Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Clouds.yaml configuration

ConfigFile structure.

ConfigFile

FieldTypeDefaultDescription
cache*optional* CacheConfig-Cache configuration.
clouds*optional* CloudConfig-clouds configuration.
public-clouds*optional* CloudConfig-vendor clouds information (profiles).

Authentication data.

Sensitive fields are wrapped into the SensitiveString to prevent accidental exposure in logs.

Auth

FieldTypeDefaultDescription
access_token*optional* string-OIDC access token. (sensitive)
access_token_endpoint*optional* string-OIDC/Discovery endpoint URL. (sensitive)
access_token_type*optional* string-OIDC access token type (when not access_token). (sensitive)
application_credential_id*optional* string-Application Credential ID.
application_credential_name*optional* string-Application Credential Name.
application_credential_secret*optional* string-Application Credential Secret. (sensitive)
attribute_mapping_name*optional* string-Federation attribute mapping name to be applied.
auth_url*optional* string-Authentication URL.
client_id*optional* string-OIDC client ID.
client_secret*optional* string-OIDC client secret. (sensitive)
discovery_endpoint*optional* string-OIDC discovery document endpoint URL.
domain_id*optional* string-Domain scope Domain.ID.
domain_name*optional* string-Domain scope Domain.Name.
endpoint*optional* string-Authentication endpoint type (public/internal/admin).
identity_provider*optional* string-Federation identity provider.
jwt*optional* string-JWT token. (sensitive)
passcode*optional* string-Auth (totp) MFA passcode. (sensitive)
password*optional* string-Auth User password. (sensitive)
project_domain_id*optional* string-Project scope Project.Domain.ID.
project_domain_name*optional* string-Project scope Project.Domain.Name.
project_id*optional* string-Project scope Project.ID.
project_name*optional* string-Project scope Project.Name.
protocol*optional* string-Federation protocol.
scope*optional* string-OIDC scope.
system_scope*optional* string-System scope.
token*optional* string-Auth Token. (sensitive)
user_domain_id*optional* string-Auth User.Domain.ID.
user_domain_name*optional* string-Auth User.Domain.Name.
user_id*optional* string-Auth User.ID.
username*optional* string-Auth User.Name.

CacheConfig structure.

A configuration for the built-in authentication caching.

CacheConfig

FieldTypeDefaultDescription
auth*optional* boolean-Enables/disables authentication caching.

Configuration object representing a single connection to the concrete cloud.

Connection to the cloud uses this object.

CloudConfig

FieldTypeDefaultDescription
auth*optional* Auth-Authorization data.
auth_cache*optional* boolean-Override for authentication caching.

If Some(true), enables; if Some(false), disables. If None, falls back to the global cache.auth setting in the clouds.yaml ConfigFile (default: true). | | auth_methods | *optional* array | - | Authorization methods (in the case when auth_type = multifactor). | | auth_type | *optional* string | - | Authorization type. While it can be enum it would make hard to extend SDK with custom implementations. Known values: password, v3password, multifactor, application_credential, token, v2password, jwt, websso, applicationcredential, tokenv3, federation. | | cacert | *optional* string | - | Custom CA Certificate. | | interface | *optional* string | public | Interface name to be used for endpoints selection. | | name | *optional* string | - | Alternative connection name which is may be used to provide some meaningful name when [CloudConfig] is constructed directly without clouds.yaml file. | | profile | *optional* string | - | Vendor Profile (by name from clouds-public.yaml or TBD: URL). | | region_name | *optional* string | - | Region name. | | verify | *optional* boolean | - | Verify SSL Certificates. | | catch-all | any | — | Any additional configuration fields not explicitly typed |

YAML Example

cache:
  auth: true
clouds:
  default:
    auth:
      # access_token: VALUE
      # access_token_endpoint: VALUE
      # access_token_type: VALUE
      application_credential_id: ac-uuid
      application_credential_name: my-credential
      # application_credential_secret: VALUE
      attribute_mapping_name: my-mapping
      auth_url: https://example.com:5000/v3
      client_id: value
      # client_secret: VALUE
      discovery_endpoint: value
      domain_id: Default
      domain_name: Default
      endpoint: public
      identity_provider: keycloak
      # jwt: VALUE
      # passcode: VALUE
      # password: VALUE
      project_domain_id: Default
      project_domain_name: Default
      project_id: myproject
      project_name: myproject
      protocol: openid connect
      scope: value
      system_scope: all
      # token: VALUE
      user_domain_id: Default
      user_domain_name: Default
      user_id: value
      username: admin
    auth_cache: true
    auth_methods: value
    auth_type: v3password
    cacert: /path/to/ca.crt
    interface: public
    name: mycloud
    profile: aws
    region_name: RegionOne
    verify: true
public-clouds:
  default:
    auth:
      # access_token: VALUE
      # access_token_endpoint: VALUE
      # access_token_type: VALUE
      application_credential_id: ac-uuid
      application_credential_name: my-credential
      # application_credential_secret: VALUE
      attribute_mapping_name: my-mapping
      auth_url: https://example.com:5000/v3
      client_id: value
      # client_secret: VALUE
      discovery_endpoint: value
      domain_id: Default
      domain_name: Default
      endpoint: public
      identity_provider: keycloak
      # jwt: VALUE
      # passcode: VALUE
      # password: VALUE
      project_domain_id: Default
      project_domain_name: Default
      project_id: myproject
      project_name: myproject
      protocol: openid connect
      scope: value
      system_scope: all
      # token: VALUE
      user_domain_id: Default
      user_domain_name: Default
      user_id: value
      username: admin
    auth_cache: true
    auth_methods: value
    auth_type: v3password
    cacert: /path/to/ca.crt
    interface: public
    name: mycloud
    profile: aws
    region_name: RegionOne
    verify: true