The OpenStack Terraform provider does not support authenticating against Keystone using the OIDC Access Token flow. To mitigate that, this module uses the OpenStack CLI to do the initial authentication and requesting a Keystone token which then can be used with the provider.
Requirements:
Example code:
data "vault_generic_secret" "openstack_access_token" {
path = "identity/oidc/token/openstack-cloud-project"
}
module "openstack_oidc_auth" {
source = "git::https://github.com/nimbolus/tf-openstack-oidc-auth.git?ref=v0.1.0"
auth_url = var.openstack_auth_url
identity_provider = "vault"
project_domain_name = "demo"
project_name = "demo"
access_token = data.vault_generic_secret.openstack_access_token.data["token"]
}
provider "openstack" {
auth_url = var.openstack_auth_url
region = var.openstack_region
tenant_id = module.openstack_oidc_auth.project_id
token = module.openstack_oidc_auth.token
}