diff --git a/pkg/storage/swift/swift.go b/pkg/storage/swift/swift.go index 8f4e57c13e..e5037ba8fe 100644 --- a/pkg/storage/swift/swift.go +++ b/pkg/storage/swift/swift.go @@ -33,15 +33,18 @@ import ( ) type Swift struct { - AuthURL string - Username string - Password string - Tenant string - TenantID string - Domain string - DomainID string - RegionName string - IdentityAPIVersion string + AuthURL string + Username string + Password string + Tenant string + TenantID string + Domain string + DomainID string + RegionName string + IdentityAPIVersion string + ApplicationCredentialID string + ApplicationCredentialName string + ApplicationCredentialSecret string } type driver struct { @@ -117,6 +120,9 @@ func GetConfig(listers *regopclient.Listers) (*Swift, error) { cfg.AuthURL = cloud.AuthInfo.AuthURL cfg.Username = cloud.AuthInfo.Username cfg.Password = cloud.AuthInfo.Password + cfg.ApplicationCredentialID = cloud.AuthInfo.ApplicationCredentialID + cfg.ApplicationCredentialName = cloud.AuthInfo.ApplicationCredentialName + cfg.ApplicationCredentialSecret = cloud.AuthInfo.ApplicationCredentialSecret cfg.Tenant = cloud.AuthInfo.ProjectName cfg.TenantID = cloud.AuthInfo.ProjectID cfg.Domain = cloud.AuthInfo.DomainName @@ -146,6 +152,18 @@ func GetConfig(listers *regopclient.Listers) (*Swift, error) { if err != nil { return nil, err } + cfg.ApplicationCredentialID, err = util.GetValueFromSecret(sec, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID") + if err != nil { + return nil, err + } + cfg.ApplicationCredentialName, err = util.GetValueFromSecret(sec, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME") + if err != nil { + return nil, err + } + cfg.ApplicationCredentialSecret, err = util.GetValueFromSecret(sec, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET") + if err != nil { + return nil, err + } } return cfg, nil @@ -174,13 +192,16 @@ func (d *driver) getSwiftClient() (*gophercloud.ServiceClient, error) { regionName := replaceEmpty(d.Config.RegionName, cfg.RegionName) opts := &gophercloud.AuthOptions{ - IdentityEndpoint: authURL, - Username: cfg.Username, - Password: cfg.Password, - DomainID: domainID, - DomainName: domain, - TenantID: tenantID, - TenantName: tenant, + IdentityEndpoint: authURL, + Username: cfg.Username, + Password: cfg.Password, + ApplicationCredentialID: cfg.ApplicationCredentialID, + ApplicationCredentialName: cfg.ApplicationCredentialName, + ApplicationCredentialSecret: cfg.ApplicationCredentialSecret, + DomainID: domainID, + DomainName: domain, + TenantID: tenantID, + TenantName: tenant, } provider, err := openstack.NewClient(opts.IdentityEndpoint) @@ -273,6 +294,9 @@ func (d *driver) ConfigEnv() (envs envvar.List, err error) { envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_AUTHURL", Value: authURL}, envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_USERNAME", Value: cfg.Username, Secret: true}, envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_PASSWORD", Value: cfg.Password, Secret: true}, + envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID", Value: cfg.ApplicationCredentialID, Secret: true}, + envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME", Value: cfg.ApplicationCredentialName, Secret: true}, + envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET", Value: cfg.ApplicationCredentialSecret, Secret: true}, envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_AUTHVERSION", Value: authVersion}, ) if domain != "" { diff --git a/pkg/storage/swift/swift_test.go b/pkg/storage/swift/swift_test.go index f657d14c1a..7d09afbf7c 100644 --- a/pkg/storage/swift/swift_test.go +++ b/pkg/storage/swift/swift_test.go @@ -27,11 +27,14 @@ import ( ) const ( - username = "myUsername" - password = "myPassword" - container = "registry" - domain = "Default" - tenant = "openshift-registry" + username = "myUsername" + password = "myPassword" + applicationCredentialID = "myId" + applicationCredentialName = "myName" + applicationCredentialSecret = "mySecret" + container = "registry" + domain = "Default" + tenant = "openshift-registry" cloudName = "openstack" cloudSecretKey = "clouds.yaml" @@ -45,8 +48,11 @@ const ( var ( // Fake Swift credentials map fakeSecretData = map[string][]byte{ - "REGISTRY_STORAGE_SWIFT_USERNAME": []byte(username), - "REGISTRY_STORAGE_SWIFT_PASSWORD": []byte(password), + "REGISTRY_STORAGE_SWIFT_USERNAME": []byte(username), + "REGISTRY_STORAGE_SWIFT_PASSWORD": []byte(password), + "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID": []byte(applicationCredentialID), + "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME": []byte(applicationCredentialName), + "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET": []byte(applicationCredentialSecret), } fakeCloudsYAML map[string][]byte fakeCloudProviderConfigMap map[string]string @@ -554,9 +560,12 @@ func TestSwiftSecrets(t *testing.T) { th.AssertNoErr(t, err) res, err := configenv.SecretData() th.AssertNoErr(t, err) - th.AssertEquals(t, 2, len(res)) + th.AssertEquals(t, 5, len(res)) th.AssertEquals(t, username, res["REGISTRY_STORAGE_SWIFT_USERNAME"]) th.AssertEquals(t, password, res["REGISTRY_STORAGE_SWIFT_PASSWORD"]) + th.AssertEquals(t, applicationCredentialID, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID"]) + th.AssertEquals(t, applicationCredentialName, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME"]) + th.AssertEquals(t, applicationCredentialSecret, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET"]) config = imageregistryv1.ImageRegistryConfigStorageSwift{ Container: container, @@ -578,6 +587,9 @@ func TestSwiftSecrets(t *testing.T) { project_name: ` + tenant + ` username: ` + username + ` password: ` + password + ` + application_credential_id: ` + applicationCredentialID + ` + application_credential_name: ` + applicationCredentialName + ` + application_credential_secret: ` + applicationCredentialSecret + ` domain_name: ` + domain + ` region_name: RegionOne`) @@ -588,9 +600,12 @@ func TestSwiftSecrets(t *testing.T) { th.AssertNoErr(t, err) res, err = configenv.SecretData() th.AssertNoErr(t, err) - th.AssertEquals(t, 2, len(res)) + th.AssertEquals(t, 5, len(res)) th.AssertEquals(t, username, res["REGISTRY_STORAGE_SWIFT_USERNAME"]) th.AssertEquals(t, password, res["REGISTRY_STORAGE_SWIFT_PASSWORD"]) + th.AssertEquals(t, applicationCredentialID, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID"]) + th.AssertEquals(t, applicationCredentialName, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME"]) + th.AssertEquals(t, applicationCredentialSecret, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET"]) } func TestSwiftCreateStorageCloudConfig(t *testing.T) { @@ -755,14 +770,20 @@ func TestSwiftConfigEnvCloudConfig(t *testing.T) { th.AssertEquals(t, true, res[3].Secret) th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_PASSWORD", res[4].Name) th.AssertEquals(t, true, res[4].Secret) - th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_AUTHVERSION", res[5].Name) - th.AssertEquals(t, 3, res[5].Value) - th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_DOMAIN", res[6].Name) - th.AssertEquals(t, domain, res[6].Value) - th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_TENANT", res[7].Name) - th.AssertEquals(t, tenant, res[7].Value) - th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_REGION", res[8].Name) - th.AssertEquals(t, "RegionOne", res[8].Value) + th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID", res[5].Name) + th.AssertEquals(t, true, res[5].Secret) + th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME", res[6].Name) + th.AssertEquals(t, true, res[6].Secret) + th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET", res[7].Name) + th.AssertEquals(t, true, res[7].Secret) + th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_AUTHVERSION", res[8].Name) + th.AssertEquals(t, 3, res[8].Value) + th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_DOMAIN", res[9].Name) + th.AssertEquals(t, domain, res[9].Value) + th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_TENANT", res[10].Name) + th.AssertEquals(t, tenant, res[10].Value) + th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_REGION", res[11].Name) + th.AssertEquals(t, "RegionOne", res[11].Value) } func TestSwiftEnsureAuthURLHasAPIVersion(t *testing.T) {