Launchpad Mojo Specs

Merge ~cjwatson/launchpad-mojo-specs:custom-secgroups-ps5 into launchpad-mojo-specs:master

  1. Git
  2. lp:~cjwatson/launchpad-mojo-specs
  3. custom-secgroups-ps5
  4. Merge into master
Proposed by Colin Watson
Status: Merged
Merged at revision: 48248919958d42be01b2aefcde99a0c8cb2de5e7
Proposed branch: ~cjwatson/launchpad-mojo-specs:custom-secgroups-ps5
Merge into: launchpad-mojo-specs:master
Prerequisite: ~cjwatson/launchpad-mojo-specs:custom-secgroups-application-types
Diff against target: 135 lines (+70/-29)
1 file modified
utils/custom-secgroups.py (+70/-29)
Reviewer Review Type Date Requested Status
Cristian Gonzalez (community) Approve
Review via email: mp+404385@code.launchpad.net

Commit message

custom-secgroups: Handle keystone v3 and refactor get_instance_secgroups

Description of the change

Imported from https://code.launchpad.net/~sajoupa/canonical-mojo-specs/custom-secgroups-ps5-readable/+merge/403810 and https://code.launchpad.net/~alejdg/canonical-mojo-specs/custom-secgroups/+merge/404351, but I arranged to have a single script rather than separate ps45/ps5 copies of it.

To post a comment you must log in.
Revision history for this message
Cristian Gonzalez (cristiangsp) wrote :

Looks good!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/utils/custom-secgroups.py b/utils/custom-secgroups.py
2index a838e60..69bc134 100755
3--- a/utils/custom-secgroups.py
4+++ b/utils/custom-secgroups.py
5@@ -178,37 +178,70 @@ def add_rule(neutron, secgroup, rule):
6 body={"security_group_rule": neutron_rule})
7
8
9-def get_nova_client():
10- from novaclient import client as novaclient
11+_openstack_session = None
12+
13+
14+def get_os_session():
15+ from keystoneauth1 import loading, session
16+
17+ global _openstack_session
18+ if _openstack_session is not None:
19+ return _openstack_session
20
21 if "OS_PROJECT_NAME" in os.environ:
22 project_name = os.environ["OS_PROJECT_NAME"]
23 else:
24 project_name = os.environ["OS_TENANT_NAME"]
25- auth = {
26- "username": os.environ["OS_USERNAME"],
27- "api_key": os.environ["OS_PASSWORD"],
28- "auth_url": os.environ["OS_AUTH_URL"],
29- "project_id": project_name,
30- "region_name": os.environ["OS_REGION_NAME"],
31- }
32+ loader = loading.get_plugin_loader('password')
33+ auth = loader.load_from_options(
34+ username=os.environ["OS_USERNAME"],
35+ password=os.environ["OS_PASSWORD"],
36+ auth_url=os.environ["OS_AUTH_URL"],
37+ project_name=project_name,
38+ project_domain_name=os.environ["OS_PROJECT_DOMAIN_NAME"],
39+ user_domain_name=os.environ["OS_USER_DOMAIN_NAME"],
40+ )
41+ _openstack_session = session.Session(auth=auth)
42+ return _openstack_session
43+
44+
45+def get_nova_client():
46+ from novaclient import client as novaclient
47+
48+ if os.environ.get("OS_IDENTITY_API_VERSION") == "3":
49+ auth = {"session": get_os_session()}
50+ else:
51+ if "OS_PROJECT_NAME" in os.environ:
52+ project_name = os.environ["OS_PROJECT_NAME"]
53+ else:
54+ project_name = os.environ["OS_TENANT_NAME"]
55+ auth = {
56+ "username": os.environ["OS_USERNAME"],
57+ "api_key": os.environ["OS_PASSWORD"],
58+ "auth_url": os.environ["OS_AUTH_URL"],
59+ "project_id": project_name,
60+ "region_name": os.environ["OS_REGION_NAME"],
61+ }
62 return novaclient.Client("2", **auth)
63
64
65 def get_neutron_client():
66 from neutronclient.v2_0 import client as neutronclient
67
68- if "OS_PROJECT_NAME" in os.environ:
69- project_name = os.environ["OS_PROJECT_NAME"]
70+ if os.environ.get("OS_IDENTITY_API_VERSION") == "3":
71+ auth = {"session": get_os_session()}
72 else:
73- project_name = os.environ["OS_TENANT_NAME"]
74- auth = {
75- "username": os.environ["OS_USERNAME"],
76- "password": os.environ["OS_PASSWORD"],
77- "auth_url": os.environ["OS_AUTH_URL"],
78- "tenant_name": project_name,
79- "region_name": os.environ["OS_REGION_NAME"],
80- }
81+ if "OS_PROJECT_NAME" in os.environ:
82+ project_name = os.environ["OS_PROJECT_NAME"]
83+ else:
84+ project_name = os.environ["OS_TENANT_NAME"]
85+ auth = {
86+ "username": os.environ["OS_USERNAME"],
87+ "password": os.environ["OS_PASSWORD"],
88+ "auth_url": os.environ["OS_AUTH_URL"],
89+ "tenant_name": project_name,
90+ "region_name": os.environ["OS_REGION_NAME"],
91+ }
92 return neutronclient.Client(**auth)
93
94
95@@ -433,6 +466,23 @@ def get_config(args):
96 return config
97
98
99+def get_instance_secgroups(config, juju_status):
100+ """For each machine, list its needed secgroups. """
101+ instance_secgroups = collections.defaultdict(set)
102+ for app in juju_status['applications']:
103+ properties = config['applications'].get(app)
104+ if properties is not None:
105+ if properties.get("type", "neutron") != "neutron":
106+ continue
107+ for _, machine in find_machines_for_service(juju_status, app):
108+ instance_secgroups[machine["instance-id"]].update(
109+ properties["rules"])
110+ for _, machine in find_machines_for_service(juju_status, app):
111+ instance_secgroups[machine["instance-id"]].update(
112+ config["all-units"])
113+ return instance_secgroups
114+
115+
116 def main():
117 parser = argparse.ArgumentParser(
118 description="Manage custom security groups on a Juju model.")
119@@ -466,16 +516,7 @@ def main():
120
121 if any(properties.get("type", "neutron") == "neutron"
122 for properties in config["applications"].values()):
123- instance_secgroups = collections.defaultdict(set)
124- for service, properties in config["applications"].items():
125- if properties.get("type", "neutron") == "neutron":
126- for _, machine in find_machines_for_service(
127- juju_status, service):
128- instance_secgroups[machine["instance-id"]].update(
129- properties["rules"])
130- instance_secgroups[machine["instance-id"]].update(
131- config["all-units"])
132-
133+ instance_secgroups = get_instance_secgroups(config, juju_status)
134 configure_secgroup_rules(args, config["rules"])
135 configure_instance_secgroups(args, instance_secgroups)
136

Subscribers

People subscribed via source and target branches