openstack/python-magnumclient
Code Issues Proposed changes

Merge "Keystone auth support"

Browse Source
This commit is contained in:
Zuul 2019-02-28 16:19:54 +00:00 committed by Gerrit Code Review
commit 37e602d160
2 changed files with 82 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
magnumclient/common/utils.py
View File

@ -160,11 +160,11 @@ def handle_json_from_file(json_arg):
def config_cluster(cluster, cluster_template, cfg_dir, force=False,
certs=None):
certs=None, use_keystone=False):
"""Return and write configuration for the given cluster."""
if cluster_template.coe == 'kubernetes':
return _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
force, certs)
force, certs, use_keystone)
elif (cluster_template.coe == 'swarm'
or cluster_template.coe == 'swarm-mode'):
return _config_cluster_swarm(cluster, cluster_template, cfg_dir,
@ -172,7 +172,7 @@ def config_cluster(cluster, cluster_template, cfg_dir, force=False,
def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
force=False, certs=None):
force=False, certs=None, use_keystone=False):
"""Return and write configuration for the given kubernetes cluster."""
cfg_file = "%s/config" % cfg_dir
if cluster_template.tls_disabled or certs is None:
@ -193,30 +193,64 @@ def _config_cluster_kubernetes(cluster, cluster_template, cfg_dir,
"- name: %(name)s'\n"
% {'name': cluster.name, 'api_address': cluster.api_address})
else:
cfg = ("apiVersion: v1\n"
"clusters:\n"
"- cluster:\n"
" certificate-authority-data: %(ca)s\n"
" server: %(api_address)s\n"
" name: %(name)s\n"
"contexts:\n"
"- context:\n"
" cluster: %(name)s\n"
" user: admin\n"
" name: default\n"
"current-context: default\n"
"kind: Config\n"
"preferences: {}\n"
"users:\n"
"- name: admin\n"
" user:\n"
" client-certificate-data: %(cert)s\n"
" client-key-data: %(key)s\n"
% {'name': cluster.name,
'api_address': cluster.api_address,
'key': base64.b64encode(certs['key']),
'cert': base64.b64encode(certs['cert']),
'ca': base64.b64encode(certs['ca'])})
if not use_keystone:
cfg = ("apiVersion: v1\n"
"clusters:\n"
"- cluster:\n"
" certificate-authority-data: %(ca)s\n"
" server: %(api_address)s\n"
" name: %(name)s\n"
"contexts:\n"
"- context:\n"
" cluster: %(name)s\n"
" user: admin\n"
" name: default\n"
"current-context: default\n"
"kind: Config\n"
"preferences: {}\n"
"users:\n"
"- name: admin\n"
" user:\n"
" client-certificate-data: %(cert)s\n"
" client-key-data: %(key)s\n"
% {'name': cluster.name,
'api_address': cluster.api_address,
'key': base64.b64encode(certs['key']),
'cert': base64.b64encode(certs['cert']),
'ca': base64.b64encode(certs['ca'])})
else:
cfg = ("apiVersion: v1\n"
"clusters:\n"
"- cluster:\n"
" certificate-authority-data: %(ca)s\n"
" server: %(api_address)s\n"
" name: %(name)s\n"
"contexts:\n"
"- context:\n"
" cluster: %(name)s\n"
" user: openstackuser\n"
" name: openstackuser@kubernetes\n"
"current-context: openstackuser@kubernetes\n"
"kind: Config\n"
"preferences: {}\n"
"users:\n"
"- name: openstackuser\n"
" user:\n"
" exec:\n"
" command: /bin/bash\n"
" apiVersion: client.authentication.k8s.io/v1alpha1\n"
" args:\n"
" - -c\n"
" - >\n"
" if [ -z ${OS_TOKEN} ]; then\n"
" echo 'Error: Missing OpenStack credential from environment variable $OS_TOKEN' > /dev/stderr\n" # noqa
" exit 1\n"
" else\n"
" echo '{ \"apiVersion\": \"client.authentication.k8s.io/v1alpha1\", \"kind\": \"ExecCredential\", \"status\": { \"token\": \"'\"${OS_TOKEN}\"'\"}}'\n" # noqa
" fi\n"
% {'name': cluster.name,
'api_address': cluster.api_address,
'ca': base64.b64encode(certs['ca'])})
if os.path.exists(cfg_file) and not force:
raise exc.CommandError("File %s exists, aborting." % cfg_file)

26
magnumclient/osc/v1/clusters.py
View File

@ -305,6 +305,18 @@ class ConfigCluster(command.Command):
dest='output_certs',
default=False,
help=_('Output certificates in separate files.'))
parser.add_argument(
'--use-certificate',
action='store_true',
dest='use_certificate',
default=True,
help=_('Use certificate in config files.'))
parser.add_argument(
'--use-keystone',
action='store_true',
dest='use_keystone',
default=False,
help=_('Use Keystone token in config files.'))
return parser
@ -315,6 +327,11 @@ class ConfigCluster(command.Command):
the corresponding COE configured to access the cluster.
"""
if parsed_args.use_keystone:
parsed_args.use_certificate = False
if not parsed_args.use_certificate:
parsed_args.use_keystone = True
self.log.debug("take_action(%s)", parsed_args)
mag_client = self.app.client_manager.container_infra
@ -346,8 +363,7 @@ class ConfigCluster(command.Command):
with open(fname, "w") as f:
f.write(tls[k])
print(magnum_utils.config_cluster(cluster,
cluster_template,
parsed_args.dir,
force=parsed_args.force,
certs=tls))
print(magnum_utils.config_cluster(
cluster, cluster_template, parsed_args.dir,
force=parsed_args.force, certs=tls,
use_keystone=parsed_args.use_keystone))