Support trust id as a scope in the OpenStack authentication logic.

2025-07-30 15:05:27 +00:00 · 2016-09-06 16:54:02 +02:00 · 2016-09-06 16:54:02 +02:00 · c1b3100ba2
commit c1b3100ba2
parent 8ea400b1bf
1 changed files with 17 additions and 1 deletions
--- a/pkg/cloudprovider/providers/openstack/openstack.go
+++ b/pkg/cloudprovider/providers/openstack/openstack.go
@ -31,6 +31,8 @@ import (
 	"github.com/rackspace/gophercloud"
 	"github.com/rackspace/gophercloud/openstack"
 	"github.com/rackspace/gophercloud/openstack/compute/v2/servers"
+	"github.com/rackspace/gophercloud/openstack/identity/v3/extensions/trust"
+	token3 "github.com/rackspace/gophercloud/openstack/identity/v3/tokens"
 	"github.com/rackspace/gophercloud/pagination"

 	"github.com/golang/glog"
@ -102,6 +104,7 @@ type Config struct {
 		ApiKey     string `gcfg:"api-key"`
 		TenantId   string `gcfg:"tenant-id"`
 		TenantName string `gcfg:"tenant-name"`
+		TrustId    string `gcfg:"trust-id"`
 		DomainId   string `gcfg:"domain-id"`
 		DomainName string `gcfg:"domain-name"`
 		Region     string
@ -170,7 +173,20 @@ func readInstanceID() (string, error) {
 }

 func newOpenStack(cfg Config) (*OpenStack, error) {
-	provider, err := openstack.AuthenticatedClient(cfg.toAuthOptions())
+	provider, err := openstack.NewClient(cfg.Global.AuthUrl)
+	if err != nil {
+		return nil, err
+	}
+	if cfg.Global.TrustId != "" {
+		authOptionsExt := trust.AuthOptionsExt{
+			TrustID:     cfg.Global.TrustId,
+			AuthOptions: token3.AuthOptions{AuthOptions: cfg.toAuthOptions()},
+		}
+		err = trust.AuthenticateV3Trust(provider, authOptionsExt)
+	} else {
+		err = openstack.Authenticate(provider, cfg.toAuthOptions())
+	}
+
 	if err != nil {
 		return nil, err
 	}