Support remote vendor profiles

Maintaining vendor profile information inside of the sdk is great and all, but it winds up being problematic from a release management perspective since the data should always be current but people may not be in a position to upgrade their version of openstacksdk. It's also a less pleasing experience for people running or using clouds that the openstacksdk developers don't know about. RFC 5785 defines a scheme for serving data at well known URL locations. Use it to allow specifying a profile by URL instead of by name. For instance, for the cloud Example, a user could list profile: https://example.com and openstacksdk will fetch the profile from https://example.com/.well-known/openstack/api. It should be noted that sub-urls are not allowed, so it MUST be served off of a root domain. (That is, https://example.com/cloud is not allowed by the RFC) Clouds are not required to serve one of these. Change-Id: I884f62b35da5f29aa6e72e2dde9b8ec3ef48ad60
2018-11-07 09:49:07 -06:00 · 2018-11-07 09:49:07 -06:00 · 3d08643c43
parent 1da367b537
commit 3d08643c43
6 changed files with 89 additions and 15 deletions
--- a/doc/source/user/config/configuration.rst
+++ b/doc/source/user/config/configuration.rst
@ -84,7 +84,7 @@ An example config file is probably helpful:

  clouds:
    mtvexx:
-      profile: vexxhost
+      profile: https://vexxhost.com
      auth:
        username: mordred@inaugust.com
        password: XXXXXXXXX
@ -111,7 +111,8 @@ An example config file is probably helpful:

 You may note a few things. First, since `auth_url` settings are silly
 and embarrassingly ugly, known cloud vendor profile information is included and
-may be referenced by name. One of the benefits of that is that `auth_url`
+may be referenced by name or by base URL to the cloud in question if the
+cloud serves a vendor profile. One of the benefits of that is that `auth_url`
 isn't the only thing the vendor defaults contain. For instance, since
 Rackspace lists `rax:database` as the service type for trove, `openstacksdk`
 knows that so that you don't have to. In case the cloud vendor profile is not
--- a/openstack/config/loader.py
+++ b/openstack/config/loader.py
@ -462,6 +462,11 @@ class OpenStackConfig(object):
        else:
            profile_data = vendors.get_profile(profile_name)
            if profile_data:
+                nested_profile = profile_data.pop('profile', None)
+                if nested_profile:
+                    nested_profile_data = vendors.get_profile(nested_profile)
+                    if nested_profile_data:
+                        profile_data = nested_profile_data
                status = profile_data.pop('status', 'active')
                message = profile_data.pop('message', '')
                if status == 'deprecated':
--- a/openstack/config/vendors/init.py
+++ b/openstack/config/vendors/init.py
@ -16,10 +16,16 @@ import glob
 import json
 import os

+from six.moves import urllib
+import requests
 import yaml

+from openstack.config import _util
+from openstack import exceptions
+
 _VENDORS_PATH = os.path.dirname(os.path.realpath(__file__))
 _VENDOR_DEFAULTS = {}
+_WELL_KNOWN_PATH = "{scheme}://{netloc}/.well-known/openstack/api"


 def _get_vendor_defaults():
@ -40,3 +46,37 @@ def get_profile(profile_name):
    vendor_defaults = _get_vendor_defaults()
    if profile_name in vendor_defaults:
        return vendor_defaults[profile_name].copy()
+    profile_url = urllib.parse.urlparse(profile_name)
+    if not profile_url.netloc:
+        # This isn't a url, and we already don't have it.
+        return
+    well_known_url = _WELL_KNOWN_PATH.format(
+        scheme=profile_url.scheme,
+        netloc=profile_url.netloc,
+    )
+    response = requests.get(well_known_url)
+    if not response.ok:
+        raise exceptions.ConfigException(
+            "{profile_name} is a remote profile that could not be fetched:"
+            " ({status_code) {reason}".format(
+                profile_name=profile_name,
+                status_code=response.status_code,
+                reason=response.reason))
+        vendor_defaults[profile_name] = None
+        return
+    vendor_data = response.json()
+    name = vendor_data['name']
+    # Merge named and url cloud config, but make named config override the
+    # config from the cloud so that we can supply local overrides if needed.
+    profile = _util.merge_clouds(
+        vendor_data['profile'],
+        vendor_defaults.get(name, {}))
+    # If there is (or was) a profile listed in a named config profile, it
+    # might still be here. We just merged in content from a URL though, so
+    # pop the key to prevent doing it again in the future.
+    profile.pop('profile', None)
+    # Save the data under both names so we don't reprocess this, no matter
+    # how we're called.
+    vendor_defaults[profile_name] = profile
+    vendor_defaults[name] = profile
+    return profile
--- a/openstack/config/vendors/vexxhost.json
+++ b/openstack/config/vendors/vexxhost.json
@ -1,18 +1,6 @@
 {
  "name": "vexxhost",
  "profile": {
-    "auth_type": "v3password",
-    "auth": {
-      "auth_url": "https://auth.vexxhost.net/v3"
-    },
-    "regions": [
-      "ca-ymq-1",
-      "sjc1"
-    ],
-    "dns_api_version": "1",
-    "identity_api_version": "3",
-    "image_format": "raw",
-    "floating_ip_source": "None",
-    "requires_floating_ip": false
+    "profile": "https://vexxhost.com"
  }
 }
--- a/openstack/tests/unit/config/test_config.py
+++ b/openstack/tests/unit/config/test_config.py
@ -96,6 +96,39 @@ class TestConfig(base.TestCase):
        cc = c.get_one()
        self.assertEqual(cc.name, 'single')

+    def test_remote_profile(self):
+        single_conf = base._write_yaml({
+            'clouds': {
+                'remote': {
+                    'profile': 'https://example.com',
+                    'auth': {
+                        'username': 'testuser',
+                        'password': 'testpass',
+                        'project_name': 'testproject',
+                    },
+                    'region_name': 'test-region',
+                }
+            }
+        })
+        self.register_uris([
+            dict(method='GET',
+                 uri='https://example.com/.well-known/openstack/api',
+                 json={
+                     "name": "example",
+                     "profile": {
+                         "auth": {
+                             "auth_url": "https://auth.example.com/v3",
+                         }
+                     }
+                 }),
+        ])
+
+        c = config.OpenStackConfig(config_files=[single_conf])
+        cc = c.get_one(cloud='remote')
+        self.assertEqual(cc.name, 'remote')
+        self.assertEqual(cc.auth['auth_url'], 'https://auth.example.com/v3')
+        self.assertEqual(cc.auth['username'], 'testuser')
+
    def test_get_one_auth_defaults(self):
        c = config.OpenStackConfig(config_files=[self.cloud_yaml])
        cc = c.get_one(cloud='_test-cloud_', auth={'username': 'user'})
--- a/releasenotes/notes/remote-profile-100218d08b25019d.yaml
+++ b/releasenotes/notes/remote-profile-100218d08b25019d.yaml
@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Vendor profiles can now be fetched from an RFC 5785 compliant URL on a
+    cloud, namely, ``https://example.com/.well-known/openstack/api``. A cloud
+    can manage their own vendor profile and serve it from that URL, allowing
+    a user to simply list ``https://example.com`` as the profile name.