forked from TrueCloudLab/restic
Merge pull request 2156 from kayrus/swift-app-cred
Swift: introduce application credential auth support
This commit is contained in:
commit
95434cff16
5 changed files with 50 additions and 13 deletions
8
changelog/unreleased/issue-2155
Normal file
8
changelog/unreleased/issue-2155
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
Enhancement: add Openstack application credential auth for Swift
|
||||||
|
|
||||||
|
Since Openstack Queens Identity (auth V3) service supports an application
|
||||||
|
credential auth method. It allows to create a technical account with the
|
||||||
|
limited roles. This commit adds an application credential authentication
|
||||||
|
method for the Swift backend.
|
||||||
|
|
||||||
|
https://github.com/restic/restic/issues/2155
|
|
@ -268,6 +268,18 @@ the naming convention of those variables follows the official Python Swift clien
|
||||||
$ export OS_PROJECT_NAME=<MY_PROJECT_NAME>
|
$ export OS_PROJECT_NAME=<MY_PROJECT_NAME>
|
||||||
$ export OS_PROJECT_DOMAIN_NAME=<MY_PROJECT_DOMAIN_NAME>
|
$ export OS_PROJECT_DOMAIN_NAME=<MY_PROJECT_DOMAIN_NAME>
|
||||||
|
|
||||||
|
# For keystone v3 application credential authentication (application credential id)
|
||||||
|
$ export OS_AUTH_URL=<MY_AUTH_URL>
|
||||||
|
$ export OS_APPLICATION_CREDENTIAL_ID=<MY_APPLICATION_CREDENTIAL_ID>
|
||||||
|
$ export OS_APPLICATION_CREDENTIAL_SECRET=<MY_APPLICATION_CREDENTIAL_SECRET>
|
||||||
|
|
||||||
|
# For keystone v3 application credential authentication (application credential name)
|
||||||
|
$ export OS_AUTH_URL=<MY_AUTH_URL>
|
||||||
|
$ export OS_USERNAME=<MY_USERNAME>
|
||||||
|
$ export OS_USER_DOMAIN_NAME=<MY_DOMAIN_NAME>
|
||||||
|
$ export OS_APPLICATION_CREDENTIAL_NAME=<MY_APPLICATION_CREDENTIAL_NAME>
|
||||||
|
$ export OS_APPLICATION_CREDENTIAL_SECRET=<MY_APPLICATION_CREDENTIAL_SECRET>
|
||||||
|
|
||||||
# For authentication based on tokens
|
# For authentication based on tokens
|
||||||
$ export OS_STORAGE_URL=<MY_STORAGE_URL>
|
$ export OS_STORAGE_URL=<MY_STORAGE_URL>
|
||||||
$ export OS_AUTH_TOKEN=<MY_AUTH_TOKEN>
|
$ export OS_AUTH_TOKEN=<MY_AUTH_TOKEN>
|
||||||
|
|
|
@ -374,6 +374,10 @@ environment variables. The following list of environment variables:
|
||||||
OS_PROJECT_NAME Project name for keystone authentication
|
OS_PROJECT_NAME Project name for keystone authentication
|
||||||
OS_PROJECT_DOMAIN_NAME Project domain name for keystone authentication
|
OS_PROJECT_DOMAIN_NAME Project domain name for keystone authentication
|
||||||
|
|
||||||
|
OS_APPLICATION_CREDENTIAL_ID Application Credential ID (keystone v3)
|
||||||
|
OS_APPLICATION_CREDENTIAL_NAME Application Credential Name (keystone v3)
|
||||||
|
OS_APPLICATION_CREDENTIAL_SECRET Application Credential Secret (keystone v3)
|
||||||
|
|
||||||
OS_STORAGE_URL Storage URL for token authentication
|
OS_STORAGE_URL Storage URL for token authentication
|
||||||
OS_AUTH_TOKEN Auth token for token authentication
|
OS_AUTH_TOKEN Auth token for token authentication
|
||||||
|
|
||||||
|
|
|
@ -23,6 +23,11 @@ type Config struct {
|
||||||
StorageURL string
|
StorageURL string
|
||||||
AuthToken string
|
AuthToken string
|
||||||
|
|
||||||
|
// auth v3 only
|
||||||
|
ApplicationCredentialID string
|
||||||
|
ApplicationCredentialName string
|
||||||
|
ApplicationCredentialSecret string
|
||||||
|
|
||||||
Container string
|
Container string
|
||||||
Prefix string
|
Prefix string
|
||||||
DefaultContainerPolicy string
|
DefaultContainerPolicy string
|
||||||
|
@ -96,6 +101,11 @@ func ApplyEnvironment(prefix string, cfg interface{}) error {
|
||||||
{&c.UserName, prefix + "ST_USER"},
|
{&c.UserName, prefix + "ST_USER"},
|
||||||
{&c.APIKey, prefix + "ST_KEY"},
|
{&c.APIKey, prefix + "ST_KEY"},
|
||||||
|
|
||||||
|
// Application Credential auth
|
||||||
|
{&c.ApplicationCredentialID, prefix + "OS_APPLICATION_CREDENTIAL_ID"},
|
||||||
|
{&c.ApplicationCredentialName, prefix + "OS_APPLICATION_CREDENTIAL_NAME"},
|
||||||
|
{&c.ApplicationCredentialSecret, prefix + "OS_APPLICATION_CREDENTIAL_SECRET"},
|
||||||
|
|
||||||
// Manual authentication
|
// Manual authentication
|
||||||
{&c.StorageURL, prefix + "OS_STORAGE_URL"},
|
{&c.StorageURL, prefix + "OS_STORAGE_URL"},
|
||||||
{&c.AuthToken, prefix + "OS_AUTH_TOKEN"},
|
{&c.AuthToken, prefix + "OS_AUTH_TOKEN"},
|
||||||
|
|
|
@ -43,19 +43,22 @@ func Open(cfg Config, rt http.RoundTripper) (restic.Backend, error) {
|
||||||
|
|
||||||
be := &beSwift{
|
be := &beSwift{
|
||||||
conn: &swift.Connection{
|
conn: &swift.Connection{
|
||||||
UserName: cfg.UserName,
|
UserName: cfg.UserName,
|
||||||
Domain: cfg.Domain,
|
Domain: cfg.Domain,
|
||||||
ApiKey: cfg.APIKey,
|
ApiKey: cfg.APIKey,
|
||||||
AuthUrl: cfg.AuthURL,
|
AuthUrl: cfg.AuthURL,
|
||||||
Region: cfg.Region,
|
Region: cfg.Region,
|
||||||
Tenant: cfg.Tenant,
|
Tenant: cfg.Tenant,
|
||||||
TenantId: cfg.TenantID,
|
TenantId: cfg.TenantID,
|
||||||
TenantDomain: cfg.TenantDomain,
|
TenantDomain: cfg.TenantDomain,
|
||||||
TrustId: cfg.TrustID,
|
TrustId: cfg.TrustID,
|
||||||
StorageUrl: cfg.StorageURL,
|
StorageUrl: cfg.StorageURL,
|
||||||
AuthToken: cfg.AuthToken,
|
AuthToken: cfg.AuthToken,
|
||||||
ConnectTimeout: time.Minute,
|
ApplicationCredentialId: cfg.ApplicationCredentialID,
|
||||||
Timeout: time.Minute,
|
ApplicationCredentialName: cfg.ApplicationCredentialName,
|
||||||
|
ApplicationCredentialSecret: cfg.ApplicationCredentialSecret,
|
||||||
|
ConnectTimeout: time.Minute,
|
||||||
|
Timeout: time.Minute,
|
||||||
|
|
||||||
Transport: rt,
|
Transport: rt,
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in a new issue