[occm] Support keystone token for openstack auth (#2964)

archerwu9425 · web-flow · commit ee99acf6cf39 · 2026-01-07T17:35:38.000+05:30
* support keystone token in cloud config

* add struct tags for token
diff --git a/docs/openstack-cloud-controller-manager/using-openstack-cloud-controller-manager.md b/docs/openstack-cloud-controller-manager/using-openstack-cloud-controller-manager.md
@@ -155,7 +155,9 @@ The options in `Global` section are used for openstack-cloud-controller-manager
 * `application-credential-secret`
   The secret of an application credential to authenticate with.
 * `tls-insecure`
-  If set to `true`, then the server's certificate will not be verified. Default is `false`.
+  If set to `true`, then the server’s certificate will not be verified. Default is `false`.
+* `token`
+  Keystone token.
 
 ###  Networking
 
diff --git a/pkg/client/client.go b/pkg/client/client.go
@@ -56,6 +56,7 @@ type AuthOpts struct {
 	EndpointType     gophercloud.Availability `gcfg:"os-endpoint-type" mapstructure:"os-endpoint-type" name:"os-endpointType" value:"optional"`
 	CAFile           string                   `gcfg:"ca-file" mapstructure:"ca-file" name:"os-certAuthorityPath" value:"optional"`
 	TLSInsecure      string                   `gcfg:"tls-insecure" mapstructure:"tls-insecure" name:"os-TLSInsecure" value:"optional" matches:"^true|false$"`
+	Token            string                   `gcfg:"token" mapstructure:"token" name:"os-token" value:"optional"`
 
 	// TLS client auth
 	CertFile string `gcfg:"cert-file" mapstructure:"cert-file" name:"os-clientCertPath" value:"optional" dependsOn:"os-clientKeyPath"`
@@ -150,6 +151,7 @@ func (authOpts AuthOpts) ToAuthOptions() gophercloud.AuthOptions {
 			ApplicationCredentialID:     authOpts.ApplicationCredentialID,
 			ApplicationCredentialName:   authOpts.ApplicationCredentialName,
 			ApplicationCredentialSecret: authOpts.ApplicationCredentialSecret,
+			Token:                       authOpts.Token,
 		},
 	}
 
@@ -231,6 +233,7 @@ func ReadClouds(authOpts *AuthOpts) error {
 	authOpts.ApplicationCredentialID = replaceEmpty(authOpts.ApplicationCredentialID, cloud.AuthInfo.ApplicationCredentialID)
 	authOpts.ApplicationCredentialName = replaceEmpty(authOpts.ApplicationCredentialName, cloud.AuthInfo.ApplicationCredentialName)
 	authOpts.ApplicationCredentialSecret = replaceEmpty(authOpts.ApplicationCredentialSecret, cloud.AuthInfo.ApplicationCredentialSecret)
+	authOpts.Token = replaceEmpty(authOpts.Token, cloud.AuthInfo.Token)
 
 	return nil
 }
