C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add support for openstack application credentials (#6534)

Browse source 
* Add support for openstack application credentials

* Add some lines for readability

* Update external_openstack_tenant_id check

Do not check external_openstack_tenant_id when application credentials are defined

* Add check for external_openstack_domain_id

* Fix typo
This commit is contained in:
Marc-Antoine 2020-08-31 12:30:28 +02:00 committed by GitHub
parent 34d88ea6d9
commit 5a8b68a429
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 63 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
inventory/sample/group_vars/all/openstack.yml
View file

@ -35,6 +35,13 @@
# - "" # - ""
# external_openstack_metadata_search_order: "configDrive,metadataService" # external_openstack_metadata_search_order: "configDrive,metadataService"
## Application credentials to authenticate against Keystone API
## Those settings will take precedence over username and password that might be set your environment
## All of them are required
# external_openstack_application_credential_name:
# external_openstack_application_credential_id:
# external_openstack_application_credential_secret:
## The tag of the external OpenStack Cloud Controller image ## The tag of the external OpenStack Cloud Controller image
# external_openstack_cloud_controller_image_tag: "latest" # external_openstack_cloud_controller_image_tag: "latest"

51
roles/kubernetes-apps/external_cloud_controller/openstack/tasks/openstack-credential-check.yml
View file

@ -4,24 +4,63 @@
msg: "external_openstack_auth_url is missing" msg: "external_openstack_auth_url is missing"
when: external_openstack_auth_url is not defined or not external_openstack_auth_url when: external_openstack_auth_url is not defined or not external_openstack_auth_url
- name: External OpenStack Cloud Controller | check external_openstack_username value
- name: External OpenStack Cloud Controller | check external_openstack_username or external_openstack_application_credential_name value
fail: fail:
msg: "external_openstack_username is missing" msg: "you must either set external_openstack_username or external_openstack_application_credential_name"
when: external_openstack_username is not defined or not external_openstack_username when:
- external_openstack_username is not defined or not external_openstack_username
- external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name
- name: External OpenStack Cloud Controller | check external_openstack_application_credential_id value
fail:
msg: "external_openstack_application_credential_id is missing"
when:
- external_openstack_application_credential_name is defined
- external_openstack_application_credential_name|length > 0
- external_openstack_application_credential_id is not defined or not external_openstack_application_credential_id
- name: External OpenStack Cloud Controller | check external_openstack_application_credential_secret value
fail:
msg: "external_openstack_application_credential_secret is missing"
when:
- external_openstack_application_credential_name is defined
- external_openstack_application_credential_name|length > 0
- external_openstack_application_credential_secret is not defined or not external_openstack_application_credential_secret
- name: External OpenStack Cloud Controller | check external_openstack_password value - name: External OpenStack Cloud Controller | check external_openstack_password value
fail: fail:
msg: "external_openstack_password is missing" msg: "external_openstack_password is missing"
when: external_openstack_password is not defined or not external_openstack_password when:
- external_openstack_username is defined
- external_openstack_username|length > 0
- external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name
- external_openstack_application_credential_secret is not defined or not external_openstack_application_credential_secret
- external_openstack_password is not defined or not external_openstack_password
- name: External OpenStack Cloud Controller | check external_openstack_region value - name: External OpenStack Cloud Controller | check external_openstack_region value
fail: fail:
msg: "external_openstack_region is missing" msg: "external_openstack_region is missing"
when: external_openstack_region is not defined or not external_openstack_region when: external_openstack_region is not defined or not external_openstack_region
- name: External OpenStack Cloud Controller | check external_openstack_tenant_id value - name: External OpenStack Cloud Controller | check external_openstack_tenant_id value
fail: fail:
msg: "one of external_openstack_tenant_id or external_openstack_tenant_name must be specified" msg: "one of external_openstack_tenant_id or external_openstack_tenant_name must be specified"
when: when:
- (external_openstack_tenant_id is not defined or not external_openstack_tenant_id) and - external_openstack_tenant_id is not defined or not external_openstack_tenant_id
(external_openstack_tenant_name is not defined or not external_openstack_tenant_name) - external_openstack_tenant_name is not defined or not external_openstack_tenant_name
- external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name
- name: External OpenStack Cloud Controller | check external_openstack_domain_id value
fail:
msg: "one of external_openstack_domain_id or external_openstack_domain_name must be specified"
when:
- external_openstack_domain_id is not defined or not external_openstack_domain_id
- external_openstack_domain_name is not defined or not external_openstack_domain_name
- external_openstack_application_credential_name is not defined or not external_openstack_application_credential_name

11
roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-config.j2
View file

@ -1,7 +1,18 @@
[Global] [Global]
auth-url="{{ external_openstack_auth_url }}" auth-url="{{ external_openstack_auth_url }}"
{% if external_openstack_application_credential_id is not defined and external_openstack_application_credential_name is not defined %}
username="{{ external_openstack_username }}" username="{{ external_openstack_username }}"
password="{{ external_openstack_password }}" password="{{ external_openstack_password }}"
{% endif %}
{% if external_openstack_application_credential_id is defined and external_openstack_application_credential_id != "" %}
application-credential-id={{ external_openstack_application_credential_id }}
{% endif %}
{% if external_openstack_application_credential_name is defined and external_openstack_application_credential_name != "" %}
application-credential-name={{ external_openstack_application_credential_name }}
{% endif %}
{% if external_openstack_application_credential_secret is defined and external_openstack_application_credential_secret != "" %}
application-credential-secret={{ external_openstack_application_credential_secret }}
{% endif %}
region="{{ external_openstack_region }}" region="{{ external_openstack_region }}"
{% if external_openstack_tenant_id is defined and external_openstack_tenant_id != "" %} {% if external_openstack_tenant_id is defined and external_openstack_tenant_id != "" %}
tenant-id="{{ external_openstack_tenant_id }}" tenant-id="{{ external_openstack_tenant_id }}"