Add project domain id to identity credentials

openrc downloaded from OpenStack horizon for a non-admin user has OS_PROJECT_DOMAIN_ID set but not OS_PROJECT_DOMAIN_NAME. Project domain ID details are added in Credentials structure. Fixes: go-goose#88
hemanthnakkina-zz · Mar 31, 2021 · 8f9d2cb · 8f9d2cb
1 parent 8cf841f
commit 8f9d2cb
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 23 deletions.
diff --git a/client/client.go b/client/client.go
@@ -605,10 +605,12 @@ func (c *authenticatingClient) doAuthenticate() error {
 		authDetails *identity.AuthDetails
 		err         error
 	)
+	logger := logging.FromCompat(c.logger)
+	logger.Debugf("auth creds: %+v", c.creds)
 	if authDetails, err = c.authMode.Auth(c.creds); err != nil {
 		return gooseerrors.Newf(err, "authentication failed")
 	}
-	logger := logging.FromCompat(c.logger)
+	// logger := logging.FromCompat(c.logger)
 	logger.Debugf("auth details: %+v", authDetails)
 
 	c.regionServiceURLs = authDetails.RegionServiceURLs

diff --git a/identity/identity.go b/identity/identity.go
@@ -62,16 +62,17 @@ type AuthDetails struct {
 // Credentials defines necessary parameters for authentication.
 // TODO - Tenant is deprecated, migrate attribute names to Project.
 type Credentials struct {
-	URL           string // The URL to authenticate against
-	User          string // The username to authenticate as
-	Secrets       string // The secrets to pass
-	Region        string // Region to send requests to
-	TenantName    string `credentials:"optional"` // The project name for this connection
-	TenantID      string `credentials:"optional"` // The project ID for this connection
-	Version       int    `credentials:"optional"` // The Keystone version
-	Domain        string `credentials:"optional"` // The domain for authorization (new in keystone v3)
-	UserDomain    string `credentials:"optional"` // The owning domain for this user (new in keystone v3)
-	ProjectDomain string `credentials:"optional"` // The project domain for authorization (new in keystone v3)
+	URL             string // The URL to authenticate against
+	User            string // The username to authenticate as
+	Secrets         string // The secrets to pass
+	Region          string // Region to send requests to
+	TenantName      string `credentials:"optional"` // The project name for this connection
+	TenantID        string `credentials:"optional"` // The project ID for this connection
+	Version         int    `credentials:"optional"` // The Keystone version
+	Domain          string `credentials:"optional"` // The domain for authorization (new in keystone v3)
+	UserDomain      string `credentials:"optional"` // The owning domain for this user (new in keystone v3)
+	ProjectDomain   string `credentials:"optional"` // The project domain for authorization (new in keystone v3)
+	ProjectDomainID string `credentials:"optional"` // The project domain id for authorization (new in keystone v3)
 }
 
 // Authenticator is implemented by each authentication method.
@@ -147,6 +148,9 @@ var (
 	CredEnvProjectDomainName = []string{
 		"OS_PROJECT_DOMAIN_NAME",
 	}
+        CredEnvProjectDomainID = []string{
+                "OS_PROJECT_DOMAIN_ID",
+        }
 	CredEnvUserDomainName = []string{
 		"OS_USER_DOMAIN_NAME",
 	}
@@ -159,15 +163,16 @@ var (
 // environment variables.
 func CredentialsFromEnv() (*Credentials, error) {
 	cred := &Credentials{
-		URL:           getConfig(CredEnvAuthURL),
-		User:          getConfig(CredEnvUser),
-		Secrets:       getConfig(CredEnvSecrets),
-		Region:        getConfig(CredEnvRegion),
-		TenantName:    getConfig(CredEnvTenantName),
-		TenantID:      getConfig(CredEnvTenantID),
-		Domain:        getConfig(CredEnvDomainName),
-		UserDomain:    getConfig(CredEnvUserDomainName),
-		ProjectDomain: getConfig(CredEnvProjectDomainName),
+		URL:             getConfig(CredEnvAuthURL),
+		User:            getConfig(CredEnvUser),
+		Secrets:         getConfig(CredEnvSecrets),
+		Region:          getConfig(CredEnvRegion),
+		TenantName:      getConfig(CredEnvTenantName),
+		TenantID:        getConfig(CredEnvTenantID),
+		Domain:          getConfig(CredEnvDomainName),
+		UserDomain:      getConfig(CredEnvUserDomainName),
+		ProjectDomain:   getConfig(CredEnvProjectDomainName),
+		ProjectDomainID: getConfig(CredEnvProjectDomainID),
 	}
 	defaultDomain := getConfig(CredEnvDefaultDomainName)
 	if defaultDomain != "" {

diff --git a/identity/identity_test.go b/identity/identity_test.go
@@ -86,6 +86,7 @@ func (s *CredentialsTestSuite) TestCompleteCredentialsFromEnvValid(c *gc.C) {
 		"OS_REGION_NAME":         "region",
 		"OS_DOMAIN_NAME":         "domain-name",
 		"OS_PROJECT_DOMAIN_NAME": "project-domain-name",
+		"OS_PROJECT_DOMAIN_ID":   "project-domain-id",
 		"OS_USER_DOMAIN_NAME":    "user-domain-name",
 		// ignored because user and project domains set
 		"OS_DEFAULT_DOMAIN_NAME": "default-domain-name",
@@ -102,6 +103,7 @@ func (s *CredentialsTestSuite) TestCompleteCredentialsFromEnvValid(c *gc.C) {
 	c.Check(creds.TenantName, gc.Equals, "tenant-name")
 	c.Check(creds.Domain, gc.Equals, "domain-name")
 	c.Check(creds.ProjectDomain, gc.Equals, "project-domain-name")
+	c.Check(creds.ProjectDomainID, gc.Equals, "project-domain-id")
 	c.Check(creds.UserDomain, gc.Equals, "user-domain-name")
 }
 

diff --git a/identity/v3userpass.go b/identity/v3userpass.go
@@ -84,9 +84,11 @@ func (u *V3UserPass) Auth(creds *Credentials) (*AuthDetails, error) {
 	if userDomain == "" {
 		userDomain = "default"
 	}
-	projectDomain := creds.ProjectDomain
-	if projectDomain == "" {
-		projectDomain = "default"
+	projectDomain := "default"
+	if creds.ProjectDomain != "" {
+		projectDomain = creds.ProjectDomain
+	} else if creds.ProjectDomainID != "" {
+		projectDomain = creds.ProjectDomainID
 	}
 	auth := v3AuthWrapper{
 		Auth: v3AuthRequest{