Open Telekom Cloud Provider¶
The Open Telekom Cloud provider is used to interact with the many resources supported by OpenTelekomCloud. The provider needs to be configured with the proper credentials before it can be used.
Use the navigation to the left to read about the available resources.
Example Usage¶
# Configure the OpenTelekomCloud Provider
provider "opentelekomcloud" {
user_name = var.user_name
password = var.password
domain_name = var.domain_name
tenant_name = var.tenant_name
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
}
# Create a web server
resource "opentelekomcloud_compute_instance_v2" "test-server" {
# ...
}
Authentication¶
This provider offers 5 means for authentication.
User name + Password
AK/SK
Token
Federated
Assume Role
OpenStack configuration file
User name + Password¶
provider "opentelekomcloud" {
user_name = var.user_name
password = var.password
domain_name = var.domain_name
tenant_name = var.tenant_name
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
}
AKSK¶
provider "opentelekomcloud" {
access_key = var.access_key
secret_key = var.secret_key
domain_name = var.domain_name
tenant_name = var.tenant_name
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
}
Temporary AKSK¶
provider "opentelekomcloud" {
access_key = var.access_key
secret_key = var.secret_key
security_token = var.security_token
domain_name = var.domain_name
tenant_name = var.tenant_name
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
}
Token¶
provider "opentelekomcloud" {
token = var.token
domain_name = var.domain_name
tenant_name = var.tenant_name
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
}
-> If token, AK/SK and password are set simultaneously, authentication will be done in the following order: Token, AK/SK, and Password.
Federated¶
provider "opentelekomcloud" {
token = var.token
security_token = var.security_token
access_key = var.access_key
secret_key = var.secret_key
domain_name = var.domain_name
tenant_name = var.tenant_name
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
}
Assume Role¶
User name + Password¶
provider "opentelekomcloud" {
agency_name = var.agency_name
agency_domain_name = var.agency_domain_name
delegated_project = var.delegated_project
user_name = var.user_name
password = var.password
domain_name = var.domain_name
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
}
User ID + Password + TOTP¶
provider "opentelekomcloud" {
agency_name = var.agency_name
agency_domain_name = var.agency_domain_name
delegated_project = var.delegated_project
user_id = var.user_id
password = var.password
domain_name = var.domain_name
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
passcode = var.passcode
}
AK/SK¶
provider "opentelekomcloud" {
agency_name = var.agency_name
agency_domain_name = var.agency_domain_name
delegated_project = var.delegated_project
access_key = var.access_key
secret_key = var.secret_key
domain_name = var.domain_name
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
}
Temporary AKSK¶
provider "opentelekomcloud" {
agency_name = var.agency_name
agency_domain_name = var.agency_domain_name
delegated_project = var.delegated_project
access_key = var.access_key
secret_key = var.secret_key
security_token = var.security_token
domain_name = var.domain_name
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
}
Token¶
provider "opentelekomcloud" {
agency_name = var.agency_name
agency_domain_name = var.agency_domain_name
delegated_project = var.delegated_project
token = var.token
auth_url = "https://iam.eu-de.otc.t-systems.com/v3"
}
token specified is not the normal token, but must have the authority of Agent Operator.
OpenStack configuration file¶
provider "opentelekomcloud" {
cloud = var.cloud_name
}
cloud should be the name of cloud in clouds.yaml
See OpenStack configuration documentation for details.
Configuration Reference¶
The following arguments are supported:
access_key- (Optional) The access key of the OpenTelekomCloud cloud to use. If omitted, theOS_ACCESS_KEYenvironment variable is used.secret_key- (Optional) The secret key of the OpenTelekomCloud cloud to use. If omitted, theOS_SECRET_KEYenvironment variable is used.auth_url- (Optional; required ifcloudis not specified) The Identity authentication URL. If omitted, theOS_AUTH_URLenvironment variable is used.cloud- (Optional; required ifauth_urlis not specified) An entry in aclouds.yamlfile. See the OpenStackos-client-configdocumentation for more information aboutclouds.yamlfiles. If omitted, theOS_CLOUDenvironment variable is used.user_name- (Optional) The Username to login with. If omitted, theOS_USERNAMEenvironment variable is used.user_id- (Optional) The ID of the user to login with. Required when TOTP is used (passcodeis not empty). Ifuser_idis set,user_nameis ignored.tenant_name- (Optional) The Name of the Tenant (Identity v2) or Project (Identity v3) to login with. If omitted, theOS_TENANT_NAMEorOS_PROJECT_NAMEenvironment variable are used.region- (Optional) The name of the region to be used. Required for some resources (e.g.s3_bucket) in case no tenant name provided and no region is defined in the resource. If omitted, theOS_REGIONorOS_REGION_NAMEenvironment variables are used.password- (Optional) The Password to login with. If omitted, theOS_PASSWORDenvironment variable is used.token- (Optional; Required if not usinguser_nameandpassword) A token is an expiring, temporary means of access issued via the Keystone service. By specifying a token, you do not have to specify a username/password combination, since the token was already created by a username/password out of band of Terraform. If omitted, theOS_AUTH_TOKENorOS_TOKENenvironment variable is used.security_token- (Optional) Security token required to authenticate with temporary AK/SK.passcode- (Optional) One-time password provided by your authentication app.
->
Please note that MFA requires user_id to be used. Setting user_name won't work.
domain_name- (Optional) The Name of the Domain to scope to (Identity v3). If omitted, the following environment variables are checked (in this order):OS_USER_DOMAIN_NAME,OS_PROJECT_DOMAIN_NAME,OS_DOMAIN_NAME,DEFAULT_DOMAIN.insecure- (Optional) Trust self-signed SSL certificates. If omitted, theOS_INSECUREenvironment variable is used.cacert_file- (Optional) Specify a custom CA certificate when communicating over SSL. You can specify either a path to the file or the contents of the certificate. If omitted, theOS_CACERTenvironment variable is used.cert- (Optional) Specify client certificate file for SSL client authentication. You can specify either a path to the file or the contents of the certificate. If omitted theOS_CERTenvironment variable is used.key- (Optional) Specify client private key file for SSL client authentication. You can specify either a path to the file or the contents of the key. If omitted theOS_KEYenvironment variable is used.endpoint_type- (Optional) Specify which type of endpoint to use from the service catalog. It can be set using theOS_ENDPOINT_TYPEenvironment variable. If not set, public endpoints is used.swauth- (Optional) Set totrueto authenticate against Swauth, a Swift-native authentication system. If omitted, theOS_SWAUTHenvironment variable is used. You must also setusernameto the Swauth/Swift username such asusername:project. Set thepasswordto the Swauth/Swift key. Finally, setauth_urlas the location of the Swift service.
-> This will only work when used with the OpenTelekomCloud Object Storage resources.
agency_name- (Optional) if authorized by assume role, it must be set. The name of agency.agency_domain_name- (Optional) if authorized by assume role, it must be set. The name of domain who created the agency (Identity v3).delegated_project- (Optional) The name of delegated project (Identity v3).max_retries- (Optional) Maximum number of retries of HTTP requests failed due to connection issues.allow_reauth- (Optional) If set to false, authorization won't be performed automatically if the initial auth token get expired. It can be set using theOS_ALLOW_REAUTHenvironment variable. Default:true.max_backoff_retries- (Optional) Maximum number of retries of HTTP requests failed due to reaching the rate limit. It can be set using theOS_MAX_BACKOFF_RETRIESenvironment variable. If not set, default value is used. Default:5backoff_retry_timeout- (Optional) Timeout in seconds for backoff retry due to reaching the rate limit. It can be set using theOS_BACKOFF_RETRY_TIMEOUTenvironment variable. If not set, default value is used. Default:60seconds.
Additional Logging¶
This provider has the ability to log all HTTP requests and responses between Terraform and the OpenTelekomCloud cloud which is useful for troubleshooting and debugging.
To enable these logs, set the OS_DEBUG environment variable to 1 along
with the usual TF_LOG=DEBUG environment variable:
$ OS_DEBUG=1 TF_LOG=DEBUG terraform apply
If you submit these logs with a bug report, please ensure any sensitive information has been scrubbed first!
Creating an issue¶
Issues can be used to keep track of bugs, enhancements, or other requests. See the github help here
Testing and Development¶
In order to run the Acceptance Tests for development, the following environment variables must also be set:
OS_IMAGE_IDorOS_IMAGE_NAME- a UUID or name of an existing image in Glance.OS_FLAVOR_IDorOS_FLAVOR_NAME- an ID or name of an existing flavor.OS_POOL_NAME- The name of a Floating IP pool.OS_NETWORK_ID- The UUID of a network in your test environment.OS_EXTGW_ID- The UUID of the external gateway.
You should be able to use any OpenTelekomCloud environment to develop on as long as the above environment variables are set.