From a258223ae41fde7bf1e60a98ce7d66177612cfa3 Mon Sep 17 00:00:00 2001
From: Di Xu <stephenhsu90@gmail.com>
Date: Thu, 22 Feb 2018 18:05:24 +0800
Subject: [PATCH] read openstack auth config from client config

Kubernetes-commit: 10201f3f2ae1841cb1a68ea420c94bf018ae6b24
---
 plugin/pkg/client/auth/openstack/openstack.go | 46 +++++++++++----
 .../client/auth/openstack/openstack_test.go   | 57 +++++++++++++++++++
 2 files changed, 93 insertions(+), 10 deletions(-)

diff --git a/plugin/pkg/client/auth/openstack/openstack.go b/plugin/pkg/client/auth/openstack/openstack.go
index 490eff1281..7f524a6497 100644
--- a/plugin/pkg/client/auth/openstack/openstack.go
+++ b/plugin/pkg/client/auth/openstack/openstack.go
@@ -23,6 +23,7 @@ import (
 	"time"
 
 	"github.com/golang/glog"
+	"github.com/gophercloud/gophercloud"
 	"github.com/gophercloud/gophercloud/openstack"
 
 	"k8s.io/apimachinery/pkg/util/net"
@@ -42,8 +43,7 @@ const DefaultTTLDuration = 10 * time.Minute
 // the environment variables to determine the client identity, and generates a
 // token which will be inserted into the request header later.
 type openstackAuthProvider struct {
-	ttl time.Duration
-
+	ttl         time.Duration
 	tokenGetter TokenGetter
 }
 
@@ -52,13 +52,23 @@ type TokenGetter interface {
 	Token() (string, error)
 }
 
-type tokenGetter struct{}
+type tokenGetter struct {
+	authOpt *gophercloud.AuthOptions
+}
 
 // Token creates a token by authenticate with keystone.
-func (*tokenGetter) Token() (string, error) {
-	options, err := openstack.AuthOptionsFromEnv()
-	if err != nil {
-		return "", fmt.Errorf("failed to read openstack env vars: %s", err)
+func (t *tokenGetter) Token() (string, error) {
+	var options gophercloud.AuthOptions
+	var err error
+	if t.authOpt == nil {
+		// reads the config from the environment
+		glog.V(4).Info("reading openstack config from the environment variables")
+		options, err = openstack.AuthOptionsFromEnv()
+		if err != nil {
+			return "", fmt.Errorf("failed to read openstack env vars: %s", err)
+		}
+	} else {
+		options = *t.authOpt
 	}
 	client, err := openstack.AuthenticatedClient(options)
 	if err != nil {
@@ -126,7 +136,7 @@ func (t *tokenRoundTripper) WrappedRoundTripper() http.RoundTripper { return t.R
 
 // newOpenstackAuthProvider creates an auth provider which works with openstack
 // environment.
-func newOpenstackAuthProvider(clusterAddress string, config map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) {
+func newOpenstackAuthProvider(_ string, config map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) {
 	var ttlDuration time.Duration
 	var err error
 
@@ -145,11 +155,27 @@ func newOpenstackAuthProvider(clusterAddress string, config map[string]string, p
 		}
 	}
 
-	// TODO: read/persist client configuration(OS_XXX env vars) in config
+	authOpt := gophercloud.AuthOptions{
+		IdentityEndpoint: config["identityEndpoint"],
+		Username:         config["username"],
+		Password:         config["password"],
+		DomainName:       config["name"],
+		TenantID:         config["tenantId"],
+		TenantName:       config["tenantName"],
+	}
+
+	getter := tokenGetter{}
+	// not empty
+	if (authOpt != gophercloud.AuthOptions{}) {
+		if len(authOpt.IdentityEndpoint) == 0 {
+			return nil, fmt.Errorf("empty %q in the config for openstack auth provider", "identityEndpoint")
+		}
+		getter.authOpt = &authOpt
+	}
 
 	return &openstackAuthProvider{
 		ttl:         ttlDuration,
-		tokenGetter: &tokenGetter{},
+		tokenGetter: &getter,
 	}, nil
 }
 
diff --git a/plugin/pkg/client/auth/openstack/openstack_test.go b/plugin/pkg/client/auth/openstack/openstack_test.go
index 411bec70f7..24d55b9fca 100644
--- a/plugin/pkg/client/auth/openstack/openstack_test.go
+++ b/plugin/pkg/client/auth/openstack/openstack_test.go
@@ -114,3 +114,60 @@ func TestOpenstackAuthProvider(t *testing.T) {
 	}
 
 }
+
+type fakePersister struct{}
+
+func (i *fakePersister) Persist(map[string]string) error {
+	return nil
+}
+
+func TestNewOpenstackAuthProvider(t *testing.T) {
+	tests := []struct {
+		name        string
+		config      map[string]string
+		expectError bool
+	}{
+		{
+			name: "normal config without openstack configurations",
+			config: map[string]string{
+				"ttl": "1s",
+				"foo": "bar",
+			},
+		},
+		{
+			name: "openstack auth provider: missing identityEndpoint",
+			config: map[string]string{
+				"ttl":        "1s",
+				"foo":        "bar",
+				"username":   "xyz",
+				"password":   "123",
+				"tenantName": "admin",
+			},
+			expectError: true,
+		},
+		{
+			name: "openstack auth provider",
+			config: map[string]string{
+				"ttl":              "1s",
+				"foo":              "bar",
+				"identityEndpoint": "http://controller:35357/v3",
+				"username":         "xyz",
+				"password":         "123",
+				"tenantName":       "admin",
+			},
+		},
+	}
+
+	for _, test := range tests {
+		_, err := newOpenstackAuthProvider("test", test.config, &fakePersister{})
+		if err != nil {
+			if !test.expectError {
+				t.Errorf("unexpected error: %v", err)
+			}
+		} else {
+			if test.expectError {
+				t.Error("expect error, but nil")
+			}
+		}
+	}
+}