func authClient(ecfg *environConfig) (client.AuthenticatingClient, error) {
identityClientVersion, err := identityClientVersion(ecfg.authURL())
if err != nil {
return nil, errors.Annotate(err, "cannot create a client")
}
cred, authMode := newCredentials(ecfg)
newClient := client.NewClient
if ecfg.SSLHostnameVerification() == false {
newClient = client.NewNonValidatingClient
}
client := newClient(&cred, authMode, nil)
// before returning, lets make sure that we want to have AuthMode
// AuthUserPass instead of its V3 counterpart.
if authMode == identity.AuthUserPass && (identityClientVersion == -1 || identityClientVersion == 3) {
options, err := client.IdentityAuthOptions()
if err != nil {
logger.Errorf("cannot determine available auth versions %v", err)
} else {
client = determineBestClient(options, client, cred, newClient)
}
}
// By default, the client requires "compute" and
// "object-store". Juju only requires "compute".
client.SetRequiredServiceTypes([]string{"compute"})
return client, nil
}
func authClient(ecfg *environConfig) client.AuthenticatingClient {
cred := &identity.Credentials{
User: ecfg.username(),
Secrets: ecfg.password(),
Region: ecfg.region(),
TenantName: ecfg.tenantName(),
URL: ecfg.authURL(),
}
// authModeCfg has already been validated so we know it's one of the values below.
var authMode identity.AuthMode
switch AuthMode(ecfg.authMode()) {
case AuthLegacy:
authMode = identity.AuthLegacy
case AuthUserPass:
authMode = identity.AuthUserPass
case AuthKeyPair:
authMode = identity.AuthKeyPair
cred.User = ecfg.accessKey()
cred.Secrets = ecfg.secretKey()
}
newClient := client.NewClient
if !ecfg.SSLHostnameVerification() {
newClient = client.NewNonValidatingClient
}
client := newClient(cred, authMode, nil)
// By default, the client requires "compute" and
// "object-store". Juju only requires "compute".
client.SetRequiredServiceTypes([]string{"compute"})
return client
}
