Add support for system scope auth

sapcc · Sep 14, 2023 · 2816e80 · 2816e80
1 parent 5da22c4
commit 2816e80
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/ccloud/provider.go b/ccloud/provider.go
@@ -9,6 +9,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/meta"
 
+	"github.com/gophercloud/gophercloud"
 	"github.com/gophercloud/utils/terraform/auth"
 	"github.com/gophercloud/utils/terraform/mutexkv"
 )
@@ -159,6 +160,13 @@ func Provider() *schema.Provider {
 				Description: descriptions["default_domain"],
 			},
 
+			"system_scope": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("OS_SYSTEM_SCOPE", false),
+				Description: descriptions["system_scope"],
+			},
+
 			"insecure": {
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -332,6 +340,8 @@ func init() {
 
 		"default_domain": "The name of the Domain ID to scope to if no other domain is specified. Defaults to `default` (Identity v3).",
 
+		"system_scope": "If set to `true`, system scoped authorization will be enabled. Defaults to `false` (Identity v3).",
+
 		"insecure": "Trust self-signed certificates.",
 
 		"cacert_file": "A Custom CA certificate.",
@@ -370,6 +380,10 @@ func configureProvider(d *schema.ResourceData, terraformVersion string) (interfa
 		}
 	}
 
+	authOpts := &gophercloud.AuthOptions{
+		Scope: &gophercloud.AuthScope{System: d.Get("system_scope").(bool)},
+	}
+
 	config := Config{
 		auth.Config{
 			CACertFile:                  d.Get("cacert_file").(string),
@@ -398,6 +412,7 @@ func configureProvider(d *schema.ResourceData, terraformVersion string) (interfa
 			ApplicationCredentialSecret: d.Get("application_credential_secret").(string),
 			DelayedAuth:                 d.Get("delayed_auth").(bool),
 			AllowReauth:                 d.Get("allow_reauth").(bool),
+			AuthOpts:                    authOpts,
 			MaxRetries:                  d.Get("max_retries").(int),
 			DisableNoCacheHeader:        d.Get("disable_no_cache_header").(bool),
 			TerraformVersion:            terraformVersion,

diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown
@@ -128,6 +128,8 @@ The following arguments are supported:
   `OS_DEFAULT_DOMAIN` is checked or a default value of "default" will be
   used.
 
+* `system_scope` - (Optional) Set to `true` to enable system scoped authorization. If omitted, the `OS_SYSTEM_SCOPE` environment variable is used.
+
 * `insecure` - (Optional) Trust self-signed SSL certificates. If omitted, the
   `OS_INSECURE` environment variable is used.