From af5d65caf851081672d7a10d78e52ba55bd496fa Mon Sep 17 00:00:00 2001 From: Manuel Giffels Date: Mon, 7 Mar 2022 09:20:02 +0100 Subject: [PATCH 1/5] Use patched AsyncOpenStack client version --- setup.py | 2 +- tardis/adapters/sites/openstack.py | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 7fdfbaf7..ade13e20 100644 --- a/setup.py +++ b/setup.py @@ -84,7 +84,7 @@ def get_cryptography_version(): get_cryptography_version(), "CloudStackAIO>=0.0.8", "PyYAML", - "AsyncOpenStackClient", + "git+https://github.com/giffels/AsyncOpenStackClient@feature/support_application_credentials", # noqa B950 "cobald>=0.12.3", "asyncssh", "aiotelegraf", diff --git a/tardis/adapters/sites/openstack.py b/tardis/adapters/sites/openstack.py index 389e0859..6684f22d 100644 --- a/tardis/adapters/sites/openstack.py +++ b/tardis/adapters/sites/openstack.py @@ -37,6 +37,8 @@ def __init__(self, machine_type: str, site_name: str): project_name=self.configuration.project_name, user_domain_name=self.configuration.user_domain_name, project_domain_name=self.configuration.project_domain_name, + application_credential_id=self.configuration.application_credential_id, + application_credential_secret=self.configuration.application_credential_secret, ) self.nova = NovaClient(session=auth) From f0ecce9e9e2f378f936b824e5f194bd644833012 Mon Sep 17 00:00:00 2001 From: Manuel Giffels Date: Mon, 7 Mar 2022 09:24:04 +0100 Subject: [PATCH 2/5] Make flake8 happy again --- tardis/adapters/sites/openstack.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tardis/adapters/sites/openstack.py b/tardis/adapters/sites/openstack.py index 6684f22d..bd2d49cb 100644 --- a/tardis/adapters/sites/openstack.py +++ b/tardis/adapters/sites/openstack.py @@ -38,7 +38,7 @@ def __init__(self, machine_type: str, site_name: str): user_domain_name=self.configuration.user_domain_name, project_domain_name=self.configuration.project_domain_name, application_credential_id=self.configuration.application_credential_id, - application_credential_secret=self.configuration.application_credential_secret, + application_credential_secret=self.configuration.application_credential_secret, # noqa B950 ) self.nova = NovaClient(session=auth) From 986f8a2fdf2f55951fc2f87914124ced86748eef Mon Sep 17 00:00:00 2001 From: Manuel Giffels Date: Fri, 24 Jun 2022 10:59:58 +0200 Subject: [PATCH 3/5] Use upstream support for application_credentials --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index ade13e20..e68d282f 100644 --- a/setup.py +++ b/setup.py @@ -84,7 +84,7 @@ def get_cryptography_version(): get_cryptography_version(), "CloudStackAIO>=0.0.8", "PyYAML", - "git+https://github.com/giffels/AsyncOpenStackClient@feature/support_application_credentials", # noqa B950 + "AsyncOpenStackClient>=0.9.0", "cobald>=0.12.3", "asyncssh", "aiotelegraf", From f97e220c408a382489fd82cbce262f5d79fa169d Mon Sep 17 00:00:00 2001 From: Manuel Giffels Date: Tue, 10 Jan 2023 17:50:54 +0100 Subject: [PATCH 4/5] Add documentation for application credential support --- docs/source/adapters/site.rst | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/docs/source/adapters/site.rst b/docs/source/adapters/site.rst index e6adf157..92f30e9e 100644 --- a/docs/source/adapters/site.rst +++ b/docs/source/adapters/site.rst @@ -447,19 +447,28 @@ Available adapter configuration options .. content-tabs:: left-col - +---------------------+---------------------------------------------------------------------+-----------------+ - | Option | Short Description | Requirement | - +=====================+=====================================================================+=================+ - | auth_url | The end point of the OpenStack API to contact. | **Required** | - +---------------------+---------------------------------------------------------------------+-----------------+ - | username | Your OpenStack API username to authenticate yourself. | **Required** | - +---------------------+---------------------------------------------------------------------+-----------------+ - | password | Your OpenStack API password to authenticate yourself. | **Required** | - +---------------------+---------------------------------------------------------------------+-----------------+ - | user_domain_name | The name of the OpenStack user domain. | **Required** | - +---------------------+---------------------------------------------------------------------+-----------------+ - | project_domain_name | The name of the OpenStack project domain. | **Required** | - +---------------------+---------------------------------------------------------------------+-----------------+ + +-------------------------------+---------------------------------------------------------------------+-----------------+ + | Option | Short Description | Requirement | + +===============================+=====================================================================+=================+ + | auth_url | The end point of the OpenStack API to contact. | **Required** | + +-------------------------------+---------------------------------------------------------------------+-----------------+ + | username | Your OpenStack API username to authenticate yourself. | **Optional** | + +-------------------------------+---------------------------------------------------------------------+-----------------+ + | password | Your OpenStack API password to authenticate yourself. | **Optional** | + +-------------------------------+---------------------------------------------------------------------+-----------------+ + | user_domain_name | The name of the OpenStack user domain. | **Optional** | + +-------------------------------+---------------------------------------------------------------------+-----------------+ + | project_domain_name | The name of the OpenStack project domain. | **Optional** | + +-------------------------------+---------------------------------------------------------------------+-----------------+ + | application_credential_id | Your application credential ID to authenticate yourself. | **Optional** | + +-------------------------------+---------------------------------------------------------------------+-----------------+ + | application_credential_secret | Your application credential secret to authenticate yourself. | **Optional** | + +-------------------------------+---------------------------------------------------------------------+-----------------+ + + .. note:: + Either ``username``, ``password`` , ``user_domain_name`` and ``project_domain_name`` or + ``application_credential_id`` and ``application_credential_secret`` are mandatory to authenticate against the + OpenStack endpoint. All configuration entries in the `MachineTypeConfiguration` section of the machine types are directly added as keyword arguments to the OpenStack API `create-server` call. All available options are From 8dc97c3158ac3d0a6cfeaaed5ede45916e854e7c Mon Sep 17 00:00:00 2001 From: Manuel Giffels Date: Tue, 10 Jan 2023 17:59:08 +0100 Subject: [PATCH 5/5] Added support for application credentials to changelog --- docs/source/changelog.rst | 1 + .../274.add_openstack_application_cred_support.yaml | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 docs/source/changes/274.add_openstack_application_cred_support.yaml diff --git a/docs/source/changelog.rst b/docs/source/changelog.rst index 84790780..0aa083aa 100644 --- a/docs/source/changelog.rst +++ b/docs/source/changelog.rst @@ -15,6 +15,7 @@ Added * Introduce a TARDIS REST API to query the state of resources from SqlRegistry * Added support for manual draining of drones using the REST API * Add support for passing environment variables as executable arguments to support HTCondor grid universe +* Added support for application credentials of the OpenStack site adapter * Added a new site adapter to use Lancium compute as resource provider Changed diff --git a/docs/source/changes/274.add_openstack_application_cred_support.yaml b/docs/source/changes/274.add_openstack_application_cred_support.yaml new file mode 100644 index 00000000..94861a71 --- /dev/null +++ b/docs/source/changes/274.add_openstack_application_cred_support.yaml @@ -0,0 +1,9 @@ +category: added +summary: "Added support for application credentials of the OpenStack site adapter" +description: | + Newer versions of OpenStack support the creation of application credentials for specific projects. So, the pair of + application_credential_id and application_credential_secret is only valid of a specific project. The OpenStack site + adapter now fully supports the utilization of application credentials to authenticate against the OpenStack API + endpoint. +pull requests: +- 274