Add keystone authentication

go.mod

@@ -3,7 +3,7 @@ module github.com/openshift-metal3/terraform-provider-ironic
 go 1.18
 
 require (
-	github.com/gophercloud/gophercloud v0.22.0
+	github.com/gophercloud/gophercloud v1.14.0
 	github.com/gophercloud/utils v0.0.0-20210720165645-8a3ad2ad9e70
 	github.com/hashicorp/go-retryablehttp v0.7.7
 	github.com/hashicorp/go-version v1.6.0

go.sum

@@ -227,8 +227,8 @@ github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3i
 github.com/googleapis/gnostic v0.5.5 h1:9fHAtK0uDfpveeqqo1hkEZJcFvYXAiCN3UutL8F9xHw=
 github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
 github.com/gophercloud/gophercloud v0.15.1-0.20210202035223-633d73521055/go.mod h1:wRtmUelyIIv3CSSDI47aUwbs075O6i+LY+pXsKCBsb4=
-github.com/gophercloud/gophercloud v0.22.0 h1:9lFISNLafZcecT0xUveIMt3IafexC6DIV9ek1SZdSMw=
-github.com/gophercloud/gophercloud v0.22.0/go.mod h1:wRtmUelyIIv3CSSDI47aUwbs075O6i+LY+pXsKCBsb4=
+github.com/gophercloud/gophercloud v1.14.0 h1:Bt9zQDhPrbd4qX7EILGmy+i7GP35cc+AAL2+wIJpUE8=
+github.com/gophercloud/gophercloud v1.14.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
 github.com/gophercloud/utils v0.0.0-20210720165645-8a3ad2ad9e70 h1:9UYK3/bQIZ9EfYPLaKbN23nxpKWodtKs69JZmpaNU+I=
 github.com/gophercloud/utils v0.0.0-20210720165645-8a3ad2ad9e70/go.mod h1:wx8HMD8oQD0Ryhz6+6ykq75PJ79iPyEqYHfwZ4l7OsA=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
@@ -566,6 +566,7 @@ golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -636,6 +637,7 @@ golang.org/x/net v0.0.0-20210224082022-3d97a244fca7/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
 golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=

ironic/provider.go

@@ -10,6 +10,7 @@ import (
 	"time"
 
 	"github.com/gophercloud/gophercloud"
+	"github.com/gophercloud/gophercloud/openstack"
 	"github.com/gophercloud/gophercloud/openstack/baremetal/httpbasic"
 	"github.com/gophercloud/gophercloud/openstack/baremetal/noauth"
 	"github.com/gophercloud/gophercloud/openstack/baremetal/v1/drivers"
@@ -175,8 +176,7 @@ func Provider() *schema.Provider {
 				DefaultFunc: schema.EnvDefaultFunc("IRONIC_AUTH_STRATEGY", "noauth"),
 				Description: descriptions["auth_strategy"],
 				ValidateFunc: validation.StringInSlice([]string{
-					"noauth", "http_basic",
-				}, false),
+					"noauth", "http_basic", "keystone"}, false),
 			},
 			"ironic_username": {
 				Type:        schema.TypeString,
@@ -204,6 +204,43 @@ func Provider() *schema.Provider {
 				DefaultFunc: schema.EnvDefaultFunc("INSPECTOR_HTTP_BASIC_PASSWORD", ""),
 				Description: descriptions["inspector_username"],
 			},
+			"keystone_username": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OS_USERNAME", ""),
+				Description: descriptions["keystone_username"],
+			},
+			"keystone_password": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Sensitive:   true,
+				DefaultFunc: schema.EnvDefaultFunc("OS_PASSWORD", ""),
+				Description: descriptions["keystone_password"],
+			},
+			"keystone_region": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OS_REGION_NAME", ""),
+				Description: descriptions["keystone_region"],
+			},
+			"user_domain_name": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OS_USER_DOMAIN_NAME", ""),
+				Description: descriptions["user_domain_name"],
+			},
+			"tenant_name": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OS_PROJECT_NAME", ""),
+				Description: descriptions["tenant_name"],
+			},
+			"tenant_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OS_PROJECT_ID", ""),
+				Description: descriptions["tenant_id"],
+			},
 		},
 		ResourcesMap: map[string]*schema.Resource{
 			"ironic_node_v1":       resourceNodeV1(),
@@ -226,11 +263,17 @@ func init() {
 		"inspector":          "The endpoint for Ironic inspector",
 		"microversion":       "The microversion to use for Ironic",
 		"timeout":            "Wait at least the specified number of seconds for the API to become available",
-		"auth_strategy":      "Determine the strategy to use for authentication with Ironic services, Possible values: noauth, http_basic. Defaults to noauth.",
+		"auth_strategy":      "Determine the strategy to use for authentication with Ironic services, Possible values: noauth, http_basic, keystone. Defaults to noauth.",
 		"ironic_username":    "Username to be used by Ironic when using `http_basic` authentication",
 		"ironic_password":    "Password to be used by Ironic when using `http_basic` authentication",
 		"inspector_username": "Username to be used by Ironic Inspector when using `http_basic` authentication",
 		"inspector_password": "Password to be used by Ironic Inspector when using `http_basic` authentication",
+		"keystone_username":  "Username to be used by Ironic when using `keystone` authentication",
+		"keystone_password":  "Password to be used by Ironic when using `keystone` authentication",
+		"keystone_region":    "Region to be used by Ironic when using `keystone` authentication",
+		"user_domain_name":   "Project ID to be used by Ironic when using `keystone` authentication",
+		"tenant_name":        "Project ID to be used by Ironic when using `keystone` authentication",
+		"tenant_id":          "Project ID to be used by Ironic when using `keystone` authentication",
 	}
 }
 
@@ -282,6 +325,62 @@ func configureProvider(schema *schema.ResourceData) (interface{}, error) {
 			clients.inspector = inspector
 		}
 
+	} else if authStrategy == "keystone" {
+		log.Printf("[DEBUG] Using keystone auth strategy")
+
+		// keystoneUser := schema.Get("keystone_username").(string)
+		// keystonePassword := schema.Get("keystone_password").(string)
+		// keystoneRegion := schema.Get("keystone_region").(string)
+		// url := schema.Get("url").(string)
+		// userDomainName := schema.Get("user_domain_name").(string)
+		// tenantName := schema.Get("tenant_name").(string)
+		// tenantId := schema.Get("tenant_id").(string)
+
+		// opts := gophercloud.AuthOptions{
+		// 	IdentityEndpoint: url,
+		// 	Username:         keystoneUser,
+		// 	Password:         keystonePassword,
+		// 	DomainName:       userDomainName,
+		// 	TenantName:       tenantName,
+		// 	TenantID:         tenantId,
+		// }
+
+		// provider, err := openstack.AuthenticatedClient(opts)
+		// if err != nil {
+		// 	return nil, err
+		// }
+
+		// eo := gophercloud.EndpointOpts{
+		// 	Region: keystoneRegion,
+		// }
+
+		opts, err := openstack.AuthOptionsFromEnv()
+		provider, err := openstack.AuthenticatedClient(opts)
+
+		eo := gophercloud.EndpointOpts{Region: "RegionOne"}
+
+		ironic, err := openstack.NewBareMetalV1(provider, eo)
+		if err != nil {
+			return nil, err
+		}
+
+		ironic.Microversion = schema.Get("microversion").(string)
+		clients.ironic = ironic
+
+		inspectorURL := schema.Get("inspector").(string)
+		if inspectorURL != "" {
+			// inspectorUser := schema.Get("inspector_username").(string)
+			// inspectorPassword := schema.Get("inspector_password").(string)
+			log.Printf("[DEBUG] Inspector endpoint is %s", inspectorURL)
+
+			inspector, err := openstack.NewBareMetalIntrospectionV1(provider, eo)
+
+			if err != nil {
+				return nil, err
+			}
+			clients.inspector = inspector
+		}
+
 	} else {
 		log.Printf("[DEBUG] Using noauth auth_strategy")
 		ironic, err := noauth.NewBareMetalNoAuth(noauth.EndpointOpts{