-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added "Domain" configuration parameter to Swift provider to enable V3 authentication #2554
Conversation
physical/swift.go
Outdated
if domain == "" { | ||
domain = conf["domain"] | ||
} | ||
tenantDomain := os.Getenv("OS_PROJECT_DOMAIN_NAME") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why the tenant/project mismatch here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a quirk that the OpenStack project introduced with KeyStone V3. Originally a KeyStone project was called a tenant and that naming was deprecated several releases ago. However, a lot of clients maintain the name "tenant" internally. I kept this name as the underlying "github.com/ncw/swift
library still uses the old naming for projects. For the environment variable, I used the name that is required by the most recent versions of the OpenStack CLIs authenticating with KeyStone V3 API as this would present in most users' environments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given that this is new stuff, it feels like the conf "tenant-domain"
should use "project-domain"
if the old nomenclature was deprecated several releases ago. Sound reasonable?
…and its domain and at the same time maintain backward compatibility with the nomenclature prior to KeyStone v3.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I updated the logic to look for OS_PROJECT along with OS_PROJECT_DOMAIN_NAME. This makes it consistent with the new nomenclature. I also renamed the internal variable names. Unfortunately, the underlying ncw
swift API client still maintains the tenant
naming instead of project
but the code should be consistent with the environment expected by the openstack
CLI.
@mevansam Looks good! |
* oss/master: Fix azure test round 2 Fix test for changed Azure changelog++ Add -self flag to token-revoke (#2596) Update revoke.html.md (#2604) Update to new Azure code after dep update (#2603) changelog++ Added "Domain" configuration parameter to Swift provider to enable V3 authentication (#2554) Fix cassandra dep breakage
This pull request adds the ability to pass in the Keystone user and project domains which is required by OpenStack environments configured with v3 auth.