Merge pull request #11 from os-pc/support-api-key

add support for Rackspace API key authentication

go.mod

@@ -3,28 +3,22 @@ module github.com/os-pc/cloud-provider-rackspace
 go 1.13
 
 require (
-	github.com/gophercloud/gophercloud v0.7.1-0.20200116010453-5391bb776e58
-	github.com/gophercloud/utils v0.0.0-20191020172814-bd86af96d544
-	github.com/gorilla/mux v1.7.3
+	github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f // indirect
+	github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef // indirect
+	github.com/gophercloud/gophercloud v1.4.0
+	github.com/gophercloud/utils v0.0.0-20230523080330-de873b9cf00d
 	github.com/hashicorp/go-version v1.2.0
-	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/mapstructure v1.1.2
-	github.com/onsi/ginkgo v1.12.0
-	github.com/onsi/gomega v1.9.0
-	github.com/os-pc/gocloudlb v0.0.0-20210529010120-65b17b6d1ffa // indirect
-	github.com/pborman/uuid v1.2.0
+	github.com/onsi/ginkgo v1.12.0 // indirect
+	github.com/onsi/gomega v1.9.0 // indirect
+	github.com/os-pc/gocloudlb v0.0.0-20210529010120-65b17b6d1ffa
 	github.com/prometheus/client_golang v1.4.1
-	github.com/sirupsen/logrus v1.4.2
 	github.com/spf13/cobra v0.0.5
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.4.0
 	github.com/stretchr/testify v1.5.1
-	golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975
-	golang.org/x/net v0.0.0-20191126235420-ef20fe5d7933
-	golang.org/x/sys v0.0.0-20200122134326-e047566fdf82
-	google.golang.org/grpc v1.26.0
+	github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 // indirect
+	go.uber.org/atomic v1.4.0 // indirect
 	gopkg.in/gcfg.v1 v1.2.3
-	gopkg.in/yaml.v2 v2.2.8
 	k8s.io/api v0.18.0
 	k8s.io/apimachinery v0.18.0
 	k8s.io/apiserver v0.18.0
@@ -34,7 +28,6 @@ require (
 	k8s.io/klog v1.0.0
 	k8s.io/kubernetes v1.18.0
 	k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89
-	software.sslmate.com/src/go-pkcs12 v0.0.0-20190209200317-47dd539968c4
 )
 
 replace (

pkg/cloudprovider/providers/openstack/openstack.go

@@ -49,6 +49,7 @@ import (
 
 	v1helper "github.com/os-pc/cloud-provider-rackspace/pkg/apis/core/v1/helper"
 	"github.com/os-pc/cloud-provider-rackspace/pkg/util/metadata"
+	"github.com/os-pc/cloud-provider-rackspace/pkg/util/raxauth"
 	"github.com/os-pc/cloud-provider-rackspace/pkg/version"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
@@ -170,6 +171,7 @@ type AuthOpts struct {
 	UserID           string `gcfg:"user-id" mapstructure:"user-id" name:"os-userID" value:"optional" dependsOn:"os-password"`
 	Username         string `name:"os-userName" value:"optional" dependsOn:"os-password"`
 	Password         string `name:"os-password" value:"optional" dependsOn:"os-domainID|os-domainName,os-projectID|os-projectName,os-userID|os-userName"`
+	ApiKey           string `gcfg:"rax-api-key" mapstructure:"rax-api-key" name:"rax-api-key" value:"optional" dependsOn:"os-username"`
 	TenantID         string `gcfg:"tenant-id" mapstructure:"project-id" name:"os-projectID" value:"optional" dependsOn:"os-password"`
 	TenantName       string `gcfg:"tenant-name" mapstructure:"project-name" name:"os-projectName" value:"optional" dependsOn:"os-password"`
 	TrustID          string `gcfg:"trust-id" mapstructure:"trust-id" name:"os-trustID" value:"optional"`
@@ -277,40 +279,16 @@ func init() {
 	})
 }
 
-func (cfg AuthOpts) ToAuthOptions() gophercloud.AuthOptions {
-	opts := clientconfig.ClientOpts{
-		// this is needed to disable the clientconfig.AuthOptions func env detection
-		EnvPrefix: "_",
-		Cloud:     cfg.Cloud,
-		AuthInfo: &clientconfig.AuthInfo{
-			AuthURL:                     cfg.AuthURL,
-			UserID:                      cfg.UserID,
-			Username:                    cfg.Username,
-			Password:                    cfg.Password,
-			ProjectID:                   cfg.TenantID,
-			ProjectName:                 cfg.TenantName,
-			DomainID:                    cfg.DomainID,
-			DomainName:                  cfg.DomainName,
-			ProjectDomainID:             cfg.TenantDomainID,
-			ProjectDomainName:           cfg.TenantDomainName,
-			UserDomainID:                cfg.UserDomainID,
-			UserDomainName:              cfg.UserDomainName,
-			ApplicationCredentialID:     cfg.ApplicationCredentialID,
-			ApplicationCredentialName:   cfg.ApplicationCredentialName,
-			ApplicationCredentialSecret: cfg.ApplicationCredentialSecret,
-		},
-	}
-
-	ao, err := clientconfig.AuthOptions(&opts)
-	if err != nil {
-		klog.V(1).Infof("Error parsing auth: %s", err)
-		return gophercloud.AuthOptions{}
+func (cfg AuthOpts) ToAuthOptions() raxauth.AuthOptions {
+	return raxauth.AuthOptions{
+		IdentityEndpoint: cfg.AuthURL,
+		Username:         cfg.Username,
+		Password:         cfg.Password,
+		ApiKey:           cfg.ApiKey,
+		TenantID:         cfg.TenantID,
+		// Persistent service, so we need to be able to renew tokens.
+		AllowReauth: true,
 	}
-
-	// Persistent service, so we need to be able to renew tokens.
-	ao.AllowReauth = true
-
-	return *ao
 }
 
 // ReadConfig reads values from the cloud.conf
@@ -479,7 +457,10 @@ func NewOpenStackClient(cfg *AuthOpts, userAgent string, extraUserAgent ...strin
 	}
 
 	opts := cfg.ToAuthOptions()
-	err = openstack.Authenticate(provider, opts)
+	err = raxauth.Authenticate(provider, opts, gophercloud.EndpointOpts{})
+	if err != nil {
+		err = fmt.Errorf("failed to auth: %v", err)
+	}
 
 	return provider, err
 }

pkg/cloudprovider/providers/openstack/openstack_loadbalancer.go

@@ -469,7 +469,7 @@ func (lbaas *CloudLb) ensureLoadBalancerNodes(lbID uint64, port corev1.ServicePo
 
 	// Delete obsolete nodes for this pool
 	for _, node := range memberNodes {
-		klog.V(4).Infof("Deleting obsolete node %d for loadbalancer %s address %s", node.ID, lbID, node.Address)
+		klog.V(4).Infof("Deleting obsolete node %d for loadbalancer %d address %s", node.ID, lbID, node.Address)
 		err := lbnodes.Delete(lbaas.lb, lbID, node.ID).ExtractErr()
 		if err != nil && !cpoerrors.IsNotFound(err) {
 			return fmt.Errorf("error deleting obsolete node %d for load balancer %d address %s: %v", node.ID, lbID, node.Address, err)

pkg/cloudprovider/providers/openstack/openstack_routes.go

@@ -104,7 +104,7 @@ func updateRoutes(network *gophercloud.ServiceClient, router *routers.Router, ne
 	origRoutes := router.Routes // shallow copy
 
 	_, err := routers.Update(network, router.ID, routers.UpdateOpts{
-		Routes: newRoutes,
+		Routes: &newRoutes,
 	}).Extract()
 	if err != nil {
 		return nil, err
@@ -113,7 +113,7 @@ func updateRoutes(network *gophercloud.ServiceClient, router *routers.Router, ne
 	unwinder := func() {
 		klog.V(4).Infof("Reverting routes change to router %v", router.ID)
 		_, err := routers.Update(network, router.ID, routers.UpdateOpts{
-			Routes: origRoutes,
+			Routes: &origRoutes,
 		}).Extract()
 		if err != nil {
 			klog.Warningf("Unable to reset routes during error unwind: %v", err)

pkg/cloudprovider/providers/openstack/openstack_test.go

@@ -34,7 +34,7 @@ import (
 	"github.com/spf13/pflag"
 
 	"github.com/os-pc/cloud-provider-rackspace/pkg/util/metadata"
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/rand"
@@ -325,12 +325,6 @@ func TestToAuthOptions(t *testing.T) {
 	if ao.IdentityEndpoint != cfg.Global.AuthURL {
 		t.Errorf("IdentityEndpoint %s != %s", ao.IdentityEndpoint, cfg.Global.AuthURL)
 	}
-	if ao.UserID != cfg.Global.UserID {
-		t.Errorf("UserID %s != %s", ao.UserID, cfg.Global.UserID)
-	}
-	if ao.Scope.DomainName != cfg.Global.DomainName {
-		t.Errorf("DomainName %s != %s", ao.Scope.DomainName, cfg.Global.DomainName)
-	}
 	if ao.TenantID != cfg.Global.TenantID {
 		t.Errorf("TenantID %s != %s", ao.TenantID, cfg.Global.TenantID)
 	}
@@ -339,10 +333,6 @@ func TestToAuthOptions(t *testing.T) {
 	cfg.Global.DomainID = "2a73b8f597c04551a0fdc8e95544be8a"
 
 	ao = cfg.Global.ToAuthOptions()
-
-	if ao.Scope.DomainID != cfg.Global.DomainID {
-		t.Errorf("DomainID %s != %s", ao.Scope.DomainID, cfg.Global.DomainID)
-	}
 }
 
 func TestCheckOpenStackOpts(t *testing.T) {
@@ -883,120 +873,6 @@ func TestInstanceIDFromProviderID(t *testing.T) {
 	}
 }
 
-func TestToAuth3Options(t *testing.T) {
-	cfg := Config{}
-	cfg.Global.Username = "user"
-	cfg.Global.Password = "pass"
-	cfg.Global.DomainID = "2a73b8f597c04551a0fdc8e95544be8a"
-	cfg.Global.DomainName = "local"
-	cfg.Global.AuthURL = "http://auth.url"
-	cfg.Global.UserID = "user"
-	cfg.Global.TenantName = "demo"
-	cfg.Global.TenantDomainName = "Default"
-
-	ao := cfg.Global.ToAuth3Options()
-
-	if !ao.AllowReauth {
-		t.Errorf("Will need to be able to reauthenticate")
-	}
-	if ao.Username != cfg.Global.Username {
-		t.Errorf("Username %s != %s", ao.Username, cfg.Global.Username)
-	}
-	if ao.Password != cfg.Global.Password {
-		t.Errorf("Password %s != %s", ao.Password, cfg.Global.Password)
-	}
-	if ao.DomainID != cfg.Global.DomainID {
-		t.Errorf("DomainID %s != %s", ao.DomainID, cfg.Global.DomainID)
-	}
-	if ao.IdentityEndpoint != cfg.Global.AuthURL {
-		t.Errorf("IdentityEndpoint %s != %s", ao.IdentityEndpoint, cfg.Global.AuthURL)
-	}
-	if ao.UserID != cfg.Global.UserID {
-		t.Errorf("UserID %s != %s", ao.UserID, cfg.Global.UserID)
-	}
-	if ao.DomainName != cfg.Global.DomainName {
-		t.Errorf("DomainName %s != %s", ao.DomainName, cfg.Global.DomainName)
-	}
-	if ao.Scope.ProjectName != cfg.Global.TenantName {
-		t.Errorf("TenantName %s != %s", ao.Scope.ProjectName, cfg.Global.TenantName)
-	}
-	if ao.Scope.DomainName != cfg.Global.TenantDomainName {
-		t.Errorf("TenantDomainName %s != %s", ao.Scope.DomainName, cfg.Global.TenantDomainName)
-	}
-}
-
-func TestToAuth3OptionsScope(t *testing.T) {
-	// Use Domain Name/ID if Tenant Domain Name/ID is not set
-	cfg := Config{}
-	cfg.Global.Username = "user"
-	cfg.Global.Password = "pass"
-	cfg.Global.DomainID = "2a73b8f597c04551a0fdc8e95544be8a"
-	cfg.Global.DomainName = "local"
-	cfg.Global.AuthURL = "http://auth.url"
-	cfg.Global.UserID = "user"
-	cfg.Global.TenantName = "demo"
-
-	ao := cfg.Global.ToAuth3Options()
-
-	if ao.Scope.ProjectName != cfg.Global.TenantName {
-		t.Errorf("TenantName %s != %s", ao.Scope.ProjectName, cfg.Global.TenantName)
-	}
-	if ao.Scope.DomainName != cfg.Global.DomainName {
-		t.Errorf("DomainName %s != %s", ao.Scope.DomainName, cfg.Global.DomainName)
-	}
-	if ao.Scope.DomainID != cfg.Global.DomainID {
-		t.Errorf("DomainID %s != %s", ao.Scope.DomainID, cfg.Global.DomainID)
-	}
-
-	// Use Tenant Domain Name/ID if set
-	cfg = Config{}
-	cfg.Global.Username = "user"
-	cfg.Global.Password = "pass"
-	cfg.Global.DomainID = "2a73b8f597c04551a0fdc8e95544be8a"
-	cfg.Global.DomainName = "local"
-	cfg.Global.AuthURL = "http://auth.url"
-	cfg.Global.UserID = "user"
-	cfg.Global.TenantName = "demo"
-	cfg.Global.TenantDomainName = "Default"
-	cfg.Global.TenantDomainID = "default"
-
-	ao = cfg.Global.ToAuth3Options()
-
-	if ao.Scope.ProjectName != cfg.Global.TenantName {
-		t.Errorf("TenantName %s != %s", ao.Scope.ProjectName, cfg.Global.TenantName)
-	}
-	if ao.Scope.DomainName != cfg.Global.TenantDomainName {
-		t.Errorf("TenantDomainName %s != %s", ao.Scope.DomainName, cfg.Global.TenantDomainName)
-	}
-	if ao.Scope.DomainID != cfg.Global.TenantDomainID {
-		t.Errorf("TenantDomainID %s != %s", ao.Scope.DomainName, cfg.Global.TenantDomainID)
-	}
-
-	// Do not use neither Domain Name nor ID, if Tenant ID was provided
-	cfg = Config{}
-	cfg.Global.Username = "user"
-	cfg.Global.Password = "pass"
-	cfg.Global.DomainID = "2a73b8f597c04551a0fdc8e95544be8a"
-	cfg.Global.DomainName = "local"
-	cfg.Global.AuthURL = "http://auth.url"
-	cfg.Global.UserID = "user"
-	cfg.Global.TenantID = "7808db451cfc43eaa9acda7d67da8cf1"
-	cfg.Global.TenantDomainName = "Default"
-	cfg.Global.TenantDomainID = "default"
-
-	ao = cfg.Global.ToAuth3Options()
-
-	if ao.Scope.ProjectName != "" {
-		t.Errorf("TenantName in the scope  is not empty")
-	}
-	if ao.Scope.DomainName != "" {
-		t.Errorf("DomainName in the scope is not empty")
-	}
-	if ao.Scope.DomainID != "" {
-		t.Errorf("DomainID in the scope is not empty")
-	}
-}
-
 func TestUserAgentFlag(t *testing.T) {
 	tests := []struct {
 		name        string