Add support for using application credentials for authentication

fog / fog-openstack

Fog for OpenStack Platform

MIT License

69 stars 130 forks source link

Add support for using application credentials for authentication #533

Closed scornelissen85 closed 8 months ago

scornelissen85 commented 8 months ago

I've used this code for using application credentials for authentication in Openstack. I think it would be valuable if this could be added in the fog-openstack project.

This will fix issue #510

This can be used as alternative next to it's original credentials options. To use application credentials I've set the following parameters:

compute_client = Fog::Compute.new  :openstack_auth_url => ENV['OS_AUTH_UR'],
                                    :openstack_application_credential_secret => ENV['OS_APPLICATION_CREDENTIAL_SECRET'],
                                    :openstack_application_credential_id => ENV['OS_APPLICATION_CREDENTIAL_ID']

CC @dhague (sorry if I should cc another member)

geemus commented 8 months ago

Looks good overall.

Unfortunately the test suite has been busted for a bit here, other maintainers haven't really been active, and I don't have an active openstack setup to test against either.

Have you been able to test this out successly?

scornelissen85 commented 8 months ago

Looks good overall.

Thank you

Unfortunately the test suite has been busted for a bit here, other maintainers haven't really been active, and I don't have an active openstack setup to test against either.

I have tried to add a test, that was succesfull, but I saw there were tests failing, even without my change.

Have you been able to test this out successly?

Yes, I'm using the branch with these changes with success and only use application credentials to log in in Openstack. I'm using my branch currently from beaker-openstack where the Compute and the Network class is used directly. I'm not sure if something is missing as I'm not using anything other than those classes.

Furthermore, I'm not an expert about the communication with Openstack. This change works for me, but I can't guarantee it works for other cases.

geemus commented 8 months ago

Thanks for the context, that makes sense to me. The change to nil would be great and then I think we can bring this in. You can only speak for your own experience, but from what I see it shouldn't break anything that is currently working for others either way.

scornelissen85 commented 8 months ago

I have changes scope to return nil when using application credentials and it seems to work.

geemus commented 8 months ago

Great, thanks for that.

geemus commented 8 months ago

@scornelissen85 did you need a release with this change?

scornelissen85 commented 8 months ago

@geemus If you could make a release I can then make a PR for beaker-openstack to use the application credentials.