Move to keystone auth (#236)

Use keystone to auth and service-discovery
selectel · Sep 26, 2023 · fcf2b5d · fcf2b5d
1 parent c36ca80
commit fcf2b5d
Show file tree

Hide file tree

Showing 123 changed files with 1,281 additions and 1,393 deletions.
diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml
@@ -29,5 +29,6 @@ jobs:
       - name: Run test
         run: make testacc
         env:
-          SEL_TOKEN: ${{ secrets.SEL_TOKEN }}
-
+          OS_DOMAIN_NAME: ${{ secrets.OS_DOMAIN_NAME }}
+          OS_USERNAME:    ${{ secrets.OS_USERNAME }}
+          OS_PASSWORD:    ${{ secrets.OS_PASSWORD }}
diff --git a/examples/project-with-floating-ips/README.md b/examples/project-with-floating-ips/README.md
@@ -9,7 +9,7 @@ Created project and floating IPs then can be used to create OpenStack instances.
 You can use [terraform-provider-openstack](https://github.com/terraform-providers/terraform-provider-openstack)
 to manage OpenStack instances inside the created project.
 
-To run this example you need to set `SEL_TOKEN` variable with a token key string
-that you can get from the [apikeys](https://my.selectel.ru/profile/apikeys) page.
+To run this example you need to set `OS_DOMAIN_NAME` (your account id), `OS_USERNAME`, `OS_PASSWORD` variables with
+authentication info that you can get from the [service users](https://my.selectel.ru/profile/users_management/users?type=service) page.
 
 You can find additional examples in the [selectel/terraform-examples](https://github.com/selectel/terraform-examples).
diff --git a/go.mod b/go.mod
@@ -3,12 +3,13 @@ module github.com/terraform-providers/terraform-provider-selectel
 go 1.20
 
 require (
+	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-retryablehttp v0.6.6
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.1
 	github.com/selectel/craas-go v0.3.0
 	github.com/selectel/dbaas-go v0.9.0
-	github.com/selectel/domains-go v0.4.0
-	github.com/selectel/go-selvpcclient/v2 v2.1.1
+	github.com/selectel/domains-go v0.5.0
+	github.com/selectel/go-selvpcclient/v3 v3.0.3
 	github.com/selectel/mks-go v0.12.0
 	github.com/stretchr/testify v1.7.2
 )
@@ -21,11 +22,11 @@ require (
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/gophercloud/gophercloud v1.0.0 // indirect
+	github.com/google/go-querystring v1.1.0 // indirect
+	github.com/gophercloud/gophercloud v1.5.0 // indirect
 	github.com/hashicorp/errwrap v1.0.0 // indirect
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 // indirect
 	github.com/hashicorp/go-hclog v1.2.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-plugin v1.4.6 // indirect
@@ -54,7 +55,7 @@ require (
 	github.com/vmihailenco/msgpack/v4 v4.3.12 // indirect
 	github.com/vmihailenco/tagparser v0.1.1 // indirect
 	github.com/zclconf/go-cty v1.12.1 // indirect
-	golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 // indirect
+	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 // indirect
 	golang.org/x/net v0.7.0 // indirect
 	golang.org/x/sys v0.5.0 // indirect
 	golang.org/x/text v0.7.0 // indirect

diff --git a/go.sum b/go.sum
@@ -45,12 +45,15 @@ github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/gophercloud/gophercloud v1.0.0 h1:9nTGx0jizmHxDobe4mck89FyQHVyA3CaXLIUSGJjP9k=
-github.com/gophercloud/gophercloud v1.0.0/go.mod h1:Q8fZtyi5zZxPS/j9aj3sSxtvj41AdQMDwyo1myduD5c=
+github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
+github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
+github.com/gophercloud/gophercloud v1.5.0 h1:cDN6XFCLKiiqvYpjQLq9AiM7RDRbIC9450WpPH+yvXo=
+github.com/gophercloud/gophercloud v1.5.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM=
 github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
@@ -150,10 +153,12 @@ github.com/selectel/craas-go v0.3.0 h1:tXiw3LNN+ZVV0wZdeBBXX6u8kMuA5PV/5W1uYqV0y
 github.com/selectel/craas-go v0.3.0/go.mod h1:9RAUn9PdMITP4I3GAade6v2hjB2j3lo3J2dDlG5SLYE=
 github.com/selectel/dbaas-go v0.9.0 h1:IAmiyxkRtfLZg1JUdIhcsE5jpdBvsZibPCqyhB+yV30=
 github.com/selectel/dbaas-go v0.9.0/go.mod h1:8D945oFzpx94v08zIb4s1bRTPCdPoNVnBu4umMYFJrQ=
-github.com/selectel/domains-go v0.4.0 h1:mVUeJK8oW9XMizft7Vu4OCyvjbzq4+o+zHgzJ2ZxnIY=
-github.com/selectel/domains-go v0.4.0/go.mod h1:AhXhwyMSTkpEWFiBLUvzFP76W+WN+ZblwmjLJLt7y58=
-github.com/selectel/go-selvpcclient/v2 v2.1.1 h1:dW8AEDeDkMCBb94NMCiNq/vK4n+f6kcGKsUuMwBcq+A=
-github.com/selectel/go-selvpcclient/v2 v2.1.1/go.mod h1:kFPnYYxcgJHybnmYEmZ9S+G0MNe8wBmYhhCkEqYjAuc=
+github.com/selectel/domains-go v0.5.0 h1:RCrWY/9KHVtfdA+X8M+DDzsjILxFChhY70HnJEu1Y2U=
+github.com/selectel/domains-go v0.5.0/go.mod h1:AhXhwyMSTkpEWFiBLUvzFP76W+WN+ZblwmjLJLt7y58=
+github.com/selectel/go-selvpcclient/v3 v3.0.2 h1:x5xoBch49IDrC4CInDA8r6aUZmz7n1YoUttsk/EUmd8=
+github.com/selectel/go-selvpcclient/v3 v3.0.2/go.mod h1:NM7IXhh1IzqZ88DOw1Qc5Ez3tULLViXo95l5+rKPuyQ=
+github.com/selectel/go-selvpcclient/v3 v3.0.3 h1:fMankYOukZLvWByuWpKXYVJLjwN1JiFDozafK18tmxM=
+github.com/selectel/go-selvpcclient/v3 v3.0.3/go.mod h1:NM7IXhh1IzqZ88DOw1Qc5Ez3tULLViXo95l5+rKPuyQ=
 github.com/selectel/mks-go v0.12.0 h1:nLWHK8BXkhFlXvjFqf7WRrdAfvmrOhQzDSLx7BGa6aM=
 github.com/selectel/mks-go v0.12.0/go.mod h1:FcFqF3WvZIhztyAt1+ZySKf0zWmCEvg9e2gRwxVyQOw=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
@@ -187,9 +192,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk
 golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211202192323-5770296d904e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167 h1:O8uGbHCqlTp2P6QJSLmCojM4mN6UemYv8K+dCnmHmu0=
-golang.org/x/crypto v0.0.0-20220517005047-85d78b3ac167/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
+golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=

diff --git a/selectel/config.go b/selectel/config.go
@@ -1,60 +1,97 @@
 package selectel
 
 import (
-	"errors"
-	"strings"
-
-	"github.com/hashicorp/go-retryablehttp"
-	domainsV1 "github.com/selectel/domains-go/pkg/v1"
-	"github.com/selectel/go-selvpcclient/v2/selvpcclient"
-	"github.com/selectel/go-selvpcclient/v2/selvpcclient/quotamanager"
-	"github.com/selectel/go-selvpcclient/v2/selvpcclient/resell"
-	resellV2 "github.com/selectel/go-selvpcclient/v2/selvpcclient/resell/v2"
+	"context"
+	"fmt"
+	"sync"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/selectel/go-selvpcclient/v3/selvpcclient"
+)
+
+var (
+	cfgSingletone *Config
+	once          sync.Once
 )
 
 // Config contains all available configuration options.
 type Config struct {
-	Token     string
-	Endpoint  string
-	ProjectID string
 	Region    string
+	ProjectID string
+
+	Context        context.Context
+	AuthURL        string
+	Username       string
+	Password       string
+	UserDomainName string
+	DomainName     string
+	clientsCache   map[string]*selvpcclient.Client
+	lock           sync.Mutex
 }
 
-// Validate performs config validation.
-func (c *Config) Validate() error {
-	if c.Token == "" {
-		return errors.New("token must be specified")
-	}
-	if c.Endpoint == "" {
-		c.Endpoint = strings.Join([]string{resell.Endpoint, resellV2.APIVersion}, "/")
-	}
-	if c.Region != "" {
-		if err := validateRegion(c.Region); err != nil {
-			return err
+func getConfig(d *schema.ResourceData) (*Config, diag.Diagnostics) {
+	var err error
+
+	once.Do(func() {
+		cfgSingletone = &Config{
+			Username:   d.Get("username").(string),
+			Password:   d.Get("password").(string),
+			DomainName: d.Get("domain_name").(string),
+		}
+		if v, ok := d.GetOk("auth_url"); ok {
+			cfgSingletone.AuthURL = v.(string)
+		}
+		if v, ok := d.GetOk("user_domain_name"); ok {
+			cfgSingletone.UserDomainName = v.(string)
+		}
+		if v, ok := d.GetOk("project_id"); ok {
+			cfgSingletone.ProjectID = v.(string)
 		}
+		if v, ok := d.GetOk("region"); ok {
+			cfgSingletone.Region = v.(string)
+		}
+	})
+	if err != nil {
+		return nil, diag.FromErr(err)
 	}
 
-	return nil
+	return cfgSingletone, nil
 }
 
-func (c *Config) resellV2Client() *selvpcclient.ServiceClient {
-	return resellV2.NewV2ResellClientWithEndpoint(c.Token, c.Endpoint)
+func (c *Config) GetSelVPCClient() (*selvpcclient.Client, error) {
+	return c.GetSelVPCClientWithProjectScope("")
 }
 
-func (c *Config) domainsV1Client() *domainsV1.ServiceClient {
-	domainsClient := domainsV1.NewDomainsClientV1WithDefaultEndpoint(c.Token)
-	retryClient := retryablehttp.NewClient()
-	retryClient.Logger = nil // Ignore retyablehttp client logs
-	retryClient.RetryWaitMin = domainsV1DefaultRetryWaitMin
-	retryClient.RetryWaitMax = domainsV1DefaultRetryWaitMax
-	retryClient.RetryMax = domainsV1DefaultRetry
-	domainsClient.HTTPClient = retryClient.StandardClient()
+func (c *Config) GetSelVPCClientWithProjectScope(projectID string) (*selvpcclient.Client, error) {
+	c.lock.Lock()
+	defer c.lock.Unlock()
 
-	return domainsClient
-}
+	clientsCacheKey := fmt.Sprintf("client_%s", projectID)
+
+	if client, ok := c.clientsCache[clientsCacheKey]; ok {
+		return client, nil
+	}
+
+	opts := &selvpcclient.ClientOptions{
+		DomainName:     c.DomainName,
+		Username:       c.Username,
+		Password:       c.Password,
+		ProjectID:      projectID,
+		AuthURL:        c.AuthURL,
+		UserDomainName: c.UserDomainName,
+	}
+
+	client, err := selvpcclient.NewClient(opts)
+	if err != nil {
+		return nil, err
+	}
+
+	if c.clientsCache == nil {
+		c.clientsCache = map[string]*selvpcclient.Client{}
+	}
+
+	c.clientsCache[clientsCacheKey] = client
 
-func (c *Config) quotaManagerRegionalClient(
-	identity quotamanager.IdentityManagerInterface,
-) *quotamanager.QuotaRegionalClient {
-	return quotamanager.NewQuotaRegionalClient(selvpcclient.NewHTTPClient(), identity)
+	return client, nil
 }
diff --git a/selectel/config_test.go b/selectel/config_test.go
diff --git a/selectel/craas.go b/selectel/craas.go
@@ -3,17 +3,19 @@ package selectel
 import (
 	"context"
 	"fmt"
+	"net/url"
 	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	v1 "github.com/selectel/craas-go/pkg"
 	"github.com/selectel/craas-go/pkg/v1/registry"
+	"github.com/selectel/go-selvpcclient/v3/selvpcclient"
 )
 
 const (
-	craasV1Endpoint         = "https://cr.selcloud.ru/api/v1"
-	craasV1RegistryHostName = "cr.selcloud.ru"
-	craasV1TokenUsername    = "token"
+	craasV1TokenUsername = "token"
 )
 
 func waitForCRaaSRegistryV1StableState(
@@ -59,3 +61,45 @@ func craasRegistryV1StateRefreshFunc(
 		return r, string(r.Status), nil
 	}
 }
+
+func getCRaaSClient(d *schema.ResourceData, meta interface{}) (*v1.ServiceClient, diag.Diagnostics) {
+	config := meta.(*Config)
+	selvpcClient, err := config.GetSelVPCClientWithProjectScope(d.Get("project_id").(string))
+	if err != nil {
+		return nil, diag.FromErr(fmt.Errorf("can't get project-scope selvpc client for craas: %w", err))
+	}
+
+	endpoint, diagErr := getEndpointForCRaaS(selvpcClient)
+	if diagErr != nil {
+		return nil, diag.FromErr(fmt.Errorf("can't get endpoint to init craas client: %w", err))
+	}
+
+	craasClient := v1.NewCRaaSClientV1(selvpcClient.GetXAuthToken(), endpoint)
+
+	return craasClient, nil
+}
+
+// https://cr.selcloud.ru/api/v1 -> https://cr.selcloud.ru
+func getHostNameForCRaaS(endpoint string) (string, error) {
+	parsedEndpoint, err := url.Parse(endpoint)
+	if err != nil {
+		return "", fmt.Errorf("cant parse url for craas endpoint: %w", err)
+	}
+
+	return fmt.Sprintf("%s://%s", parsedEndpoint.Scheme, parsedEndpoint.Host), nil
+}
+
+func getEndpointForCRaaS(selvpcClient *selvpcclient.Client) (string, error) {
+	endpoints, err := selvpcClient.Catalog.GetEndpoints(CRaaS)
+	if err != nil {
+		return "", fmt.Errorf("can't get endpoint to for craas: %w", err)
+	}
+
+	// There is no actual regionality for CRaaS, but we need to support any environments where the region is
+	// called whatever
+	if len(endpoints) > 1 {
+		return "", fmt.Errorf("unexpectedly received more than one endpoint for craas")
+	}
+
+	return endpoints[0].URL, nil
+}
diff --git a/selectel/craas_test.go b/selectel/craas_test.go
@@ -0,0 +1,42 @@
+package selectel
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	v1 "github.com/selectel/craas-go/pkg"
+	"github.com/stretchr/testify/assert"
+)
+
+func newCRaaSTestClient(rs *terraform.ResourceState, testAccProvider *schema.Provider) (*v1.ServiceClient, error) {
+	config := testAccProvider.Meta().(*Config)
+
+	var projectID string
+
+	if id, ok := rs.Primary.Attributes["project_id"]; ok {
+		projectID = id
+	}
+
+	selvpcClient, err := config.GetSelVPCClientWithProjectScope(projectID)
+	if err != nil {
+		return nil, fmt.Errorf("can't get selvpc client for craas acc tests: %w", err)
+	}
+
+	craasEndpoint, err := getEndpointForCRaaS(selvpcClient)
+	if err != nil {
+		return nil, fmt.Errorf("can't get endpoint for craas acc tests: %w", err)
+	}
+
+	craasClient := v1.NewCRaaSClientV1(selvpcClient.GetXAuthToken(), craasEndpoint)
+
+	return craasClient, nil
+}
+
+func TestGetHostNameForCRaaS(t *testing.T) {
+	expected := "https://cr.selcloud.ru"
+	actual, err := getHostNameForCRaaS("https://cr.selcloud.ru/api/v1")
+	assert.NoError(t, err)
+	assert.Equal(t, expected, actual)
+}