Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fence_openstack: added --auth-plugin option to allow usage of app credentials instead of user credentials #533

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fence_openstack: added --auth-plugin option to allow usage of app credentials instead of user credentials #533

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 38 additions & 9 deletions agents/openstack/fence_openstack.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!@PYTHON@ -tt
#!/usr/libexec/platform-python -tt
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dont change these, as they're replaced to the path found by ./configure during make.


import atexit
import logging
Expand All @@ -7,7 +7,7 @@

import urllib3

sys.path.append("@FENCEAGENTSLIBDIR@")
sys.path.append("/usr/share/fence")
from fencing import *
from fencing import fail_usage, run_delay, source_env

Expand Down Expand Up @@ -113,7 +113,7 @@ def set_power_status(conn, options):


def nova_login(username, password, projectname, auth_url, user_domain_name,
project_domain_name, ssl_insecure, cacert, apitimeout):
project_domain_name, ssl_insecure, cacert, apitimeout, auth_plugin):
legacy_import = False

try:
Expand All @@ -129,8 +129,15 @@ def nova_login(username, password, projectname, auth_url, user_domain_name,
legacy_import = True
except ImportError:
fail_usage("Failed: Keystone client not found or not accessible")
if auth_plugin == "v3applicationcredential":
loader = loading.get_plugin_loader("v3applicationcredential")
auth = loader.load_from_options(
auth_url=auth_url,
application_credential_id=username,
application_credential_secret=password,
)

if not legacy_import:
elif not legacy_import:
loader = loading.get_plugin_loader("password")
auth = loader.load_from_options(
auth_url=auth_url,
Expand Down Expand Up @@ -251,6 +258,15 @@ def define_new_opts():
"default": 60,
"order": 10,
}
all_opt["auth_plugin"] = {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use - instead of _ to stay consistent with the rest of the agent.

"getopt": ":",
"longopt": "auth_plugin",
"help": "--auth_plugin=[PLUGIN] Plugin name to use (default password)",
"required": "0",
"default": "password",
"shortdesc": "Specify what auth plugin to use. One from v2password, v3applicationcredential, v3totp, v3oidcpassword, v3oauth2clientcredential, token, v3oidcauthcode, v3multifactor, v3tokenlessauth, v3oidcclientcredentials, v3oidcaccesstoken, v3password, v3token, password, admin_token, http_basic, noauth, v2token",
"order": 11,
}


def main():
Expand All @@ -273,6 +289,7 @@ def main():
"ssl_insecure",
"cacert",
"apitimeout",
"auth_plugin",
]

atexit.register(atexit_handler)
Expand Down Expand Up @@ -309,18 +326,29 @@ def main():

run_delay(options)

auth_plugin = options["--auth_plugin"]
projectname = None
user_domain_name = None
project_domain_name = None

if options.get("--cloud"):
cloud = get_cloud(options)
username = cloud.get("auth").get("username")
password = cloud.get("auth").get("password")
projectname = cloud.get("auth").get("project_name")
if auth_plugin == "v3applicationcredential":
username = cloud.get("auth").get("application_credential_id")
password = cloud.get("auth").get("application_credential_secret")
else:
username = cloud.get("auth").get("username")
password = cloud.get("auth").get("password")
projectname = cloud.get("auth").get("project_name")
user_domain_name = cloud.get("auth").get("user_domain_name")
project_domain_name = cloud.get("auth").get("project_domain_name")
auth_url = None

try:
auth_url = cloud.get("auth").get("auth_url")
except KeyError:
fail_usage("Failed: You have to set the Keystone service endpoint for authorization")
user_domain_name = cloud.get("auth").get("user_domain_name")
project_domain_name = cloud.get("auth").get("project_domain_name")

caverify = cloud.get("verify")
if caverify in [True, False]:
options["--ssl-insecure"] = caverify
Expand Down Expand Up @@ -368,6 +396,7 @@ def main():
ssl_insecure,
cacert,
apitimeout,
auth_plugin,
)
except Exception as e:
fail_usage("Failed: Unable to connect to Nova: " + str(e))
Expand Down