From 34baf05d9de31282c85c44808729fdf820e86010 Mon Sep 17 00:00:00 2001 From: kayrus Date: Mon, 28 Jan 2019 17:55:17 +0100 Subject: [PATCH] Swift: introduce application credential auth support --- Makefile | 2 +- backend/swift/swift.go | 93 +++++++++++++++++++++++++----------------- docs/content/swift.md | 27 ++++++++++++ 3 files changed, 83 insertions(+), 39 deletions(-) diff --git a/Makefile b/Makefile index cfcc48882..cbc0fa0d6 100644 --- a/Makefile +++ b/Makefile @@ -67,7 +67,7 @@ ifdef FULL_TESTS go vet $(BUILDTAGS) -printfuncs Debugf,Infof,Logf,Errorf ./... errcheck $(BUILDTAGS) ./... find . -name \*.go | grep -v /vendor/ | xargs goimports -d | grep . ; test $$? -eq 1 - go list ./... | xargs -n1 golint | grep -E -v '(StorageUrl|CdnUrl)' ; test $$? -eq 1 + go list ./... | xargs -n1 golint | grep -E -v '(StorageUrl|CdnUrl|ApplicationCredentialId)' ; test $$? -eq 1 else @echo Skipping source quality tests as version of go too old endif diff --git a/backend/swift/swift.go b/backend/swift/swift.go index 1fdad20cc..54267c1cd 100644 --- a/backend/swift/swift.go +++ b/backend/swift/swift.go @@ -130,6 +130,15 @@ func init() { }, { Name: "auth_token", Help: "Auth Token from alternate authentication - optional (OS_AUTH_TOKEN)", + }, { + Name: "application_credential_id", + Help: "Application Credential ID (OS_APPLICATION_CREDENTIAL_ID)", + }, { + Name: "application_credential_name", + Help: "Application Credential Name (OS_APPLICATION_CREDENTIAL_NAME)", + }, { + Name: "application_credential_secret", + Help: "Application Credential Secret (OS_APPLICATION_CREDENTIAL_SECRET)", }, { Name: "auth_version", Help: "AuthVersion - optional - set to (1,2,3) if your auth URL has no version (ST_AUTH_VERSION)", @@ -173,23 +182,26 @@ provider.`, // Options defines the configuration for this backend type Options struct { - EnvAuth bool `config:"env_auth"` - User string `config:"user"` - Key string `config:"key"` - Auth string `config:"auth"` - UserID string `config:"user_id"` - Domain string `config:"domain"` - Tenant string `config:"tenant"` - TenantID string `config:"tenant_id"` - TenantDomain string `config:"tenant_domain"` - Region string `config:"region"` - StorageURL string `config:"storage_url"` - AuthToken string `config:"auth_token"` - AuthVersion int `config:"auth_version"` - StoragePolicy string `config:"storage_policy"` - EndpointType string `config:"endpoint_type"` - ChunkSize fs.SizeSuffix `config:"chunk_size"` - NoChunk bool `config:"no_chunk"` + EnvAuth bool `config:"env_auth"` + User string `config:"user"` + Key string `config:"key"` + Auth string `config:"auth"` + UserID string `config:"user_id"` + Domain string `config:"domain"` + Tenant string `config:"tenant"` + TenantID string `config:"tenant_id"` + TenantDomain string `config:"tenant_domain"` + Region string `config:"region"` + StorageURL string `config:"storage_url"` + AuthToken string `config:"auth_token"` + AuthVersion int `config:"auth_version"` + ApplicationCredentialId string `config:"application_credential_id"` + ApplicationCredentialName string `config:"application_credential_name"` + ApplicationCredentialSecret string `config:"application_credential_secret"` + StoragePolicy string `config:"storage_policy"` + EndpointType string `config:"endpoint_type"` + ChunkSize fs.SizeSuffix `config:"chunk_size"` + NoChunk bool `config:"no_chunk"` } // Fs represents a remote swift server @@ -293,22 +305,25 @@ func parsePath(path string) (container, directory string, err error) { func swiftConnection(opt *Options, name string) (*swift.Connection, error) { c := &swift.Connection{ // Keep these in the same order as the Config for ease of checking - UserName: opt.User, - ApiKey: opt.Key, - AuthUrl: opt.Auth, - UserId: opt.UserID, - Domain: opt.Domain, - Tenant: opt.Tenant, - TenantId: opt.TenantID, - TenantDomain: opt.TenantDomain, - Region: opt.Region, - StorageUrl: opt.StorageURL, - AuthToken: opt.AuthToken, - AuthVersion: opt.AuthVersion, - EndpointType: swift.EndpointType(opt.EndpointType), - ConnectTimeout: 10 * fs.Config.ConnectTimeout, // Use the timeouts in the transport - Timeout: 10 * fs.Config.Timeout, // Use the timeouts in the transport - Transport: fshttp.NewTransport(fs.Config), + UserName: opt.User, + ApiKey: opt.Key, + AuthUrl: opt.Auth, + UserId: opt.UserID, + Domain: opt.Domain, + Tenant: opt.Tenant, + TenantId: opt.TenantID, + TenantDomain: opt.TenantDomain, + Region: opt.Region, + StorageUrl: opt.StorageURL, + AuthToken: opt.AuthToken, + AuthVersion: opt.AuthVersion, + ApplicationCredentialId: opt.ApplicationCredentialId, + ApplicationCredentialName: opt.ApplicationCredentialName, + ApplicationCredentialSecret: opt.ApplicationCredentialSecret, + EndpointType: swift.EndpointType(opt.EndpointType), + ConnectTimeout: 10 * fs.Config.ConnectTimeout, // Use the timeouts in the transport + Timeout: 10 * fs.Config.Timeout, // Use the timeouts in the transport + Transport: fshttp.NewTransport(fs.Config), } if opt.EnvAuth { err := c.ApplyEnvironment() @@ -318,11 +333,13 @@ func swiftConnection(opt *Options, name string) (*swift.Connection, error) { } StorageUrl, AuthToken := c.StorageUrl, c.AuthToken // nolint if !c.Authenticated() { - if c.UserName == "" && c.UserId == "" { - return nil, errors.New("user name or user id not found for authentication (and no storage_url+auth_token is provided)") - } - if c.ApiKey == "" { - return nil, errors.New("key not found") + if (c.ApplicationCredentialId != "" || c.ApplicationCredentialName != "") && c.ApplicationCredentialSecret == "" { + if c.UserName == "" && c.UserId == "" { + return nil, errors.New("user name or user id not found for authentication (and no storage_url+auth_token is provided)") + } + if c.ApiKey == "" { + return nil, errors.New("key not found") + } } if c.AuthUrl == "" { return nil, errors.New("auth not found") diff --git a/docs/content/swift.md b/docs/content/swift.md index d07cd211f..e135c597f 100644 --- a/docs/content/swift.md +++ b/docs/content/swift.md @@ -329,6 +329,33 @@ User ID to log in - optional - most swift systems use user and leave this blank - Type: string - Default: "" +#### --swift-application-credential-id + +Application Credential ID to log in - optional (v3 auth) (OS_APPLICATION_CREDENTIAL_ID). + +- Config: application_credential_id +- Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_ID +- Type: string +- Default: "" + +#### --swift-application-credential-name + +Application Credential name to log in - optional (v3 auth) (OS_APPLICATION_CREDENTIAL_NAME). + +- Config: application_credential_name +- Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_NAME +- Type: string +- Default: "" + +#### --swift-application-credential-secret + +Application Credential secret to log in - optional (v3 auth) (OS_APPLICATION_CREDENTIAL_SECRET). + +- Config: application_credential_secret +- Env Var: RCLONE_SWIFT_APPLICATION_CREDENTIAL_SECRET +- Type: string +- Default: "" + #### --swift-domain User domain - optional (v3 auth) (OS_USER_DOMAIN_NAME)