Allow authentication with key and secret

Also include test to validate the key/secret authentication and tne env file
canonical · Mar 13, 2024 · 5f673c8 · 5f673c8
1 parent 0484ab2
commit 5f673c8
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 5 deletions.
diff --git a/spread/openstack.go b/spread/openstack.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"os"
 	"strconv"
 	"strings"
 	"sync"
@@ -752,11 +753,18 @@ func (p *openstackProvider) checkKey() error {
 			return &FatalError{fmt.Errorf("cannot retrieve credentials from env: %v", err)}
 		}
 
-		// Select the appropiate version of the UserPass authentication method
-		var authmode = identity.AuthUserPassV3
-		if cred.Version > 0 && cred.Version != 3 {
-			authmode = identity.AuthUserPass
-		}
+		// Select the appropiate authentication method
+		var authmode identity.AuthMode
+		if os.Getenv("OS_ACCESS_KEY") != "" && os.Getenv("OS_SECRET_KEY") != "" {
+			authmode = identity.AuthKeyPair
+		} else if os.Getenv("OS_USERNAME") != "" && os.Getenv("OS_PASSWORD") != "" {
+				authmode = identity.AuthUserPassV3
+				if cred.Version > 0 && cred.Version != 3 {
+					authmode = identity.AuthUserPass
+				}
+		} else {
+			return &FatalError{fmt.Errorf("cannot determine authentication method to use")}
+		}		  
 
 		authClient := gooseClient.NewClient(cred, authmode, nil)
 		err = authClient.Authenticate()

diff --git a/tests/openstack/spread.yaml b/tests/openstack/spread.yaml
@@ -2,6 +2,7 @@ project: spread
 
 backends:
     openstack:
+        key: '$(HOST: echo "$SPREAD_OPENSTACK_ENV")'
         plan: m1.tiny
         halt-timeout: 1s
         systems:

diff --git a/tests/openstack/task.yaml b/tests/openstack/task.yaml
@@ -21,6 +21,7 @@ execute: |
     # The instance was created and the status has to be active to
     # fail trying to access through ssh
     ! spread openstack:cirros-64: -v -reuse -resend &> task.out
+    grep 'Allocating openstack:cirros-64' task.out
     grep 'cannot find ready marker in console output for.*: timeout reached' task.out
 
     # Check that the server is discarded during the spread execution
@@ -32,6 +33,13 @@ execute: |
     done
     test -z "$(openstack server list)"
 
+    # check the authentication method can be updated
+    echo -e "OS_ACCESS_KEY=test\nOS_SECRET_KEY=test" > test.env
+    ! SPREAD_OPENSTACK_ENV=test.env spread openstack:cirros-64: -v -reuse -resend &> task.out
+    grep 'Allocating openstack:cirros-64' task.out
+    grep 'cannot authenticate' task.out
+    rm test.env
+
     # Check the error in case the network does not exist
     ! spread openstack:cirros-64-wrong-network: -v -reuse -resend &> task.out
     grep 'cannot find valid network with name "invalid"' task.out