Add application credentials support for cinder (#7799)

* csi-driver: Added possibility to use application credentials for cinder

* external-cloud-controller: Added env vars for openstack application credentials
This commit is contained in:
Fredrik Liv 2021-07-15 09:56:48 +02:00 committed by GitHub
parent c2cf0d9945
commit 802fb8b591
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 53 additions and 11 deletions

View file

@ -5,6 +5,9 @@
cinder_auth_url: "{{ lookup('env','OS_AUTH_URL') }}"
cinder_username: "{{ lookup('env','OS_USERNAME') }}"
cinder_password: "{{ lookup('env','OS_PASSWORD') }}"
cinder_application_credential_id: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_ID') }}"
cinder_application_credential_name: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_NAME') }}"
cinder_application_credential_secret: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_SECRET') }}"
cinder_region: "{{ lookup('env','OS_REGION_NAME') }}"
cinder_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_PROJECT_ID'),true) }}"
cinder_tenant_name: "{{ lookup('env','OS_TENANT_NAME')| default(lookup('env','OS_PROJECT_NAME'),true) }}"

View file

@ -4,15 +4,38 @@
msg: "cinder_auth_url is missing"
when: cinder_auth_url is not defined or not cinder_auth_url
- name: Cinder CSI Driver | check cinder_username value
- name: Cinder CSI Driver | check cinder_username value cinder_application_credential_name value
fail:
msg: "cinder_username is missing"
when: cinder_username is not defined or not cinder_username
msg: "you must either set cinder_username or cinder_application_credential_name"
when:
- cinder_username is not defined or not cinder_username
- cinder_application_credential_name is not defined or not cinder_application_credential_name
- name: Cinder CSI Driver | check cinder_application_credential_id value
fail:
msg: "cinder_application_credential_id is missing"
when:
- cinder_application_credential_name is defined
- cinder_application_credential_name|length > 0
- cinder_application_credential_id is not defined or not cinder_application_credential_id
- name: Cinder CSI Driver | check cinder_application_credential_secret value
fail:
msg: "cinder_application_credential_secret is missing"
when:
- cinder_application_credential_name is defined
- cinder_application_credential_name|length > 0
- cinder_application_credential_secret is not defined or not cinder_application_credential_secret
- name: Cinder CSI Driver | check cinder_password value
fail:
msg: "cinder_password is missing"
when: cinder_password is not defined or not cinder_password
when:
- cinder_username is defined
- cinder_username|length > 0
- cinder_application_credential_name is not defined or not cinder_application_credential_name
- cinder_application_credential_secret is not defined or not cinder_application_credential_secret
- cinder_password is not defined or not cinder_password
- name: Cinder CSI Driver | check cinder_region value
fail:
@ -24,11 +47,13 @@
msg: "one of cinder_tenant_id or cinder_tenant_name must be specified"
when:
- cinder_tenant_id is not defined or not cinder_tenant_id
- cinder_tenant_name is not defined
- name: Cinder CSI Driver | check cinder_tenant_name value
fail:
msg: "one of cinder_tenant_id or cinder_tenant_name must be specified"
when:
- cinder_tenant_name is not defined or not cinder_tenant_name
- cinder_tenant_id is not defined
- cinder_application_credential_name is not defined or not cinder_application_credential_name
- name: Cinder CSI Driver | check cinder_domain_id value
fail:
msg: "one of cinder_domain_id or cinder_domain_name must be specified"
when:
- cinder_domain_id is not defined or not cinder_domain_id
- cinder_domain_name is not defined or not cinder_domain_name
- cinder_application_credential_name is not defined or not cinder_application_credential_name

View file

@ -1,7 +1,18 @@
[Global]
auth-url="{{ cinder_auth_url }}"
{% if cinder_application_credential_id is not defined and cinder_application_credential_name is not defined %}
username="{{ cinder_username }}"
password="{{ cinder_password }}"
{% endif %}
{% if cinder_application_credential_id is defined and cinder_application_credential_id != "" %}
application-credential-id={{ cinder_application_credential_id }}
{% endif %}
{% if cinder_application_credential_name is defined and cinder_application_credential_name != "" %}
application-credential-name={{ cinder_application_credential_name }}
{% endif %}
{% if cinder_application_credential_secret is defined and cinder_application_credential_secret != "" %}
application-credential-secret={{ cinder_application_credential_secret }}
{% endif %}
region="{{ cinder_region }}"
{% if cinder_tenant_id is defined and cinder_tenant_id != "" %}
tenant-id="{{ cinder_tenant_id }}"

View file

@ -5,6 +5,9 @@
external_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}"
external_openstack_username: "{{ lookup('env','OS_USERNAME') }}"
external_openstack_password: "{{ lookup('env','OS_PASSWORD') }}"
external_openstack_application_credential_id: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_ID') }}"
external_openstack_application_credential_name: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_NAME') }}"
external_openstack_application_credential_secret: "{{ lookup('env','OS_APPLICATION_CREDENTIAL_SECRET') }}"
external_openstack_region: "{{ lookup('env','OS_REGION_NAME') }}"
external_openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_PROJECT_ID'),true) }}"
external_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME')| default(lookup('env','OS_PROJECT_NAME'),true) }}"