config: add OpenStack in-cluster authentication settings

internal/config/config.go

@@ -241,9 +241,24 @@ type OpenStackConfig struct {
 	//   Floating IP pool to use for the VMs. For details see: https://docs.openstack.org/ocata/user-guide/cli-manage-ip-addresses.html
 	FloatingIPPoolID string `yaml:"floatingIPPoolID" validate:"required"`
 	// description: |
+	// AuthURL is the OpenStack Identity endpoint to use inside the cluster.
+	AuthURL string `yaml:"authURL" validate:"required"`
+	// description: |
+	//   ProjectID is the ID of the project where a user resides.
+	ProjectID string `yaml:"projectID" validate:"required"`
+	// description: |
+	//   ProjectName is the name of the project where a user resides.
+	ProjectName string `yaml:"projectName" validate:"required"`
+	// description: |
 	//   UserDomainName is the name of the domain where a user resides.
 	UserDomainName string `yaml:"userDomainName" validate:"required"`
 	// description: |
+	//   ProjectDomainName is the name of the domain where a project resides.
+	ProjectDomainName string `yaml:"projectDomainName" validate:"required"`
+	// description: |
+	// RegionName is the name of the region to use inside the cluster.
+	RegionName string `yaml:"regionName" validate:"required"`
+	// description: |
 	//   Username to use inside the cluster.
 	Username string `yaml:"username" validate:"required"`
 	// description: |

internal/config/config_doc.go

@@ -335,7 +335,7 @@ func init() {
 			FieldName: "openstack",
 		},
 	}
-	OpenStackConfigDoc.Fields = make([]encoder.Doc, 8)
+	OpenStackConfigDoc.Fields = make([]encoder.Doc, 13)
 	OpenStackConfigDoc.Fields[0].Name = "cloud"
 	OpenStackConfigDoc.Fields[0].Type = "string"
 	OpenStackConfigDoc.Fields[0].Note = ""
@@ -356,26 +356,51 @@ func init() {
 	OpenStackConfigDoc.Fields[3].Note = ""
 	OpenStackConfigDoc.Fields[3].Description = "Floating IP pool to use for the VMs. For details see: https://docs.openstack.org/ocata/user-guide/cli-manage-ip-addresses.html"
 	OpenStackConfigDoc.Fields[3].Comments[encoder.LineComment] = "Floating IP pool to use for the VMs. For details see: https://docs.openstack.org/ocata/user-guide/cli-manage-ip-addresses.html"
-	OpenStackConfigDoc.Fields[4].Name = "userDomainName"
+	OpenStackConfigDoc.Fields[4].Name = "authURL"
 	OpenStackConfigDoc.Fields[4].Type = "string"
 	OpenStackConfigDoc.Fields[4].Note = ""
-	OpenStackConfigDoc.Fields[4].Description = "UserDomainName is the name of the domain where a user resides."
-	OpenStackConfigDoc.Fields[4].Comments[encoder.LineComment] = "UserDomainName is the name of the domain where a user resides."
-	OpenStackConfigDoc.Fields[5].Name = "username"
+	OpenStackConfigDoc.Fields[4].Description = "description: |\nAuthURL is the OpenStack Identity endpoint to use inside the cluster.\n"
+	OpenStackConfigDoc.Fields[4].Comments[encoder.LineComment] = "description: |"
+	OpenStackConfigDoc.Fields[5].Name = "projectID"
 	OpenStackConfigDoc.Fields[5].Type = "string"
 	OpenStackConfigDoc.Fields[5].Note = ""
-	OpenStackConfigDoc.Fields[5].Description = "Username to use inside the cluster."
-	OpenStackConfigDoc.Fields[5].Comments[encoder.LineComment] = "Username to use inside the cluster."
-	OpenStackConfigDoc.Fields[6].Name = "password"
+	OpenStackConfigDoc.Fields[5].Description = "ProjectID is the ID of the project where a user resides."
+	OpenStackConfigDoc.Fields[5].Comments[encoder.LineComment] = "ProjectID is the ID of the project where a user resides."
+	OpenStackConfigDoc.Fields[6].Name = "projectName"
 	OpenStackConfigDoc.Fields[6].Type = "string"
 	OpenStackConfigDoc.Fields[6].Note = ""
-	OpenStackConfigDoc.Fields[6].Description = "Password to use inside the cluster. You can instead use the environment variable \"CONSTELL_OS_PASSWORD\"."
-	OpenStackConfigDoc.Fields[6].Comments[encoder.LineComment] = "Password to use inside the cluster. You can instead use the environment variable \"CONSTELL_OS_PASSWORD\"."
-	OpenStackConfigDoc.Fields[7].Name = "directDownload"
-	OpenStackConfigDoc.Fields[7].Type = "bool"
+	OpenStackConfigDoc.Fields[6].Description = "ProjectName is the name of the project where a user resides."
+	OpenStackConfigDoc.Fields[6].Comments[encoder.LineComment] = "ProjectName is the name of the project where a user resides."
+	OpenStackConfigDoc.Fields[7].Name = "userDomainName"
+	OpenStackConfigDoc.Fields[7].Type = "string"
 	OpenStackConfigDoc.Fields[7].Note = ""
-	OpenStackConfigDoc.Fields[7].Description = "If enabled, downloads OS image directly from source URL to OpenStack. Otherwise, downloads image to local machine and uploads to OpenStack."
-	OpenStackConfigDoc.Fields[7].Comments[encoder.LineComment] = "If enabled, downloads OS image directly from source URL to OpenStack. Otherwise, downloads image to local machine and uploads to OpenStack."
+	OpenStackConfigDoc.Fields[7].Description = "UserDomainName is the name of the domain where a user resides."
+	OpenStackConfigDoc.Fields[7].Comments[encoder.LineComment] = "UserDomainName is the name of the domain where a user resides."
+	OpenStackConfigDoc.Fields[8].Name = "projectDomainName"
+	OpenStackConfigDoc.Fields[8].Type = "string"
+	OpenStackConfigDoc.Fields[8].Note = ""
+	OpenStackConfigDoc.Fields[8].Description = "ProjectDomainName is the name of the domain where a project resides."
+	OpenStackConfigDoc.Fields[8].Comments[encoder.LineComment] = "ProjectDomainName is the name of the domain where a project resides."
+	OpenStackConfigDoc.Fields[9].Name = "regionName"
+	OpenStackConfigDoc.Fields[9].Type = "string"
+	OpenStackConfigDoc.Fields[9].Note = ""
+	OpenStackConfigDoc.Fields[9].Description = "description: |\nRegionName is the name of the region to use inside the cluster.\n"
+	OpenStackConfigDoc.Fields[9].Comments[encoder.LineComment] = "description: |"
+	OpenStackConfigDoc.Fields[10].Name = "username"
+	OpenStackConfigDoc.Fields[10].Type = "string"
+	OpenStackConfigDoc.Fields[10].Note = ""
+	OpenStackConfigDoc.Fields[10].Description = "Username to use inside the cluster."
+	OpenStackConfigDoc.Fields[10].Comments[encoder.LineComment] = "Username to use inside the cluster."
+	OpenStackConfigDoc.Fields[11].Name = "password"
+	OpenStackConfigDoc.Fields[11].Type = "string"
+	OpenStackConfigDoc.Fields[11].Note = ""
+	OpenStackConfigDoc.Fields[11].Description = "Password to use inside the cluster. You can instead use the environment variable \"CONSTELL_OS_PASSWORD\"."
+	OpenStackConfigDoc.Fields[11].Comments[encoder.LineComment] = "Password to use inside the cluster. You can instead use the environment variable \"CONSTELL_OS_PASSWORD\"."
+	OpenStackConfigDoc.Fields[12].Name = "directDownload"
+	OpenStackConfigDoc.Fields[12].Type = "bool"
+	OpenStackConfigDoc.Fields[12].Note = ""
+	OpenStackConfigDoc.Fields[12].Description = "If enabled, downloads OS image directly from source URL to OpenStack. Otherwise, downloads image to local machine and uploads to OpenStack."
+	OpenStackConfigDoc.Fields[12].Comments[encoder.LineComment] = "If enabled, downloads OS image directly from source URL to OpenStack. Otherwise, downloads image to local machine and uploads to OpenStack."
 
 	QEMUConfigDoc.Type = "QEMUConfig"
 	QEMUConfigDoc.Comments[encoder.LineComment] = "QEMUConfig holds config information for QEMU based Constellation deployments."

internal/config/config_test.go

@@ -187,7 +187,7 @@ func TestNewWithDefaultOptions(t *testing.T) {
 }
 
 func TestValidate(t *testing.T) {
-	const defaultErrCount = 26 // expect this number of error messages by default because user-specific values are not set and multiple providers are defined by default
+	const defaultErrCount = 31 // expect this number of error messages by default because user-specific values are not set and multiple providers are defined by default
 	const azErrCount = 9
 	const gcpErrCount = 6
 

internal/config/validation.go

@@ -493,6 +493,9 @@ func (c *Config) validAttestVariant(_ validator.FieldLevel) bool {
 		return c.Provider.AWS != nil
 	case oid.AzureSEVSNP{}, oid.AzureTrustedLaunch{}:
 		return c.Provider.Azure != nil
+	// TODO(malt3): remove this case once we have a vTPM for OpenStack
+	case oid.Dummy{}:
+		return c.Provider.OpenStack != nil
 	case oid.GCPSEVES{}:
 		return c.Provider.GCP != nil
 	case oid.QEMUVTPM{}: