Authdriver #236
Merged
Authdriver #236
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
samvarankashyap
force-pushed
the
authdriver_v2
branch
from
0d659ec
to
9f0e26c
Compare
herlo
suggested changes
May 22, 2017
linchpin/__init__.py
Outdated
| @@ -60,12 +60,15 @@ def get_command(self, ctx, name): | |||
| @click.option('-w', '--workspace', type=click.Path(), envvar='WORKSPACE', | |||
| help='Use the specified workspace if the familiar Jenkins $WORKSPACE environment variable ' | |||
| 'is not set') | |||
| @click.option('-c', '--creds', type=click.Path(), envvar='LP_CREDS', | |||
There was a problem hiding this comment.
the -c option is already used for config. Just use --creds-path option here.
linchpin/__init__.py
Outdated
| @click.option('-v', '--verbose', is_flag=True, default=False, | ||
| help='Enable verbose output') | ||
| @click.option('--version', is_flag=True, | ||
| help='Prints the version and exits') | ||
| @pass_context | ||
| def runcli(ctx, config, workspace, verbose, version): | ||
| def runcli(ctx, config, workspace, creds, verbose, version): |
There was a problem hiding this comment.
When adding new args, please add them at the end as a keyword argument. This is especially important for api functionality. In this case, it's unlikely to be a kwarg, but creds_path should be at the end.
linchpin/linchpin.conf
Outdated
| @@ -36,6 +36,7 @@ schemas_folder = schemas | |||
|
|
|||
| resources_folder = resources | |||
| inventories_folder = inventories | |||
| credentials_folder = credentials | |||
There was a problem hiding this comment.
Is this necessary? I don't see where it's currently used.
…ll string Current built in default jinja filter helps the user to omit/provide default to keys in the ansible module. However , it doesnt provide a way for user to conditionally provide a default value to ie., based on the value provided by the output of previous filter . In order to facilitate the same provide_default filter is being written.
auth_driver module fetches and parses file returns to credentials in auth_var variable making creds accessible inside ansible playbooks.
…it as evar to run_cli
samvarankashyap
force-pushed
the
authdriver_v2
branch
from
9f0e26c
to
b5e1291
Compare
|
PR is broken after rebase, will be fixing it soon . |
samvarankashyap
force-pushed
the
authdriver_v2
branch
from
6e72cad
to
9679c50
Compare
|
linchpin up on openstack linchpin destroy on openstack |
herlo
reviewed
May 22, 2017
linchpin/api/__init__.py
Outdated
| @@ -188,6 +188,8 @@ def run_playbook(self, pinfile, targets='all', playbook='up'): | |||
| if self.ctx.cfgs.get('ansible'): | |||
| ansible_console = ast.literal_eval(self.ctx.cfgs['ansible'].get('console', 'False')) | |||
|
|
|||
| self.ctx.evars['creds_path'] = self.ctx.creds_path | |||
There was a problem hiding this comment.
Use self.set_evar here. Failed CI due to the value not being there. set_evar makes sure to create the structure for you if it isn't there.
herlo
reviewed
May 22, 2017
linchpin/api/__init__.py
Outdated
| @@ -188,7 +188,7 @@ def run_playbook(self, pinfile, targets='all', playbook='up'): | |||
| if self.ctx.cfgs.get('ansible'): | |||
| ansible_console = ast.literal_eval(self.ctx.cfgs['ansible'].get('console', 'False')) | |||
|
|
|||
| self.ctx.evars['creds_path'] = self.ctx.creds_path | |||
| self.set_evar('creds_path', self.ctx.creds_path) | |||
There was a problem hiding this comment.
This does not help. self.ctx.creds_path is being set into the same place. Why is this necessary?
samvarankashyap
force-pushed
the
authdriver_v2
branch
from
d62a6f4
to
afa01b3
Compare
The auth_var is now used across all the playbooks to refer the aws_access_id and aws_secret_key
samvarankashyap
force-pushed
the
authdriver_v2
branch
from
afa01b3
to
80655fb
Compare
…ssible to unset a var in ansible
samvarankashyap
force-pushed
the
authdriver_v2
branch
from
97e9309
to
e9cffcf
Compare
samvarankashyap
force-pushed
the
authdriver_v2
branch
from
4867d2f
to
ee7fd2f
Compare
|
linchpin up aws # with env vars linchpin destroy aws |
|
linchpin up aws # with --creds-path linchpin destroy # with --creds-path |
|
linchpin up gcloud # with creds-path linchpin destroy gcloud # with creds-path |
|
Note: All the above tests are performed on schema_v4 topologies. As credentials attribute is introduced in schema_v4 only . |
|
What is the likelihood of removing schema_v3 with this update? Probably shouldn't be maintaining two schemas as that's not a viable option. |
|
@herlo I also feel we should be using schema_v4 only for auth_driver because it makes no sense in supporting both the schemas from 1.0 release. However , the only consequence is to update all the examples and documentation for openstack , gcloud and aws topologies. |
|
@samvarankashyap since we agree on this point, please create an issue to remove schema_v3 as part of a 1.1.0 release moving forward. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
Designed according to PR #76 discussion
Updated schema v4
Updated playbooks
example topology :
--- topology_name: "ex_os_server" resource_groups: - resource_group_name: "testgroup1" res_group_type: "openstack" res_defs: - res_name: "sktestinstance" flavor: "m1.small" res_type: "os_server" image: "rhel-6.5_jeos" count: 3 keypair: "ci-factory" networks: - "atomic-e2e-jenkins-test" - "atomic-e2e-jenkins-test2" fip_pool: "10.8.172.0/22" credentials: name: "atomic_jenkins" profile: "default" # optional if not mentioned it defaults to default auth_type: "file" # optional defaults to "file" no other implementations yet resource_group_vars: - resource_group_name : "testgroup1" test_var1: "test_var1 msg is grp1 hello " test_var2: "test_var2 msg is grp1 hello " test_var3: "test_var3 msg is grp1 hello "cli usage:
or
Issue fixes:
fixes #76
Note:
** should be merged after #218 **
** Needs Rebase **
** Needs testing (for gcloud) **