From 1d3911c2d40a39c9b17ab3aaf516f877ba34a222 Mon Sep 17 00:00:00 2001
From: Archer Wu <archerwu9425@icloud.com>
Date: Mon, 4 Aug 2025 18:16:28 +0800
Subject: [PATCH] support keystone token in cloud config

---
 .../using-openstack-cloud-controller-manager.md                | 2 ++
 pkg/client/client.go                                           | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/docs/openstack-cloud-controller-manager/using-openstack-cloud-controller-manager.md b/docs/openstack-cloud-controller-manager/using-openstack-cloud-controller-manager.md
index 1cfce3135d..0b3c0516da 100644
--- a/docs/openstack-cloud-controller-manager/using-openstack-cloud-controller-manager.md
+++ b/docs/openstack-cloud-controller-manager/using-openstack-cloud-controller-manager.md
@@ -156,6 +156,8 @@ The options in `Global` section are used for openstack-cloud-controller-manager
   The secret of an application credential to authenticate with.
 * `tls-insecure`
   If set to `true`, then the server’s certificate will not be verified. Default is `false`.
+* `token`
+  Keystone token.
 
 ###  Networking
 
diff --git a/pkg/client/client.go b/pkg/client/client.go
index fcc06bbcb4..9c381d6988 100644
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@@ -56,6 +56,7 @@ type AuthOpts struct {
 	EndpointType     gophercloud.Availability `gcfg:"os-endpoint-type" mapstructure:"os-endpoint-type" name:"os-endpointType" value:"optional"`
 	CAFile           string                   `gcfg:"ca-file" mapstructure:"ca-file" name:"os-certAuthorityPath" value:"optional"`
 	TLSInsecure      string                   `gcfg:"tls-insecure" mapstructure:"tls-insecure" name:"os-TLSInsecure" value:"optional" matches:"^true|false$"`
+	Token            string                   `name:"os-token" value:"optional"`
 
 	// TLS client auth
 	CertFile string `gcfg:"cert-file" mapstructure:"cert-file" name:"os-clientCertPath" value:"optional" dependsOn:"os-clientKeyPath"`
@@ -150,6 +151,7 @@ func (authOpts AuthOpts) ToAuthOptions() gophercloud.AuthOptions {
 			ApplicationCredentialID:     authOpts.ApplicationCredentialID,
 			ApplicationCredentialName:   authOpts.ApplicationCredentialName,
 			ApplicationCredentialSecret: authOpts.ApplicationCredentialSecret,
+			Token:                       authOpts.Token,
 		},
 	}
 
@@ -231,6 +233,7 @@ func ReadClouds(authOpts *AuthOpts) error {
 	authOpts.ApplicationCredentialID = replaceEmpty(authOpts.ApplicationCredentialID, cloud.AuthInfo.ApplicationCredentialID)
 	authOpts.ApplicationCredentialName = replaceEmpty(authOpts.ApplicationCredentialName, cloud.AuthInfo.ApplicationCredentialName)
 	authOpts.ApplicationCredentialSecret = replaceEmpty(authOpts.ApplicationCredentialSecret, cloud.AuthInfo.ApplicationCredentialSecret)
+	authOpts.Token = replaceEmpty(authOpts.Token, cloud.AuthInfo.Token)
 
 	return nil
 }