Allows you to retrieve OVH Object Storage (swift) credentials for use with AWS S3 libraries

README.md

Explanations

The "Object Storage" offer from OVH is indicated as being S3 compatible, but the identifiers provided by OVH do not allow us to connect directly via the AWS S3 libraries.

You must therefore retrieve a token from OVH KeyStone, then use it to obtain the accesses that can be used by S3.

Usage

1. Create a user account on OVH for Object Storage (with "Object Store" rights) and keep the username and password.
2. Retrieve the projectName by clicking on "View Credentials" from the OVH Horizon interface.
3. Enter these values in the PHP file and run it.
4. It should return the values of UserID, AccessKey and Secret.
5. It then becomes possible to use them with an AWS S3 library, with the following client options:

$ options = [
  'version' => 'latest',
  'region' => 'GRA',
  'credentials' => [
    'key' => $key,
    'secret' => $secret
  ],
  'endpoint' => 'https://s3.gra.cloud.ovh.net' // https://s3.{region}.cloud.ovh.net
];

ovh_swift_s3.php

<?php

// ==== CONFIG ====
$authUrl = 'https://auth.cloud.ovh.net/v3';     // OS_AUTH_URL
$username = 'user-XXXXXXXXXXXX';                // OS_USERNAME
$password = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; // the password returns by OVH when user creation
$userDomainName = 'Default';                    // OS_USER_DOMAIN_NAME
$projectName = 'XXXXXXXXXXXXXXXX';              // OS_PROJECT_NAME
$projectDomainName = 'default';                 // not found in openrc file, "default" seems working
// ================


// Get the S3 token
$datas = [
  'auth' => [
    'identity' => [
      'methods' => ['password'],
      'password' => [
        'user' => [
          'name' => $username,
          'domain' => ['name' => $userDomainName],
          'password' => $password
        ]
      ]
    ],
    'scope' => [
      'project' => [
        'name' => $projectName,
        'domain' => ['name' => $projectDomainName]
      ]
    ]
  ]
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $authUrl.'/auth/tokens');
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($datas));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$token = null;
curl_setopt($ch, CURLOPT_HEADERFUNCTION, function($curl, $header) use (&$token){
  if (null === $token && strtolower(substr($header, 0, 16)) == 'x-subject-token:'){
    $token = trim(substr($header, 16));
  }
  return strlen($header);
});

$response = curl_exec($ch);
var_dump($response);
curl_close($ch);

$tokenInfo = @json_decode($response);
$userId    = $tokenInfo->token->user->id ?? null;
$projectId = $tokenInfo->token->project->id ?? null;

if (null === $token){
  exit('Error: unable to retrieve token.');
}
if (null === $userId || null === $projectId){
  exit('Error: unable to retrieve userId or projectId');
}

// Get the S3 credentials
$datas = [
  'tenant_id' => $projectId
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $authUrl.'/users/'.$userId.'/credentials/OS-EC2');
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json', 'X-Auth-Token: '.$token]);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($datas));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close($ch);

$cr = @json_decode($response);
if (!isset($cr->credential->user_id, $cr->credential->access, $cr->credential->secret)){
  exit('Error: unable to retrieve credential from the S3 token.');
}
echo 'UserId: '.$cr->credential->user_id."\n";
echo 'AccessKey: '.$cr->credential->access."\n";
echo 'Secret: '.$cr->credential->secret."\n";
exit();