From 5f673c8286c21480fe2bf0b442662a66dcdba750 Mon Sep 17 00:00:00 2001
From: Sergio Cazzolato <sergio.cazzolato@canonical.com>
Date: Tue, 12 Mar 2024 22:31:53 -0300
Subject: [PATCH] Allow authentication with key and secret

Also include test to validate the key/secret authentication and tne env
file
---
 spread/openstack.go         | 18 +++++++++++++-----
 tests/openstack/spread.yaml |  1 +
 tests/openstack/task.yaml   |  8 ++++++++
 3 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/spread/openstack.go b/spread/openstack.go
index 68b7e030..2b35a2ff 100644
--- a/spread/openstack.go
+++ b/spread/openstack.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"os"
 	"strconv"
 	"strings"
 	"sync"
@@ -752,11 +753,18 @@ func (p *openstackProvider) checkKey() error {
 			return &FatalError{fmt.Errorf("cannot retrieve credentials from env: %v", err)}
 		}
 
-		// Select the appropiate version of the UserPass authentication method
-		var authmode = identity.AuthUserPassV3
-		if cred.Version > 0 && cred.Version != 3 {
-			authmode = identity.AuthUserPass
-		}
+		// Select the appropiate authentication method
+		var authmode identity.AuthMode
+		if os.Getenv("OS_ACCESS_KEY") != "" && os.Getenv("OS_SECRET_KEY") != "" {
+			authmode = identity.AuthKeyPair
+		} else if os.Getenv("OS_USERNAME") != "" && os.Getenv("OS_PASSWORD") != "" {
+				authmode = identity.AuthUserPassV3
+				if cred.Version > 0 && cred.Version != 3 {
+					authmode = identity.AuthUserPass
+				}
+		} else {
+			return &FatalError{fmt.Errorf("cannot determine authentication method to use")}
+		}		  
 
 		authClient := gooseClient.NewClient(cred, authmode, nil)
 		err = authClient.Authenticate()
diff --git a/tests/openstack/spread.yaml b/tests/openstack/spread.yaml
index 4f728b66..ef56c99c 100644
--- a/tests/openstack/spread.yaml
+++ b/tests/openstack/spread.yaml
@@ -2,6 +2,7 @@ project: spread
 
 backends:
     openstack:
+        key: '$(HOST: echo "$SPREAD_OPENSTACK_ENV")'
         plan: m1.tiny
         halt-timeout: 1s
         systems:
diff --git a/tests/openstack/task.yaml b/tests/openstack/task.yaml
index b15fa298..cfb0ebb3 100644
--- a/tests/openstack/task.yaml
+++ b/tests/openstack/task.yaml
@@ -21,6 +21,7 @@ execute: |
     # The instance was created and the status has to be active to
     # fail trying to access through ssh
     ! spread openstack:cirros-64: -v -reuse -resend &> task.out
+    grep 'Allocating openstack:cirros-64' task.out
     grep 'cannot find ready marker in console output for.*: timeout reached' task.out
 
     # Check that the server is discarded during the spread execution
@@ -32,6 +33,13 @@ execute: |
     done
     test -z "$(openstack server list)"
 
+    # check the authentication method can be updated
+    echo -e "OS_ACCESS_KEY=test\nOS_SECRET_KEY=test" > test.env
+    ! SPREAD_OPENSTACK_ENV=test.env spread openstack:cirros-64: -v -reuse -resend &> task.out
+    grep 'Allocating openstack:cirros-64' task.out
+    grep 'cannot authenticate' task.out
+    rm test.env
+
     # Check the error in case the network does not exist
     ! spread openstack:cirros-64-wrong-network: -v -reuse -resend &> task.out
     grep 'cannot find valid network with name "invalid"' task.out