Add support for openstack application credentials (#6534)

* Add support for openstack application credentials

* Add some lines for readability

* Update external_openstack_tenant_id check

Do not check external_openstack_tenant_id when application credentials are defined

* Add check for external_openstack_domain_id

* Fix typo
This commit is contained in:
Marc-Antoine 2020-08-31 12:30:28 +02:00 committed by GitHub
parent 34d88ea6d9
commit 5a8b68a429
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 63 additions and 6 deletions

View file

@ -35,6 +35,13 @@
# - ""
# external_openstack_metadata_search_order: "configDrive,metadataService"
## Application credentials to authenticate against Keystone API
## Those settings will take precedence over username and password that might be set your environment
## All of them are required
# external_openstack_application_credential_name:
# external_openstack_application_credential_id:
# external_openstack_application_credential_secret:
## The tag of the external OpenStack Cloud Controller image
# external_openstack_cloud_controller_image_tag: "latest"

View file

@ -4,24 +4,63 @@
msg: "external_openstack_auth_url is missing"
when: external_openstack_auth_url is not defined or not external_openstack_auth_url
- name: External OpenStack Cloud Controller | check external_openstack_username value
- name: External OpenStack Cloud Controller | check external_openstack_username or external_openstack_application_credential_name value
fail:
msg: "external_openstack_username is missing"
when: external_openstack_username is not defined or not external_openstack_username
msg: "you must either set external_openstack_username or external_openstack_application_credential_name"
when:
- external_openstack_username is not defined or not external_openstack_username
- external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name
- name: External OpenStack Cloud Controller | check external_openstack_application_credential_id value
fail:
msg: "external_openstack_application_credential_id is missing"
when:
- external_openstack_application_credential_name is defined
- external_openstack_application_credential_name|length > 0
- external_openstack_application_credential_id is not defined or not external_openstack_application_credential_id
- name: External OpenStack Cloud Controller | check external_openstack_application_credential_secret value
fail:
msg: "external_openstack_application_credential_secret is missing"
when:
- external_openstack_application_credential_name is defined
- external_openstack_application_credential_name|length > 0
- external_openstack_application_credential_secret is not defined or not external_openstack_application_credential_secret
- name: External OpenStack Cloud Controller | check external_openstack_password value
fail:
msg: "external_openstack_password is missing"
when: external_openstack_password is not defined or not external_openstack_password
when:
- external_openstack_username is defined
- external_openstack_username|length > 0
- external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name
- external_openstack_application_credential_secret is not defined or not external_openstack_application_credential_secret
- external_openstack_password is not defined or not external_openstack_password
- name: External OpenStack Cloud Controller | check external_openstack_region value
fail:
msg: "external_openstack_region is missing"
when: external_openstack_region is not defined or not external_openstack_region
- name: External OpenStack Cloud Controller | check external_openstack_tenant_id value
fail:
msg: "one of external_openstack_tenant_id or external_openstack_tenant_name must be specified"
when:
- (external_openstack_tenant_id is not defined or not external_openstack_tenant_id) and
(external_openstack_tenant_name is not defined or not external_openstack_tenant_name)
- external_openstack_tenant_id is not defined or not external_openstack_tenant_id
- external_openstack_tenant_name is not defined or not external_openstack_tenant_name
- external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name
- name: External OpenStack Cloud Controller | check external_openstack_domain_id value
fail:
msg: "one of external_openstack_domain_id or external_openstack_domain_name must be specified"
when:
- external_openstack_domain_id is not defined or not external_openstack_domain_id
- external_openstack_domain_name is not defined or not external_openstack_domain_name
- external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name

View file

@ -1,7 +1,18 @@
[Global]
auth-url="{{ external_openstack_auth_url }}"
{% if external_openstack_application_credential_id is not defined and external_openstack_application_credential_name is not defined %}
username="{{ external_openstack_username }}"
password="{{ external_openstack_password }}"
{% endif %}
{% if external_openstack_application_credential_id is defined and external_openstack_application_credential_id != "" %}
application-credential-id={{ external_openstack_application_credential_id }}
{% endif %}
{% if external_openstack_application_credential_name is defined and external_openstack_application_credential_name != "" %}
application-credential-name={{ external_openstack_application_credential_name }}
{% endif %}
{% if external_openstack_application_credential_secret is defined and external_openstack_application_credential_secret != "" %}
application-credential-secret={{ external_openstack_application_credential_secret }}
{% endif %}
region="{{ external_openstack_region }}"
{% if external_openstack_tenant_id is defined and external_openstack_tenant_id != "" %}
tenant-id="{{ external_openstack_tenant_id }}"