From f54c9b0eed23911efc885b7fc59cef579ec124e7 Mon Sep 17 00:00:00 2001 From: Alexandru Mahmoud Date: Fri, 17 Jun 2022 17:12:19 -0400 Subject: [PATCH 1/5] Add application credentials support --- .../cloudman2/cloudman2_app.py | 66 +++++++++++++------ .../backend_plugins/cloudman2_app.py | 65 ++++++++++++------ 2 files changed, 93 insertions(+), 38 deletions(-) diff --git a/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py b/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py index fd36ecc..e543cfd 100644 --- a/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py +++ b/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py @@ -337,7 +337,7 @@ def delete_iam(): GCP_CLOUD_CONF = \ "[Global]\n" -OPENSTACK_CLOUD_CONF = \ +OPENSTACK_CLOUD_CONF_USER = \ "[Global]\n" \ "username=\"$os_username\"\n" \ "password=\"$os_password\"\n" \ @@ -349,6 +349,16 @@ def delete_iam(): "ignore-volume-az=$os_ignore_volume_az\n" +OPENSTACK_CLOUD_CONF_APP_CRED = \ + "[Global]\n" \ + "application-credential-id=\"$os_app_cred_id\"\n" \ + "application-credential-secret=\"$os_app_cred_secret\"\n" \ + "auth-url=$os_auth_url\n" \ + "region=$os_region\n" \ + "[BlockStorage]\n" \ + "ignore-volume-az=$os_ignore_volume_az\n" + + class CloudMan2AnsibleAppConfigurer(AnsibleAppConfigurer): """Add CloudMan2 specific vars to playbook.""" @@ -391,26 +401,44 @@ def _gen_cloud_conf(self, provider_id, cloud_config): conf_template = GCP_CLOUD_CONF values = {} elif provider_id == "openstack": - # http://henriquetruta.github.io/openstack-cloud-provider/ - conf_template = OPENSTACK_CLOUD_CONF - os_ignore_az = self._os_ignore_az( - zone.get('zone_id'), - zone.get('region', {}).get('cloudbridge_settings')) - if creds.get('os_user_domain_id'): - domain_entry = f"domain-id={creds.get('os_user_domain_id')}" + os_user = creds.get('os_username') + os_pass = creds.get('os_password') + if os_user and os_pass: + # http://henriquetruta.github.io/openstack-cloud-provider/ + conf_template = OPENSTACK_CLOUD_CONF_USER + os_ignore_az = self._os_ignore_az( + zone.get('zone_id'), + zone.get('region', {}).get('cloudbridge_settings')) + if creds.get('os_user_domain_id'): + domain_entry = f"domain-id={creds.get('os_user_domain_id')}" + else: + domain_entry = f"domain-name={creds.get('os_user_domain_name')}" + + values = { + 'os_username': os_user, + 'os_password': os_pass, + 'domain_entry': domain_entry, + 'os_tenant_name': creds.get('os_project_name'), + 'os_auth_url': zone.get('cloud', {}).get('auth_url'), + 'os_region': zone.get('region', {}).get('name'), + # https://github.com/kubernetes/kubernetes/issues/53488 + 'os_ignore_volume_az': os_ignore_az + } else: - domain_entry = f"domain-name={creds.get('os_user_domain_name')}" + # Assuming app credentials if no user and pass set + conf_template = OPENSTACK_CLOUD_CONF_APP_CRED + os_ignore_az = self._os_ignore_az( + zone.get('zone_id'), + zone.get('region', {}).get('cloudbridge_settings')) + values = { + # https://github.com/kubernetes/cloud-provider-openstack/blob/master/manifests/controller-manager/cloud-config + 'os_app_cred_id': creds.get('os_application_credential_id'), + 'os_app_cred_secret': creds.get('os_application_credential_secret'), + 'os_auth_url': zone.get('cloud', {}).get('auth_url'), + 'os_region': zone.get('region', {}).get('name'), + 'os_ignore_volume_az': os_ignore_az + } - values = { - 'os_username': creds.get('os_username'), - 'os_password': creds.get('os_password'), - 'domain_entry': domain_entry, - 'os_tenant_name': creds.get('os_project_name'), - 'os_auth_url': zone.get('cloud', {}).get('auth_url'), - 'os_region': zone.get('region', {}).get('name'), - # https://github.com/kubernetes/kubernetes/issues/53488 - 'os_ignore_volume_az': os_ignore_az - } return string.Template(conf_template).substitute(values) def _get_kube_cloud_settings(self, provider_config, cloud_config): diff --git a/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2_app.py b/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2_app.py index 8fd500a..55a6ad6 100644 --- a/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2_app.py +++ b/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2_app.py @@ -336,7 +336,7 @@ def delete_iam(): GCP_CLOUD_CONF = \ "[Global]\n" -OPENSTACK_CLOUD_CONF = \ +OPENSTACK_CLOUD_CONF_USER = \ "[Global]\n" \ "username=\"$os_username\"\n" \ "password=\"$os_password\"\n" \ @@ -348,6 +348,15 @@ def delete_iam(): "ignore-volume-az=$os_ignore_volume_az\n" +OPENSTACK_CLOUD_CONF_APP_CRED = \ + "[Global]\n" \ + "application-credential-id=\"$os_app_cred_id\"\n" \ + "application-credential-secret=\"$os_app_cred_secret\"\n" \ + "auth-url=$os_auth_url\n" \ + "region=$os_region\n" \ + "[BlockStorage]\n" \ + "ignore-volume-az=$os_ignore_volume_az\n" + class CloudMan2AnsibleAppConfigurer(AnsibleAppConfigurer): """Add CloudMan2 specific vars to playbook.""" @@ -390,26 +399,44 @@ def _gen_cloud_conf(self, provider_id, cloud_config): conf_template = GCP_CLOUD_CONF values = {} elif provider_id == "openstack": - # http://henriquetruta.github.io/openstack-cloud-provider/ - conf_template = OPENSTACK_CLOUD_CONF - os_ignore_az = self._os_ignore_az( - zone.get('zone_id'), - zone.get('region', {}).get('cloudbridge_settings')) - if creds.get('os_user_domain_id'): - domain_entry = f"domain-id={creds.get('os_user_domain_id')}" + os_user = creds.get('os_username') + os_pass = creds.get('os_password') + if os_user and os_pass: + # http://henriquetruta.github.io/openstack-cloud-provider/ + conf_template = OPENSTACK_CLOUD_CONF_USER + os_ignore_az = self._os_ignore_az( + zone.get('zone_id'), + zone.get('region', {}).get('cloudbridge_settings')) + if creds.get('os_user_domain_id'): + domain_entry = f"domain-id={creds.get('os_user_domain_id')}" + else: + domain_entry = f"domain-name={creds.get('os_user_domain_name')}" + + values = { + 'os_username': os_user, + 'os_password': os_pass, + 'domain_entry': domain_entry, + 'os_tenant_name': creds.get('os_project_name'), + 'os_auth_url': zone.get('cloud', {}).get('auth_url'), + 'os_region': zone.get('region', {}).get('name'), + # https://github.com/kubernetes/kubernetes/issues/53488 + 'os_ignore_volume_az': os_ignore_az + } else: - domain_entry = f"domain-name={creds.get('os_user_domain_name')}" + # Assuming app credentials if no user and pass set + conf_template = OPENSTACK_CLOUD_CONF_APP_CRED + os_ignore_az = self._os_ignore_az( + zone.get('zone_id'), + zone.get('region', {}).get('cloudbridge_settings')) + values = { + # https://github.com/kubernetes/cloud-provider-openstack/blob/master/manifests/controller-manager/cloud-config + 'os_app_cred_id': creds.get('os_application_credential_id'), + 'os_app_cred_secret': creds.get('os_application_credential_secret'), + 'os_auth_url': zone.get('cloud', {}).get('auth_url'), + 'os_region': zone.get('region', {}).get('name'), + 'os_ignore_volume_az': os_ignore_az + } - values = { - 'os_username': creds.get('os_username'), - 'os_password': creds.get('os_password'), - 'domain_entry': domain_entry, - 'os_tenant_name': creds.get('os_project_name'), - 'os_auth_url': zone.get('cloud', {}).get('auth_url'), - 'os_region': zone.get('region', {}).get('name'), - # https://github.com/kubernetes/kubernetes/issues/53488 - 'os_ignore_volume_az': os_ignore_az - } return string.Template(conf_template).substitute(values) def _get_kube_cloud_settings(self, provider_config, cloud_config): From 7b8d2aa00d0bca3bca9235e5d242848065eea592 Mon Sep 17 00:00:00 2001 From: Alexandru Mahmoud Date: Tue, 21 Jun 2022 21:17:17 +0000 Subject: [PATCH 2/5] Tmp working --- requirements.txt | 4 ++-- setup.py | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/requirements.txt b/requirements.txt index 9406dec..9a3cfc7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,6 +2,6 @@ git+https://github.com/encode/django-rest-framework # install edge till this is released: https://github.com/celery/django-celery-results/issues/157 git+https://github.com/celery/django-celery-results -git+https://github.com/CloudVE/cloudbridge#egg=cloudbridge -git+https://github.com/CloudVE/djcloudbridge#egg=djcloudbridge +git+https://github.com/CloudVE/cloudbridge@os_app_creds_support#egg=cloudbridge[full] +git+https://github.com/almahmoud/djcloudbridge@os_app_creds -e ".[prod]" diff --git a/setup.py b/setup.py index e736c84..2f89681 100755 --- a/setup.py +++ b/setup.py @@ -43,7 +43,7 @@ def get_version(*file_paths): history = open('HISTORY.rst').read().replace('.. :changelog:', '') REQS_BASE = [ - 'Django>=3.0', + 'Django<4.0', # ======== Celery ========= 'celery>=5.0', # celery results backend which uses the django DB @@ -63,8 +63,8 @@ def get_version(*file_paths): # Provides REST API schema 'coreapi>=2.2.3', # ======== CloudBridge ========= - 'cloudbridge', - 'djcloudbridge', + 'cloudbridge@git+https://github.com/CloudVE/cloudbridge@os_app_creds_support', + 'djcloudbridge@git+https://github.com/almahmoud/djcloudbridge@os_app_creds', # ======== Django ========= # Provides better inheritance support for django models 'django-model-utils', From 5938f370b1ff33d2bfd653514a6fef367a33b49f Mon Sep 17 00:00:00 2001 From: Alexandru Mahmoud Date: Tue, 21 Jun 2022 17:20:51 -0400 Subject: [PATCH 3/5] Update django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py Co-authored-by: Nuwan Goonasekera <2070605+nuwang@users.noreply.github.com> --- .../cloudman2/cloudman2_app.py | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py b/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py index e543cfd..4661c51 100644 --- a/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py +++ b/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py @@ -403,27 +403,30 @@ def _gen_cloud_conf(self, provider_id, cloud_config): elif provider_id == "openstack": os_user = creds.get('os_username') os_pass = creds.get('os_password') + os_ignore_az = self._os_ignore_az( + zone.get('zone_id'), + zone.get('region', {}).get('cloudbridge_settings')) + values = { + 'os_auth_url': zone.get('cloud', {}).get('auth_url'), + 'os_region': zone.get('region', {}).get('name'), + # https://github.com/kubernetes/kubernetes/issues/53488 + 'os_ignore_volume_az': os_ignore_az + } + if os_user and os_pass: # http://henriquetruta.github.io/openstack-cloud-provider/ conf_template = OPENSTACK_CLOUD_CONF_USER - os_ignore_az = self._os_ignore_az( - zone.get('zone_id'), - zone.get('region', {}).get('cloudbridge_settings')) if creds.get('os_user_domain_id'): domain_entry = f"domain-id={creds.get('os_user_domain_id')}" else: domain_entry = f"domain-name={creds.get('os_user_domain_name')}" - values = { + values.update({ 'os_username': os_user, 'os_password': os_pass, 'domain_entry': domain_entry, 'os_tenant_name': creds.get('os_project_name'), - 'os_auth_url': zone.get('cloud', {}).get('auth_url'), - 'os_region': zone.get('region', {}).get('name'), - # https://github.com/kubernetes/kubernetes/issues/53488 - 'os_ignore_volume_az': os_ignore_az - } + }) else: # Assuming app credentials if no user and pass set conf_template = OPENSTACK_CLOUD_CONF_APP_CRED From 00b8612ec4945c672e364e9f467f15250f672b5b Mon Sep 17 00:00:00 2001 From: Alexandru Mahmoud Date: Tue, 21 Jun 2022 17:20:58 -0400 Subject: [PATCH 4/5] Update django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py Co-authored-by: Nuwan Goonasekera <2070605+nuwang@users.noreply.github.com> --- .../backend_plugins/cloudman2/cloudman2_app.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py b/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py index 4661c51..498f3a5 100644 --- a/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py +++ b/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2/cloudman2_app.py @@ -430,17 +430,11 @@ def _gen_cloud_conf(self, provider_id, cloud_config): else: # Assuming app credentials if no user and pass set conf_template = OPENSTACK_CLOUD_CONF_APP_CRED - os_ignore_az = self._os_ignore_az( - zone.get('zone_id'), - zone.get('region', {}).get('cloudbridge_settings')) - values = { + values.update({ # https://github.com/kubernetes/cloud-provider-openstack/blob/master/manifests/controller-manager/cloud-config 'os_app_cred_id': creds.get('os_application_credential_id'), 'os_app_cred_secret': creds.get('os_application_credential_secret'), - 'os_auth_url': zone.get('cloud', {}).get('auth_url'), - 'os_region': zone.get('region', {}).get('name'), - 'os_ignore_volume_az': os_ignore_az - } + }) return string.Template(conf_template).substitute(values) From d74ae6f1f79f7fd4d0f3780a09598baf6c800c50 Mon Sep 17 00:00:00 2001 From: Alexandru Mahmoud Date: Thu, 15 Sep 2022 13:39:29 -0400 Subject: [PATCH 5/5] Refactor common dict keys --- .../backend_plugins/cloudman2_app.py | 25 ++++++++----------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2_app.py b/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2_app.py index 55a6ad6..8220bbc 100644 --- a/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2_app.py +++ b/django-cloudlaunch/cloudlaunch/backend_plugins/cloudman2_app.py @@ -404,9 +404,6 @@ def _gen_cloud_conf(self, provider_id, cloud_config): if os_user and os_pass: # http://henriquetruta.github.io/openstack-cloud-provider/ conf_template = OPENSTACK_CLOUD_CONF_USER - os_ignore_az = self._os_ignore_az( - zone.get('zone_id'), - zone.get('region', {}).get('cloudbridge_settings')) if creds.get('os_user_domain_id'): domain_entry = f"domain-id={creds.get('os_user_domain_id')}" else: @@ -416,26 +413,24 @@ def _gen_cloud_conf(self, provider_id, cloud_config): 'os_username': os_user, 'os_password': os_pass, 'domain_entry': domain_entry, - 'os_tenant_name': creds.get('os_project_name'), - 'os_auth_url': zone.get('cloud', {}).get('auth_url'), - 'os_region': zone.get('region', {}).get('name'), - # https://github.com/kubernetes/kubernetes/issues/53488 - 'os_ignore_volume_az': os_ignore_az + 'os_tenant_name': creds.get('os_project_name') } else: # Assuming app credentials if no user and pass set conf_template = OPENSTACK_CLOUD_CONF_APP_CRED - os_ignore_az = self._os_ignore_az( - zone.get('zone_id'), - zone.get('region', {}).get('cloudbridge_settings')) values = { # https://github.com/kubernetes/cloud-provider-openstack/blob/master/manifests/controller-manager/cloud-config 'os_app_cred_id': creds.get('os_application_credential_id'), - 'os_app_cred_secret': creds.get('os_application_credential_secret'), - 'os_auth_url': zone.get('cloud', {}).get('auth_url'), - 'os_region': zone.get('region', {}).get('name'), - 'os_ignore_volume_az': os_ignore_az + 'os_app_cred_secret': creds.get('os_application_credential_secret') } + + # https://github.com/kubernetes/kubernetes/issues/53488 + os_ignore_az = self._os_ignore_az( + zone.get('zone_id'), + zone.get('region', {}).get('cloudbridge_settings')) + values['os_auth_url'] = zone.get('cloud', {}).get('auth_url') + values['os_region'] = zone.get('region', {}).get('name') + values['os_ignore_volume_az'] = os_ignore_az return string.Template(conf_template).substitute(values)