//go:generate struct-markdown package openstack import ( "crypto/tls" "crypto/x509" "fmt" "io/ioutil" "os" "github.com/gophercloud/gophercloud" "github.com/gophercloud/gophercloud/openstack" "github.com/gophercloud/utils/openstack/clientconfig" "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/packer/template/interpolate" ) // AccessConfig is for common configuration related to openstack access type AccessConfig struct { // The username or id used to connect to // the OpenStack service. If not specified, Packer will use the environment // variable OS_USERNAME or OS_USERID, if set. This is not required if // using access token or application credential instead of password, or if using // cloud.yaml. Username string `mapstructure:"username" required:"true"` UserID string `mapstructure:"user_id"` // The password used to connect to the OpenStack // service. If not specified, Packer will use the environment variables // OS_PASSWORD, if set. This is not required if using access token or // application credential instead of password, or if using cloud.yaml. Password string `mapstructure:"password" required:"true"` // The URL to the OpenStack Identity service. // If not specified, Packer will use the environment variables OS_AUTH_URL, // if set. This is not required if using cloud.yaml. IdentityEndpoint string `mapstructure:"identity_endpoint" required:"true"` // The tenant ID or name to boot the // instance into. Some OpenStack installations require this. If not specified, // Packer will use the environment variable OS_TENANT_NAME or // OS_TENANT_ID, if set. Tenant is also called Project in later versions of // OpenStack. TenantID string `mapstructure:"tenant_id" required:"false"` TenantName string `mapstructure:"tenant_name"` DomainID string `mapstructure:"domain_id"` // The Domain name or ID you are // authenticating with. OpenStack installations require this if identity v3 is // used. Packer will use the environment variable OS_DOMAIN_NAME or // OS_DOMAIN_ID, if set. DomainName string `mapstructure:"domain_name" required:"false"` // Whether or not the connection to OpenStack can be // done over an insecure connection. By default this is false. Insecure bool `mapstructure:"insecure" required:"false"` // The name of the region, such as "DFW", in which to // launch the server to create the image. If not specified, Packer will use // the environment variable OS_REGION_NAME, if set. Region string `mapstructure:"region" required:"false"` // The endpoint type to use. Can be any of // "internal", "internalURL", "admin", "adminURL", "public", and "publicURL". // By default this is "public". EndpointType string `mapstructure:"endpoint_type" required:"false"` // Custom CA certificate file path. If omitted the // OS_CACERT environment variable can be used. CACertFile string `mapstructure:"cacert" required:"false"` // Client certificate file path for SSL client // authentication. If omitted the OS_CERT environment variable can be used. ClientCertFile string `mapstructure:"cert" required:"false"` // Client private key file path for SSL client // authentication. If omitted the OS_KEY environment variable can be used. ClientKeyFile string `mapstructure:"key" required:"false"` // the token (id) to use with token based authorization. // Packer will use the environment variable OS_TOKEN, if set. Token string `mapstructure:"token" required:"false"` // The application credential name to // use with application credential based authorization. Packer will use the // environment variable OS_APPLICATION_CREDENTIAL_NAME, if set. ApplicationCredentialName string `mapstructure:"application_credential_name" required:"false"` // The application credential id to // use with application credential based authorization. Packer will use the // environment variable OS_APPLICATION_CREDENTIAL_ID, if set. ApplicationCredentialID string `mapstructure:"application_credential_id" required:"false"` // The application credential secret // to use with application credential based authorization. Packer will use the // environment variable OS_APPLICATION_CREDENTIAL_SECRET, if set. ApplicationCredentialSecret string `mapstructure:"application_credential_secret" required:"false"` // An entry in a clouds.yaml file. See the OpenStack // os-client-config // documentation // for more information about clouds.yaml files. If omitted, the OS_CLOUD // environment variable is used. Cloud string `mapstructure:"cloud" required:"false"` osClient *gophercloud.ProviderClient } func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error { if c.EndpointType != "internal" && c.EndpointType != "internalURL" && c.EndpointType != "admin" && c.EndpointType != "adminURL" && c.EndpointType != "public" && c.EndpointType != "publicURL" && c.EndpointType != "" { return []error{fmt.Errorf("Invalid endpoint type provided")} } // Legacy RackSpace stuff. We're keeping this around to keep things BC. if c.Password == "" { c.Password = os.Getenv("SDK_PASSWORD") } if c.Region == "" { c.Region = os.Getenv("SDK_REGION") } if c.TenantName == "" { c.TenantName = os.Getenv("SDK_PROJECT") } if c.Username == "" { c.Username = os.Getenv("SDK_USERNAME") } // End RackSpace if c.Cloud == "" { c.Cloud = os.Getenv("OS_CLOUD") } if c.Region == "" { c.Region = os.Getenv("OS_REGION_NAME") } if c.CACertFile == "" { c.CACertFile = os.Getenv("OS_CACERT") } if c.ClientCertFile == "" { c.ClientCertFile = os.Getenv("OS_CERT") } if c.ClientKeyFile == "" { c.ClientKeyFile = os.Getenv("OS_KEY") } clientOpts := new(clientconfig.ClientOpts) // If a cloud entry was given, base AuthOptions on a clouds.yaml file. if c.Cloud != "" { clientOpts.Cloud = c.Cloud cloud, err := clientconfig.GetCloudFromYAML(clientOpts) if err != nil { return []error{err} } if c.Region == "" && cloud.RegionName != "" { c.Region = cloud.RegionName } } else { authInfo := &clientconfig.AuthInfo{ AuthURL: c.IdentityEndpoint, DomainID: c.DomainID, DomainName: c.DomainName, Password: c.Password, ProjectID: c.TenantID, ProjectName: c.TenantName, Token: c.Token, Username: c.Username, UserID: c.UserID, } clientOpts.AuthInfo = authInfo } ao, err := clientconfig.AuthOptions(clientOpts) if err != nil { return []error{err} } // Make sure we reauth as needed ao.AllowReauth = true // Override values if we have them in our config overrides := []struct { From, To *string }{ {&c.Username, &ao.Username}, {&c.UserID, &ao.UserID}, {&c.Password, &ao.Password}, {&c.IdentityEndpoint, &ao.IdentityEndpoint}, {&c.TenantID, &ao.TenantID}, {&c.TenantName, &ao.TenantName}, {&c.DomainID, &ao.DomainID}, {&c.DomainName, &ao.DomainName}, {&c.Token, &ao.TokenID}, {&c.ApplicationCredentialName, &ao.ApplicationCredentialName}, {&c.ApplicationCredentialID, &ao.ApplicationCredentialID}, {&c.ApplicationCredentialSecret, &ao.ApplicationCredentialSecret}, } for _, s := range overrides { if *s.From != "" { *s.To = *s.From } } // Build the client itself client, err := openstack.NewClient(ao.IdentityEndpoint) if err != nil { return []error{err} } tls_config := &tls.Config{} if c.CACertFile != "" { caCert, err := ioutil.ReadFile(c.CACertFile) if err != nil { return []error{err} } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) tls_config.RootCAs = caCertPool } // If we have insecure set, then create a custom HTTP client that // ignores SSL errors. if c.Insecure { tls_config.InsecureSkipVerify = true } if c.ClientCertFile != "" && c.ClientKeyFile != "" { cert, err := tls.LoadX509KeyPair(c.ClientCertFile, c.ClientKeyFile) if err != nil { return []error{err} } tls_config.Certificates = []tls.Certificate{cert} } transport := cleanhttp.DefaultTransport() transport.TLSClientConfig = tls_config client.HTTPClient.Transport = transport // Auth err = openstack.Authenticate(client, *ao) if err != nil { return []error{err} } c.osClient = client return nil } func (c *AccessConfig) computeV2Client() (*gophercloud.ServiceClient, error) { return openstack.NewComputeV2(c.osClient, gophercloud.EndpointOpts{ Region: c.Region, Availability: c.getEndpointType(), }) } func (c *AccessConfig) imageV2Client() (*gophercloud.ServiceClient, error) { return openstack.NewImageServiceV2(c.osClient, gophercloud.EndpointOpts{ Region: c.Region, Availability: c.getEndpointType(), }) } func (c *AccessConfig) blockStorageV3Client() (*gophercloud.ServiceClient, error) { return openstack.NewBlockStorageV3(c.osClient, gophercloud.EndpointOpts{ Region: c.Region, Availability: c.getEndpointType(), }) } func (c *AccessConfig) networkV2Client() (*gophercloud.ServiceClient, error) { return openstack.NewNetworkV2(c.osClient, gophercloud.EndpointOpts{ Region: c.Region, Availability: c.getEndpointType(), }) } func (c *AccessConfig) getEndpointType() gophercloud.Availability { if c.EndpointType == "internal" || c.EndpointType == "internalURL" { return gophercloud.AvailabilityInternal } if c.EndpointType == "admin" || c.EndpointType == "adminURL" { return gophercloud.AvailabilityAdmin } return gophercloud.AvailabilityPublic }