From 16d5f67ba7020701edbbf09a747f5683b0840c21 Mon Sep 17 00:00:00 2001
From: Sylvain Bauza <sylvain.bauza@bull.net>
Date: Mon, 20 Jan 2014 11:12:32 +0100
Subject: [PATCH] Fix service user creating objects

Service user used by Climate should not create objects such as
host aggregates. Consequently, until we migrate the code by using
trusts, we need to use a dedicated user for operations

Change-Id: I35878e178dea7eb10a52ad2419e191d8d683b35c
Closes-bug: #1270765
---
 README.md                                   |  4 ---
 README.rst                                  | 14 ++++++++++
 climate/plugins/oshosts/__init__.py         | 31 +++++++++++++++++++++
 climate/plugins/oshosts/nova_inventory.py   |  6 ++--
 climate/plugins/oshosts/reservation_pool.py |  6 ++--
 etc/climate.conf.example                    |  3 ++
 setup.cfg                                   |  2 +-
 7 files changed, 55 insertions(+), 11 deletions(-)
 delete mode 100644 README.md
 create mode 100644 README.rst

diff --git a/README.md b/README.md
deleted file mode 100644
index 6f4f75e6..00000000
--- a/README.md
+++ /dev/null
@@ -1,4 +0,0 @@
-climate
-=======
-
-OpenStack Reservation Service
\ No newline at end of file
diff --git a/README.rst b/README.rst
new file mode 100644
index 00000000..6468abea
--- /dev/null
+++ b/README.rst
@@ -0,0 +1,14 @@
+Climate
+=======
+
+Overview
+--------
+OpenStack Reservation Service
+
+
+Prerequisites
+-------------
+* Keystone v3 API endpoint
+* Dedicated account for write operations on behalf of the admin
+   climate_username
+* Service account
diff --git a/climate/plugins/oshosts/__init__.py b/climate/plugins/oshosts/__init__.py
index e69de29b..33b925cd 100644
--- a/climate/plugins/oshosts/__init__.py
+++ b/climate/plugins/oshosts/__init__.py
@@ -0,0 +1,31 @@
+# Copyright (c) 2014 Bull.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from oslo.config import cfg
+
+
+admin_opts = [
+    cfg.StrOpt('climate_username',
+               default='climate_admin',
+               help='Name of the user for write operations'),
+    cfg.StrOpt('climate_password',
+               default='climate_password',
+               help='Password of the user for write operations'),
+    cfg.StrOpt('climate_tenant_name',
+               default='admin',
+               help='Tenant of the user for write operations'),
+]
+
+cfg.CONF.register_opts(admin_opts)
diff --git a/climate/plugins/oshosts/nova_inventory.py b/climate/plugins/oshosts/nova_inventory.py
index 79196814..bd091ec4 100644
--- a/climate/plugins/oshosts/nova_inventory.py
+++ b/climate/plugins/oshosts/nova_inventory.py
@@ -30,10 +30,10 @@ class NovaInventory(object):
                                         cfg.CONF.os_auth_host,
                                         cfg.CONF.os_auth_port)
         self.nova = client.Client('2',
-                                  username=cfg.CONF.os_admin_username,
-                                  api_key=cfg.CONF.os_admin_password,
+                                  username=cfg.CONF.climate_username,
+                                  api_key=cfg.CONF.climate_password,
                                   auth_url=auth_url,
-                                  project_id=cfg.CONF.os_admin_tenant_name)
+                                  project_id=cfg.CONF.climate_tenant_name)
 
     def get_host_details(self, host):
         """Get Nova capabilities of a single host
diff --git a/climate/plugins/oshosts/reservation_pool.py b/climate/plugins/oshosts/reservation_pool.py
index 8eab8871..38b609e2 100644
--- a/climate/plugins/oshosts/reservation_pool.py
+++ b/climate/plugins/oshosts/reservation_pool.py
@@ -56,10 +56,10 @@ class ReservationPool(object):
                                         cfg.CONF.os_auth_host,
                                         cfg.CONF.os_auth_port)
         self.nova = client.Client('2',
-                                  username=cfg.CONF.os_admin_username,
-                                  api_key=cfg.CONF.os_admin_password,
+                                  username=cfg.CONF.climate_username,
+                                  api_key=cfg.CONF.climate_password,
                                   auth_url=auth_url,
-                                  project_id=cfg.CONF.os_admin_tenant_name)
+                                  project_id=cfg.CONF.climate_tenant_name)
 
     def get_aggregate_from_name_or_id(self, aggregate_obj):
         """Return an aggregate by name or an id."""
diff --git a/etc/climate.conf.example b/etc/climate.conf.example
index b03b4c0e..25ea2a6e 100644
--- a/etc/climate.conf.example
+++ b/etc/climate.conf.example
@@ -6,6 +6,9 @@ os_auth_protocol=<http, for example>
 os_admin_username=<username>
 os_admin_password=<password>
 os_admin_tenant_name=<tenant_name>
+climate_username=<username>
+climate_password=<password>
+climate_tenant_name=<tenant_name>
 
 [manager]
 plugins=dummy.vm.plugin,physical.host.plugin
diff --git a/setup.cfg b/setup.cfg
index b43a5bc2..01bde6c1 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -2,7 +2,7 @@
 name = climate
 version = 2013.1
 summary = Reservation Service for OpenStack clouds
-description-file = README.md
+description-file = README.rst
 license = Apache Software License
 classifiers =
     Programming Language :: Python