OS_AUTH_TOKEN/API_KEY issue with openstack provider #5802
Comments
|
Hi there, Yes, thank you for pointing this out. It's been something I've been meaning to look into and resolve. The AFAIK, the vast majority of OpenStack environments do not support an API Key authentication method. At minimum, I need to update the docs to reflect this. The secondary issue here is how one can authenticate with a token. Coincidentally, I just close #4430 which talks about tokens a little bit. What I've found is that even if you authenticate with a token in Gophercloud (the underlying Golang OpenStack library), that token is simply used to create another token, so it's not useful in situations when you want to use a persistent token throughout your entire session. Let me know if this helps. I'll get a doc patch shortly to better describe |
|
Is there a way to use OS_AUTH_TOKEN rather then password? #4430 did not really go into any details of what values need to be set for it to work. |
|
At this time it's not possible to use I can look into adding |
|
Yeah that would be fine. Tokens in source files usually expire, passwords are permanent. We are trying to get by having to store the password, but still allow it be automated without having to prompt for a password. We got past this by storing the password as an ENV variable and would like to remove this and just use a auth_token/username pair. BTW, Thanks for all the fast responses. This is the second issue you jumped on within 24 hours 👍 |
|
No problem at all - It's all in the gmail filters 😉 This sounds good and as I wrote out my last response even wondered why it hasn't been done yet. I'll put this on my TODO. |
|
This worked as expected. |
|
That's great news! Thank you for testing it out. I'm going to leave the PR opened a little longer than usual to see if anyone else will come across and comment on it. It's making some changes to the login configuration (albeit minor and retains backwards compatibility) so I want to be a little cautious. |
|
Did you have to change anything in gophercloud or strictly the 3 files that were part of this commit? |
|
It was all strictly in Terraform. |
|
Maybe not worth opening a new bug for this, but when I am attempting to use token against a v3 keystone auth_url, terraform outputs the following error, saying it requires a password. " * You must provide a password to authenticate Specifying a v2.0 keystone URL allows it to connect, but I get an authentication error back from keystone as v2.0 obviously doesn't support v3 project-scoped tokens. |
|
What Variables do you have set and what os? |
|
CentOS 6.6, 2.6.32-504.30.3.el6.x86_64 example.tf: provider "openstack" { No "OS_" environment variables are set; however I get the same behavior if I do set OS_AUTH_TOKEN, though. |
|
@delias- I think this is worth opening a new issue for 😄 |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
No matter if I use keystone v2 or v3 I continue to get this failure ( * The base Identity V2 API does not accept authentication by APIKey) when connecting using APIKEY/AUTH Token . Any guidance is appreciated.
(1:527)$ terraform --version
Terraform v0.6.14
Error refreshing state: 1 error(s) occurred:
The text was updated successfully, but these errors were encountered: