Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fence_openstack: added --auth-plugin option to allow usage of app credentials instead of user credentials #533

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fence_openstack: added --auth-plugin option to allow usage of app credentials instead of user credentials #533

wants to merge 1 commit into from

Conversation

s0urc3c0d3
Copy link

This allows users to user Barbican to generate app creds and put them in the clouds.yml:

clouds:
  openstack:
    auth:
      auth_url: http://CLOUD_ENDPOINT:5000
      application_credential_id: "SOMEID"
      application_credential_secret: "SOMELARGESECRET"
    region_name: "RegionOne"
    interface: "public"
    identity_api_version: 3
    auth_type: "v3applicationcredential"

The app creds can have smaller perm from user and they can be easly generated by users instead of full cloud accounts

To user this feature user can run:
$ fence_openstack --cloud openstack -n INSTANCEUUID -o list --auth_plugin v3applicationcredential

@s0urc3c0d3
Added --auth_plugin option with v3applicationcredential to allow usag…
5461ef1 
…e of application credentials in clouds.yml instead of user credentials
@knet-ci-bot
Copy link

Can one of the admins verify this patch?

@oalbrigt oalbrigt changed the title Added --auth_plugin option to allow usage of app credentials instead of user credentials fence_openstack: added --auth-plugin option to allow usage of app credentials instead of user credentials Mar 17, 2023
oalbrigt
oalbrigt requested changes Mar 17, 2023
View reviewed changes
agents/openstack/fence_openstack.py
@@ -1,4 +1,4 @@
#!@PYTHON@ -tt
#!/usr/libexec/platform-python -tt
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dont change these, as they're replaced to the path found by ./configure during make.

agents/openstack/fence_openstack.py
@@ -251,6 +258,15 @@ def define_new_opts():
"default": 60,
"order": 10,
}
all_opt["auth_plugin"] = {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use - instead of _ to stay consistent with the rest of the agent.

@oalbrigt
Copy link
Collaborator

You'll also have to run make xml-upload to update the metadata and attach it to the PR, so it doesnt fail CI when running make xml-check.

@s0urc3c0d3
Copy link
Author

ok thx for your time. I'm gonna fix the issues you pointed out and get back here :)

@knet-jenkins
Copy link

knet-jenkins bot commented Jun 12, 2023

Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/fence-agents-pipeline/job/PR-533/1/input

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oalbrigt oalbrigt oalbrigt requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@s0urc3c0d3 @knet-ci-bot @oalbrigt