Skip to content

nimbolus/tf-openstack-oidc-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Terraform Module - OpenStack OIDC Auth

The OpenStack Terraform provider does not support authenticating against Keystone using the OIDC Access Token flow. To mitigate that, this module uses the OpenStack CLI to do the initial authentication and requesting a Keystone token which then can be used with the provider.

Requirements:

Example code:

data "vault_generic_secret" "openstack_access_token" {
  path = "identity/oidc/token/openstack-cloud-project"
}

module "openstack_oidc_auth" {
  source = "git::https://github.com/nimbolus/tf-openstack-oidc-auth.git?ref=v0.1.0"

  auth_url            = var.openstack_auth_url
  identity_provider   = "vault"
  project_domain_name = "demo"
  project_name        = "demo"
  access_token        = data.vault_generic_secret.openstack_access_token.data["token"]
}

provider "openstack" {
  auth_url  = var.openstack_auth_url
  region    = var.openstack_region
  tenant_id = module.openstack_oidc_auth.project_id
  token     = module.openstack_oidc_auth.token
}

About

Terraform module for authenticating against OpenStack using OIDC Access Token flow

Topics

Resources

License

Stars

Watchers

Forks