Ability to authenticate against OpenStack with application credentials or token #776
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request description
Description of the change
In some environments, like in LEXIS project, Yorc must be able to allocate OpenStack compute resources on behalf of any user created on demand by a third party AAI (Authentication and Authorization Infrastructure), Yorc being just given an OpenStack token or Openstack application credentials, valid only for a given time defined by the third party AAI.
Added the ability for Yorc to authenticate against OpenStack using a token or application credentials, that are provided in a node template metadata (not in yorc static configuration as these are per user values with a validity defined by an external AAI.
What I did
doc/configuration.rst
In the table of OpenStack parameters,
added parameter domain_id to be used with tokens, and referencing a note for user_name and password.
The note added below the table specifies that a token or application credentials can be specified in a node template, when user/password authentication can't be used.
tosca/constants.go
Added constants for token and application credentials keys that can be define in a node template metadata
prov/terraform/openstack/generator.go
When setting OpenStack parameters used for authentication, checking if application credentials are defined in the node template metadata to use them during the authentication,
else do a token-based authentication if a toekn is defined, else do the user/password authentication like previously.
How to verify it
Verified on a LEXIS setup, using both:
Description for the changelog
Ability to authenticate against OpenStack with token or application credentials (GH-775)
Applicable Issues
Closes #775