.cacert)
if err != nil {
return err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
config.RootCAs = caCertPool
}
if c.insecure {
log.Printf("[DEBUG] Insecure mode set")
config.InsecureSkipVerify = true
}
if c.cert != "" && c.key != "" {
cert, err := tls.LoadX509KeyPair(c.cert, c.key)
if err != nil {
return err
}
config.Certificates = []tls.Certificate{cert}
config.BuildNameToCertificate()
}
transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}
provider.HTTPClient.Transport = transport
err = openstack.Authenticate(provider, ao)
if err != nil {
return err
}
c.client, err = openstack.NewObjectStorageV1(provider, gophercloud.EndpointOpts{
Region: c.region,
})
return err
}
func (c *Config) loadAndValidate() error {
validEndpoint := false
validEndpoints := []string{
"internal", "internalURL",
"admin", "adminURL",
"public", "publicURL",
"",
}
for _, endpoint := range validEndpoints {
if c.EndpointType == endpoint {
validEndpoint = true
}
}
if !validEndpoint {
return fmt.Errorf("Invalid endpoint type provided")
}
ao := gophercloud.AuthOptions{
DomainID: c.DomainID,
DomainName: c.DomainName,
IdentityEndpoint: c.IdentityEndpoint,
Password: c.Password,
TenantID: c.TenantID,
TenantName: c.TenantName,
TokenID: c.Token,
Username: c.Username,
UserID: c.UserID,
}
client, err := openstack.NewClient(ao.IdentityEndpoint)
if err != nil {
return err
}
config := &tls.Config{}
if c.CACertFile != "" {
caCert, err := ioutil.ReadFile(c.CACertFile)
if err != nil {
return err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
config.RootCAs = caCertPool
}
if c.Insecure {
config.InsecureSkipVerify = true
}
if c.ClientCertFile != "" && c.ClientKeyFile != "" {
cert, err := tls.LoadX509KeyPair(c.ClientCertFile, c.ClientKeyFile)
if err != nil {
return err
}
config.Certificates = []tls.Certificate{cert}
config.BuildNameToCertificate()
}
transport := &http.Transport{Proxy: http.ProxyFromEnvironment, TLSClientConfig: config}
client.HTTPClient.Transport = transport
// If using Swift Authentication, there's no need to validate authentication normally.
if !c.Swauth {
err = openstack.Authenticate(client, ao)
if err != nil {
return err
}
}
c.osClient = client
return nil
}