From 1775d2c9528b631afbab4088265c67f988a06796 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Mon, 25 Oct 2021 22:37:05 +0900
Subject: [PATCH] WIP: Load keystone credentials from clouds.yaml

Change-Id: Ie8246aa18d90ba506fe708be13c9a5afa3e5d2fd
---
 lib/puppet/provider/openstack/credentials.rb | 12 ++-
 manifests/clouds.pp                          | 84 ++++++++++++++++++++
 metadata.json                                |  4 +
 templates/clouds.yaml.erb                    | 40 ++++++++++
 4 files changed, 138 insertions(+), 2 deletions(-)
 create mode 100644 manifests/clouds.pp
 create mode 100644 templates/clouds.yaml.erb

diff --git a/lib/puppet/provider/openstack/credentials.rb b/lib/puppet/provider/openstack/credentials.rb
index 5f65512b..5288a726 100644
--- a/lib/puppet/provider/openstack/credentials.rb
+++ b/lib/puppet/provider/openstack/credentials.rb
@@ -54,6 +54,10 @@ class Puppet::Provider::Openstack::Credentials
     end
   end
 
+  def scope_match?(target)
+    scope_set? and (scope == nil or scope == target)
+  end
+
   def user_password_set?
     return true if @username && @password && @project_name && @auth_url
   end
@@ -88,7 +92,9 @@ class Puppet::Provider::Openstack::CredentialsV3 < Puppet::Provider::Openstack::
     :trust_id,
     :user_domain_id,
     :user_domain_name,
-    :user_id
+    :user_id,
+    :cloud,
+    :client_config_file,
   ]
 
   KEYS.each { |var| attr_accessor var }
@@ -113,12 +119,14 @@ class Puppet::Provider::Openstack::CredentialsV3 < Puppet::Provider::Openstack::
     elsif @system_scope
       return 'system'
     else
+      # When OS_CLOUDS is used, parameters are not directly passed to puppet
+      # so the scope can't be detected.
       return nil
     end
   end
 
   def user_password_set?
-    return true if user_set? && @password && scope_set? && @auth_url
+    return true if (user_set? && @password && scope_set? && @auth_url) || @cloud
   end
 
   def initialize
diff --git a/manifests/clouds.pp b/manifests/clouds.pp
new file mode 100644
index 00000000..5e267f69
--- /dev/null
+++ b/manifests/clouds.pp
@@ -0,0 +1,84 @@
+# == Class: openstacklib::clouds
+#
+# Generates clouds.yaml for openstack CLI
+#
+# == Parameters
+#
+# [*username*]
+#   (Required) The name of the keystone user.
+#
+# [*password*]
+#   (Required) Password of the keystone user.
+#
+# [*path*]
+#   (Optional) Path to the clouds.yaml file.
+#   Defaults to $name
+#
+# [*mode*]
+#   (Optional) Mode (permissions) of the clouds.yaml file.
+#   Defaults to 'root'
+#
+# [*owner*]
+#   (Optional) Owner of the clouds.yaml file.
+#   Defaults to 'root'
+#
+# [*group*]
+#   (Optional) Group of the clouds.yaml file.
+#   Defaults to 'root'
+#
+# [*cloudname*]
+#   (Optional) Name of the cloud.
+#   Defaults to 'openstack'
+#
+# [*user_domain_name*]
+#   (Optional) Name of domain for $username.
+#   Defaults to 'Default'
+#
+# [*project_name*]
+#   (Optional) The name of the keystone project.
+#   Defaults to undef
+#
+# [*project_domain_name*]
+#   (Optional) Name of domain for $project_name.
+#   Defaults to 'Default'
+#
+# [*system_scope*]
+#   (Optional) Scope for system operations.
+#   Defaults to undef
+#
+# [*identity_api_version*]
+#   (Optional) Version of identity API.
+#   Defaults to '3'
+#
+# [*interface*]
+#   (Optional) Determine the endpoint to be used.
+#   Defaults to undef
+#
+# [*region_name*]
+#   (Optional) The region in which the service can be found.
+#   Defaults to undef
+#
+define openstacklib::clouds(
+  $username,
+  $password,
+  $path                 = $name,
+  $mode                 = '0600',
+  $owner                = 'root',
+  $group                = 'root',
+  $cloudname            = 'openstack',
+  $user_domain_name     = 'Default',
+  $project_name         = undef,
+  $project_domain_name  = 'Default',
+  $system_scope         = undef,
+  $identity_api_version = '3',
+  $interface            = undef,
+  $region_name          = undef,
+) {
+
+  concat::fragment { $path:
+    content => template('openstacklib/clouds.yaml.erb'),
+    mode    => $mode,
+    owner   => $owner,
+    group   => $group,
+  } 
+}
diff --git a/metadata.json b/metadata.json
index 508e2848..31a0efa0 100644
--- a/metadata.json
+++ b/metadata.json
@@ -5,6 +5,10 @@
             "name": "puppetlabs/apache",
             "version_requirement": ">=5.0.0"
         },
+        {
+            "name": "puppetlabs/concat",
+            "version_requirement": ">=1.0.0 <8.0.0"
+        },
         {
             "name": "puppetlabs/inifile",
             "version_requirement": ">=2.0.0 <3.0.0"
diff --git a/templates/clouds.yaml.erb b/templates/clouds.yaml.erb
new file mode 100644
index 00000000..1cd41c7f
--- /dev/null
+++ b/templates/clouds.yaml.erb
@@ -0,0 +1,40 @@
+clouds:
+<% if @project_name -%>
+  project:
+    auth:
+      auth_url: <%= @auth_url %>
+      password: <%= @password %>
+      username: <%= @username %>
+      user_domain_name: <%= @user_domain_name %>
+      project_name: <%= @project_name %>
+      project_domain_name: <%= @project_domain_name %>
+    identity_api_version: <%= $identity_api_version %>
+<% if @interface -%>
+    interface: <%= @interface %>
+<% end -%>
+<% if @region_name -%>
+    region_name: <%= @region_name %>
+<% end -%>
+<% if @cacert -%>
+    cacert: <%= @cacert %>
+<% end -%>
+<% end -%>
+<% if @system_scope -%>
+  system:
+    auth:
+      auth_url: <%= @auth_url %>
+      password: <%= @password %>
+      username: <%= @username %>
+      user_domain_name: <%= @user_domain_name %>
+      system_scope: <%= @system_scope %>
+    identity_api_version: <%= $identity_api_version %>
+<% if @interface -%>
+    interface: <%= @interface %>
+<% end -%>
+<% if @region_name -%>
+    region_name: <%= @region_name %>
+<% end -%>
+<% if @cacert -%>
+    cacert: <%= @cacert %>
+<% end -%>
+<% end -%>