diff --git a/auth_aksk_options.go b/auth_aksk_options.go index 3c374a632..b74190dba 100644 --- a/auth_aksk_options.go +++ b/auth_aksk_options.go @@ -20,7 +20,8 @@ type AKSKAuthOptions struct { Region string // cloud service domain, example: myhwclouds.com - Domain string + Domain string + DomainID string AccessKey string //Access Key SecretKey string //Secret key diff --git a/openstack/client.go b/openstack/client.go index 0b32072e4..b6f1c4b9c 100644 --- a/openstack/client.go +++ b/openstack/client.go @@ -317,9 +317,11 @@ func v3AKSKAuth(client *golangsdk.ProviderClient, endpoint string, options golan defer func() { v3Client.AKSKAuthOptions.ProjectId = options.ProjectId + v3Client.AKSKAuthOptions.DomainID = options.DomainID }() v3Client.AKSKAuthOptions = options v3Client.AKSKAuthOptions.ProjectId = "" + v3Client.AKSKAuthOptions.DomainID = "" if options.ProjectId == "" && options.ProjectName != "" { id, err := getProjectID(v3Client, options.ProjectName) @@ -329,6 +331,14 @@ func v3AKSKAuth(client *golangsdk.ProviderClient, endpoint string, options golan options.ProjectId = id } + if options.DomainID == "" && options.Domain != "" { + id, err := getDomainIDV1(options.Domain, v3Client) + if err != nil { + return err + } + options.DomainID = id + } + client.ProjectID = options.ProjectId v3Client.ProjectID = options.ProjectId @@ -373,20 +383,17 @@ func v3AKSKAuth(client *golangsdk.ProviderClient, endpoint string, options golan }) } } - - client.EndpointLocator = func(opts golangsdk.EndpointOpts) (string, error) { - return V3EndpointURL(&tokens3.ServiceCatalog{ - Entries: entries, - }, opts) - } - return true, nil }) - if err != nil { return err } + client.EndpointLocator = func(opts golangsdk.EndpointOpts) (string, error) { + return V3EndpointURL(&tokens3.ServiceCatalog{ + Entries: entries, + }, opts) + } return nil } @@ -402,13 +409,11 @@ func authWithAgencyByAKSK(client *golangsdk.ProviderClient, endpoint string, opt return err } - domainID, err := getDomainID(opts.Domain, v3Client) - if err != nil { - return err + if v3Client.AKSKAuthOptions.DomainID == "" { + return fmt.Errorf("Must config domain name") } opts2 := golangsdk.AgencyAuthOptions{ - DomainID: domainID, AgencyName: opts.AgencyName, AgencyDomainName: opts.AgencyDomainName, DelegatedProject: opts.DelegatedProject, @@ -508,6 +513,43 @@ func getDomainID(name string, client *golangsdk.ServiceClient) (string, error) { } } +func getDomainIDV1(name string, client *golangsdk.ServiceClient) (string, error) { + old := client.Endpoint + defer func() { client.Endpoint = old }() + + client.Endpoint = old + "auth/" + + opts := domains.ListOpts{ + Name: name, + } + allPages, err := domains.List(client, &opts).AllPages() + if err != nil { + return "", fmt.Errorf("List domains failed, err=%s", err) + } + + all, err := domains.ExtractDomains(allPages) + if err != nil { + return "", fmt.Errorf("Extract domains failed, err=%s", err) + } + + count := len(all) + switch count { + case 0: + err := &golangsdk.ErrResourceNotFound{} + err.ResourceType = "iam" + err.Name = name + return "", err + case 1: + return all[0].ID, nil + default: + err := &golangsdk.ErrMultipleResourcesFound{} + err.ResourceType = "iam" + err.Name = name + err.Count = count + return "", err + } +} + func HeaderForAdminToken(c *golangsdk.ServiceClient) (map[string]string, error) { if c.AKSKAuthOptions.AccessKey != "" { i, err := getDomainID(c.AKSKAuthOptions.Domain, c) diff --git a/provider_client.go b/provider_client.go index 474b77017..322f48619 100644 --- a/provider_client.go +++ b/provider_client.go @@ -237,6 +237,9 @@ func (client *ProviderClient) Request(method, url string, options *RequestOpts) if client.AKSKAuthOptions.ProjectId != "" { req.Header.Set("X-Project-Id", client.AKSKAuthOptions.ProjectId) } + if client.AKSKAuthOptions.DomainID != "" { + req.Header.Set("X-Domain-Id", client.AKSKAuthOptions.DomainID) + } } // Issue the request.