Image: add basic auth support to download source image

[binchenX]

No description provided.

[theopenlab-ci]

Build succeeded.

• terraform-provider-openstack-unittest : SUCCESS in 3m 47s
• terraform-provider-openstack-acceptance-test : SUCCESS in 2h 34m 18s

[kayrus]

@pierrchen thanks for the PR. Did you try to set a password in a URL, e.g. https://username:password@example.com/file.img?

[binchenX]

@kayrus It doesn't seems work for me and if the password contains an @ the url became invalid. Is that expected to be a legit way to set the basic Auth for you?

[kayrus]

According to golang/go#24572 it should work. Have you tried to escape the @ in the password field? What kind of error do you receive?

[kayrus]

See also https://golang.org/src/net/http/client.go#L239
https://golang.org/pkg/net/url/#Userinfo
Go automatically parses Username and Password from the URL.

[binchenX]

@kayrus sorry, I made some mistake in my experiment and I can confirm (with a standalone go programe) putting user name and password in url do works (even with @ in the password - curl will complain about this).

However, I have some questions:

1. Do you think provide separate username and password will be better alternative? IMO having the url and password in the URL is a bad practice and will cause some confusions especially in the Terraform user cases I will mention below.
2. If we have the credential in the url, when credential changes, does Terraform consider it is a new resource and thus take actions it shouldn't?
3. Putting credential in the url, will cause the url to be sensitive, and thus be mask out in the plan output, which make it hard for review, say if the url is correctly set.

And in either case, we need additional check the response status, since an non-2xx response won't cause error be return, and thus it will an error json file be uploaded as an image.

Let me know how you want to proceed:
A. Have separate user name and password config as this patch does.
B. Putting url and password in the url, but add the response error check.

Thanks,

[binchenX]

@kayrus this is the required error check I mentioned.

[binchenX]

@ozerovandrei would you like to have a review on this? thanks

[kayrus]

Do you think provide separate username and password will be better alternative? IMO having the url and password in the URL is a bad practice and will cause some confusions especially in the Terraform user cases I will mention below.

Yes, I agree.

If we have the credential in the url, when credential changes, does Terraform consider it is a new resource and thus take actions it shouldn't?

Yes it will consider it as a new resource.

Putting credential in the url, will cause the url to be sensitive, and thus be mask out in the plan output, which make it hard for review, say if the url is correctly set.

Agree. See my comments.

And in either case, we need additional check the response status, since an non-2xx response won't cause error be return, and thus it will an error json file be uploaded as an image.

Agree.

A. Have separate user name and password config as this patch does.
B. Putting url and password in the url, but add the response error check.

Both is fine.

[theopenlab-ci]

Build failed.

• terraform-provider-openstack-unittest : SUCCESS in 4m 50s
• terraform-provider-openstack-acceptance-test : FAILURE in 40m 25s

[binchenX]

Not familiar with how to interpreter the acceptance test failure so not sure if it is related with the my change or it is false positive?

[binchenX]

Not entirely sure about this comments and it was marked as resolved so I didn't make any change. Let me know if I should.

[theopenlab-ci]

Build failed.

• terraform-provider-openstack-unittest : SUCCESS in 4m 36s
• terraform-provider-openstack-acceptance-test : FAILURE in 1h 01m 46s

[kayrus]

LGTM
Let's wait for openlab issues to be fixed.

[theopenlab-ci]

Build succeeded.

• terraform-provider-openstack-unittest : SUCCESS in 4m 22s
• terraform-provider-openstack-acceptance-test : SUCCESS in 2h 07m 09s

[kayrus]

@pierrchen merged, thank you