openstack: use password to authenticate in cluster

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

cli/internal/terraform/terraform/openstack/main.tf

@@ -40,7 +40,7 @@ locals {
   ][0]
   identity_endpoint = [
     for endpoint in local.identity_service.endpoints :
-    endpoint if(endpoint.interface == "internal")
+    endpoint if(endpoint.interface == "public")
   ][0]
   identity_internal_url = local.identity_endpoint.url
 }
@@ -138,43 +138,43 @@ resource "openstack_compute_secgroup_v2" "vpc_secgroup" {
 }
 
 module "instance_group_control_plane" {
-  source         = "./modules/instance_group"
-  name           = local.name
-  role           = "ControlPlane"
-  instance_count = var.control_plane_count
-  image_id       = openstack_images_image_v2.constellation_os_image.image_id
-  flavor_id      = var.flavor_id
-  security_groups = [
-    openstack_compute_secgroup_v2.vpc_secgroup.id,
-  ]
-  tags                            = local.tags
-  uid                             = local.uid
-  disk_size                       = var.state_disk_size
-  availability_zone               = var.availability_zone
-  network_id                      = openstack_networking_network_v2.vpc_network.id
-  init_secret_hash                = local.initSecretHash
-  identity_internal_url           = local.identity_internal_url
-  openstack_service_account_token = var.openstack_service_account_token
+  source                     = "./modules/instance_group"
+  name                       = local.name
+  role                       = "ControlPlane"
+  instance_count             = var.control_plane_count
+  image_id                   = openstack_images_image_v2.constellation_os_image.image_id
+  flavor_id                  = var.flavor_id
+  security_groups            = [openstack_compute_secgroup_v2.vpc_secgroup.id]
+  tags                       = local.tags
+  uid                        = local.uid
+  disk_size                  = var.state_disk_size
+  availability_zone          = var.availability_zone
+  network_id                 = openstack_networking_network_v2.vpc_network.id
+  init_secret_hash           = local.initSecretHash
+  identity_internal_url      = local.identity_internal_url
+  openstack_username         = var.openstack_username
+  openstack_password         = var.openstack_password
+  openstack_user_domain_name = var.openstack_user_domain_name
 }
 
 module "instance_group_worker" {
-  source         = "./modules/instance_group"
-  name           = local.name
-  role           = "Worker"
-  instance_count = var.worker_count
-  image_id       = openstack_images_image_v2.constellation_os_image.image_id
-  flavor_id      = var.flavor_id
-  tags           = local.tags
-  uid            = local.uid
-  security_groups = [
-    openstack_compute_secgroup_v2.vpc_secgroup.id,
-  ]
-  disk_size                       = var.state_disk_size
-  availability_zone               = var.availability_zone
-  network_id                      = openstack_networking_network_v2.vpc_network.id
-  init_secret_hash                = local.initSecretHash
-  identity_internal_url           = local.identity_internal_url
-  openstack_service_account_token = var.openstack_service_account_token
+  source                     = "./modules/instance_group"
+  name                       = local.name
+  role                       = "Worker"
+  instance_count             = var.worker_count
+  image_id                   = openstack_images_image_v2.constellation_os_image.image_id
+  flavor_id                  = var.flavor_id
+  tags                       = local.tags
+  uid                        = local.uid
+  security_groups            = [openstack_compute_secgroup_v2.vpc_secgroup.id]
+  disk_size                  = var.state_disk_size
+  availability_zone          = var.availability_zone
+  network_id                 = openstack_networking_network_v2.vpc_network.id
+  init_secret_hash           = local.initSecretHash
+  identity_internal_url      = local.identity_internal_url
+  openstack_username         = var.openstack_username
+  openstack_password         = var.openstack_password
+  openstack_user_domain_name = var.openstack_user_domain_name
 }
 
 resource "openstack_networking_floatingip_v2" "public_ip" {

cli/internal/terraform/terraform/openstack/modules/instance_group/main.tf

@@ -52,7 +52,9 @@ resource "openstack_compute_instance_v2" "instance_group_member" {
     constellation-uid              = var.uid
     constellation-init-secret-hash = var.init_secret_hash
     openstack-auth-url             = var.identity_internal_url
+    openstack-username             = var.openstack_username
+    openstack-password             = var.openstack_password
+    openstack-user-domain-name     = var.openstack_user_domain_name
   }
-  user_data               = var.openstack_service_account_token
   availability_zone_hints = var.availability_zone
 }

cli/internal/terraform/terraform/openstack/modules/instance_group/variables.tf

@@ -67,8 +67,17 @@ variable "identity_internal_url" {
   description = "Internal URL of the Identity service."
 }
 
-
-variable "openstack_service_account_token" {
+variable "openstack_user_domain_name" {
   type        = string
-  description = "OpenStack service account token."
+  description = "OpenStack user domain name."
+}
+
+variable "openstack_username" {
+  type        = string
+  description = "OpenStack user name."
+}
+
+variable "openstack_password" {
+  type        = string
+  description = "OpenStack password."
 }

cli/internal/terraform/terraform/openstack/variables.tf

@@ -51,11 +51,20 @@ variable "floating_ip_pool_id" {
   description = "The pool (network name) to use for floating IPs."
 }
 
-variable "openstack_service_account_token" {
+variable "openstack_user_domain_name" {
   type        = string
-  description = "OpenStack service account token."
+  description = "OpenStack user domain name."
 }
 
+variable "openstack_username" {
+  type        = string
+  description = "OpenStack user name."
+}
+
+variable "openstack_password" {
+  type        = string
+  description = "OpenStack password."
+}
 
 variable "debug" {
   type        = bool