openshift · openshift-merge-robot · Sep 28, 2021 · Apr 19, 2021
diff --git a/pkg/storage/swift/swift.go b/pkg/storage/swift/swift.go
@@ -33,15 +33,18 @@ import (
 )
 
 type Swift struct {
-	AuthURL            string
-	Username           string
-	Password           string
-	Tenant             string
-	TenantID           string
-	Domain             string
-	DomainID           string
-	RegionName         string
-	IdentityAPIVersion string
+	AuthURL                     string
+	Username                    string
+	Password                    string
+	Tenant                      string
+	TenantID                    string
+	Domain                      string
+	DomainID                    string
+	RegionName                  string
+	IdentityAPIVersion          string
+	ApplicationCredentialID     string
+	ApplicationCredentialName   string
+	ApplicationCredentialSecret string
 }
 
 type driver struct {
@@ -117,6 +120,9 @@ func GetConfig(listers *regopclient.Listers) (*Swift, error) {
 				cfg.AuthURL = cloud.AuthInfo.AuthURL
 				cfg.Username = cloud.AuthInfo.Username
 				cfg.Password = cloud.AuthInfo.Password
+				cfg.ApplicationCredentialID = cloud.AuthInfo.ApplicationCredentialID
+				cfg.ApplicationCredentialName = cloud.AuthInfo.ApplicationCredentialName
+				cfg.ApplicationCredentialSecret = cloud.AuthInfo.ApplicationCredentialSecret
 				cfg.Tenant = cloud.AuthInfo.ProjectName
 				cfg.TenantID = cloud.AuthInfo.ProjectID
 				cfg.Domain = cloud.AuthInfo.DomainName
@@ -146,6 +152,18 @@ func GetConfig(listers *regopclient.Listers) (*Swift, error) {
 		if err != nil {
 			return nil, err
 		}
+		cfg.ApplicationCredentialID, err = util.GetValueFromSecret(sec, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID")
+		if err != nil {
+			return nil, err
+		}
+		cfg.ApplicationCredentialName, err = util.GetValueFromSecret(sec, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME")
+		if err != nil {
+			return nil, err
+		}
+		cfg.ApplicationCredentialSecret, err = util.GetValueFromSecret(sec, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET")
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	return cfg, nil
@@ -174,13 +192,16 @@ func (d *driver) getSwiftClient() (*gophercloud.ServiceClient, error) {
 	regionName := replaceEmpty(d.Config.RegionName, cfg.RegionName)
 
 	opts := &gophercloud.AuthOptions{
-		IdentityEndpoint: authURL,
-		Username:         cfg.Username,
-		Password:         cfg.Password,
-		DomainID:         domainID,
-		DomainName:       domain,
-		TenantID:         tenantID,
-		TenantName:       tenant,
+		IdentityEndpoint:            authURL,
+		Username:                    cfg.Username,
+		Password:                    cfg.Password,
+		ApplicationCredentialID:     cfg.ApplicationCredentialID,
+		ApplicationCredentialName:   cfg.ApplicationCredentialName,
+		ApplicationCredentialSecret: cfg.ApplicationCredentialSecret,
+		DomainID:                    domainID,
+		DomainName:                  domain,
+		TenantID:                    tenantID,
+		TenantName:                  tenant,
 	}
 
 	provider, err := openstack.NewClient(opts.IdentityEndpoint)
@@ -273,6 +294,9 @@ func (d *driver) ConfigEnv() (envs envvar.List, err error) {
 		envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_AUTHURL", Value: authURL},
 		envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_USERNAME", Value: cfg.Username, Secret: true},
 		envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_PASSWORD", Value: cfg.Password, Secret: true},
+		envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID", Value: cfg.ApplicationCredentialID, Secret: true},
+		envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME", Value: cfg.ApplicationCredentialName, Secret: true},
+		envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET", Value: cfg.ApplicationCredentialSecret, Secret: true},
 		envvar.EnvVar{Name: "REGISTRY_STORAGE_SWIFT_AUTHVERSION", Value: authVersion},
 	)
 	if domain != "" {

diff --git a/pkg/storage/swift/swift_test.go b/pkg/storage/swift/swift_test.go
@@ -27,11 +27,14 @@ import (
 )
 
 const (
-	username  = "myUsername"
-	password  = "myPassword"
-	container = "registry"
-	domain    = "Default"
-	tenant    = "openshift-registry"
+	username                    = "myUsername"
+	password                    = "myPassword"
+	applicationCredentialID     = "myId"
+	applicationCredentialName   = "myName"
+	applicationCredentialSecret = "mySecret"
+	container                   = "registry"
+	domain                      = "Default"
+	tenant                      = "openshift-registry"
 
 	cloudName      = "openstack"
 	cloudSecretKey = "clouds.yaml"
@@ -45,8 +48,11 @@ const (
 var (
 	// Fake Swift credentials map
 	fakeSecretData = map[string][]byte{
-		"REGISTRY_STORAGE_SWIFT_USERNAME": []byte(username),
-		"REGISTRY_STORAGE_SWIFT_PASSWORD": []byte(password),
+		"REGISTRY_STORAGE_SWIFT_USERNAME":                    []byte(username),
+		"REGISTRY_STORAGE_SWIFT_PASSWORD":                    []byte(password),
+		"REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID":     []byte(applicationCredentialID),
+		"REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME":   []byte(applicationCredentialName),
+		"REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET": []byte(applicationCredentialSecret),
 	}
 	fakeCloudsYAML             map[string][]byte
 	fakeCloudProviderConfigMap map[string]string
@@ -554,9 +560,12 @@ func TestSwiftSecrets(t *testing.T) {
 	th.AssertNoErr(t, err)
 	res, err := configenv.SecretData()
 	th.AssertNoErr(t, err)
-	th.AssertEquals(t, 2, len(res))
+	th.AssertEquals(t, 5, len(res))
 	th.AssertEquals(t, username, res["REGISTRY_STORAGE_SWIFT_USERNAME"])
 	th.AssertEquals(t, password, res["REGISTRY_STORAGE_SWIFT_PASSWORD"])
+	th.AssertEquals(t, applicationCredentialID, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID"])
+	th.AssertEquals(t, applicationCredentialName, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME"])
+	th.AssertEquals(t, applicationCredentialSecret, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET"])
 
 	config = imageregistryv1.ImageRegistryConfigStorageSwift{
 		Container: container,
@@ -578,6 +587,9 @@ func TestSwiftSecrets(t *testing.T) {
       project_name: ` + tenant + `
       username: ` + username + `
       password: ` + password + `
+      application_credential_id: ` + applicationCredentialID + `
+      application_credential_name: ` + applicationCredentialName + `
+      application_credential_secret: ` + applicationCredentialSecret + `
       domain_name: ` + domain + `
     region_name: RegionOne`)
 
@@ -588,9 +600,12 @@ func TestSwiftSecrets(t *testing.T) {
 	th.AssertNoErr(t, err)
 	res, err = configenv.SecretData()
 	th.AssertNoErr(t, err)
-	th.AssertEquals(t, 2, len(res))
+	th.AssertEquals(t, 5, len(res))
 	th.AssertEquals(t, username, res["REGISTRY_STORAGE_SWIFT_USERNAME"])
 	th.AssertEquals(t, password, res["REGISTRY_STORAGE_SWIFT_PASSWORD"])
+	th.AssertEquals(t, applicationCredentialID, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID"])
+	th.AssertEquals(t, applicationCredentialName, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME"])
+	th.AssertEquals(t, applicationCredentialSecret, res["REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET"])
 }
 
 func TestSwiftCreateStorageCloudConfig(t *testing.T) {
@@ -755,14 +770,20 @@ func TestSwiftConfigEnvCloudConfig(t *testing.T) {
 	th.AssertEquals(t, true, res[3].Secret)
 	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_PASSWORD", res[4].Name)
 	th.AssertEquals(t, true, res[4].Secret)
-	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_AUTHVERSION", res[5].Name)
-	th.AssertEquals(t, 3, res[5].Value)
-	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_DOMAIN", res[6].Name)
-	th.AssertEquals(t, domain, res[6].Value)
-	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_TENANT", res[7].Name)
-	th.AssertEquals(t, tenant, res[7].Value)
-	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_REGION", res[8].Name)
-	th.AssertEquals(t, "RegionOne", res[8].Value)
+	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALID", res[5].Name)
+	th.AssertEquals(t, true, res[5].Secret)
+	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALNAME", res[6].Name)
+	th.AssertEquals(t, true, res[6].Secret)
+	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_APPLICATIONCREDENTIALSECRET", res[7].Name)
+	th.AssertEquals(t, true, res[7].Secret)
+	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_AUTHVERSION", res[8].Name)
+	th.AssertEquals(t, 3, res[8].Value)
+	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_DOMAIN", res[9].Name)
+	th.AssertEquals(t, domain, res[9].Value)
+	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_TENANT", res[10].Name)
+	th.AssertEquals(t, tenant, res[10].Value)
+	th.AssertEquals(t, "REGISTRY_STORAGE_SWIFT_REGION", res[11].Name)
+	th.AssertEquals(t, "RegionOne", res[11].Value)
 }
 
 func TestSwiftEnsureAuthURLHasAPIVersion(t *testing.T) {