Go SDK Authentication Modes
Go SDK supports two authentication modes: token-based authentication and AK/SK authentication.
Token Authentication
For details about the code for token-based authentication, see Table 1.
package main
import (
"github.com/gophercloud/gophercloud/auth/token"
"github.com/gophercloud/gophercloud"
"github.com/gophercloud/gophercloud/openstack/compute/v2/servers"
"github.com/gophercloud/gophercloud/openstack"
"fmt"
)
func main() {
// Set the authentication parameters.
tokenOpts := token.TokenOptions{
IdentityEndpoint: "https://iam.example.com/v3",
Username: "{username}",
Password: "{password}",
DomainID: "{domainid}",
ProjectID: "{projectid}",
}
// Initialize the provider client.
provider, providerErr := openstack.AuthenticatedClient(tokenOpts)
if providerErr != nil {
fmt.Println("init provider client error:", providerErr)
panic(providerErr)
}
// Initialize the service client.
sc, serviceErr := openstack.NewComputeV2(provider, gophercloud.EndpointOpts{})
if serviceErr != nil {
fmt.Println("init compute service client error:", serviceErr)
panic(serviceErr)
}
// List all servers.
allPages, err := servers.List(sc, servers.ListOpts{}).AllPages()
if err != nil {
fmt.Println("request server list error:", err)
panic(err)
}
// Parse the return values.
allServers, err := servers.ExtractServers(allPages)
if err != nil {
fmt.Println("extract response data error:", err)
if ue, ok := err.(*gophercloud.UnifiedError); ok {
fmt.Println("ErrCode:", ue.ErrorCode())
fmt.Println("Message:", ue.Message())
}
return
}
// Print the information.
fmt.Println("List Servers:")
for _, s := range allServers {
fmt.Println("server ID is :", s.ID)
fmt.Println("server name is :", s.Name)
fmt.Println("server Status is :", s.Status)
fmt.Println("server AvailbiltyZone is :", s.AvailbiltyZone)
}
}
- ProviderClient is the top-level client required by all OpenStack services. The client contains all authentication details, such as the URL and token ID. After the authentication, the compiled Go code can access the APIs.
- The Service Client of a service is required if you need to access this service. For details, see the related chapter about this service in this document.
|
Parameter |
Description |
Example Value |
|---|---|---|
|
IdentityEndpoint |
Specifies the endpoint of the IAM service. example in https://iam.example.com/v3 indicates Region.Cloud platform domain name. For details about the parameter, see here. |
https://iam.cn-north-1.myhuaweicloud.com/v3 |
|
Username |
Specifies the IAM username. For details about how to obtain the username, see How Do I Obtain the IAM Username, Account ID, and Project ID?. |
N/A |
|
Password |
Specifies the IAM user password. |
N/A |
|
ProjectID |
Specifies the project ID. For details about how to obtain the project ID, see How Do I Obtain the IAM Username, Account ID, and Project ID?. |
N/A |
|
DomainID |
Specifies the account ID. For details about how to obtain the account ID, see How Do I Obtain the IAM Username, Account ID, and Project ID?. |
N/A |
AK/SK Authentication
For details about the code for AK/SK authentication, see Table 2.
package main
import (
"github.com/gophercloud/gophercloud/auth/aksk"
"github.com/gophercloud/gophercloud"
"github.com/gophercloud/gophercloud/openstack/compute/v2/servers"
"github.com/gophercloud/gophercloud/openstack"
"fmt"
)
func main() {
// Set the authentication parameters.
akskOpts := aksk.AKSKOptions{
IdentityEndpoint: "https://iam.example.com/v3",
DomainID: "{domainid}",
ProjectID: "{projectid}",
Cloud: "myhuaweicloud.com",
Region: "cn-north-1",
AccessKey: "{your AK string}",
SecretKey: "{your SK string}",
}
// Initialize the provider client.
provider, providerErr := openstack.AuthenticatedClient(akskOpts)
if providerErr != nil {
fmt.Println("init provider client error:", providerErr)
panic(providerErr)
}
// Initialize the service client.
sc, serviceErr := openstack.NewComputeV2(provider, gophercloud.EndpointOpts{})
if serviceErr != nil {
fmt.Println("init compute service client error:", serviceErr)
panic(serviceErr)
}
// List all servers.
allPages, err := servers.List(sc, servers.ListOpts{}).AllPages()
if err != nil {
fmt.Println("request server list error:", err)
panic(err)
}
// Parse the return values.
allServers, err := servers.ExtractServers(allPages)
if err != nil {
fmt.Println("extract response data error:", err)
if ue, ok := err.(*gophercloud.UnifiedError); ok {
fmt.Println("ErrCode:", ue.ErrorCode())
fmt.Println("Message:", ue.Message())
}
return
}
// Print the information.
fmt.Println("List Servers:")
for _, s := range allServers {
fmt.Println("server ID is :", s.ID)
fmt.Println("server name is :", s.Name)
fmt.Println("server Status is :", s.Status)
fmt.Println("server AvailbiltyZone is :", s.AvailbiltyZone)
}
}
AK/SK generation description: Log in to the management console, choose My Credentials, and click Access Keys to create an AK and SK.
The time error between the AK/SK signature time and UTC time cannot exceed 15 minutes. Otherwise, the authentication fails.
If the AK/SK signature fails for more than five consecutive times, the AK/SK request of the source IP address is locked for 5 minutes.
|
Parameter |
Description |
Example Value |
|---|---|---|
|
IdentityEndpoint |
Specifies the endpoint of the IAM service. example in https://iam.example.com/v3 indicates Region.Cloud platform domain name. For details about the parameter, see here. |
https://iam.cn-north-1.myhuaweicloud.com/v3 |
|
DomainID |
Specifies the account ID. For details about how to obtain the account ID, see How Do I Obtain the IAM Username, Account ID, and Project ID?. |
N/A |
|
ProjectID |
Specifies the project ID. For details about how to obtain the project ID, see How Do I Obtain the IAM Username, Account ID, and Project ID?. |
N/A |
|
ak/sk |
Specifies the AK/SK access key.
NOTE:
|
N/A |
|
Region |
Specifies the region name. |
cn-north-1 |
|
Cloud |
Specifies the cloud platform domain name. |
myhuaweicloud.com |
Last Article: Using the Go SDK
Next Article: Go SDK Troubleshooting
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.