Files
openstack-operator/openstack_operator/openstack/identity/applicationcredential.py
okozachenko f3f6f19c4e Add applicationcredentials CR
Change-Id: I4316bdd0ecb0d083ad0023bc8ad634773b0b7acf
2020-08-13 18:39:35 +03:00

78 lines
2.5 KiB
Python

# Copyright 2020 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Application Credential Operator
This operator helps manage the creation and removal of application
credential inside Keystone using custom resources.
"""
import kopf
from openstack_operator import utils
def _get_admin_user_id():
"""Get admin user id"""
conn = utils.get_openstack_connection()
user_name = conn.config.auth["username"]
domain_id = conn.config.auth["user_domain_id"]
user = conn.get_user(name_or_id=user_name, domain_id=domain_id)
return user.id
@kopf.on.resume('identity.openstack.org', 'v1alpha1', 'applicationcredentials')
@kopf.on.create('identity.openstack.org', 'v1alpha1', 'applicationcredentials')
def create_or_resume(name, **_):
"""Create or resume controller
This function runs when a new resource is created or when the
controller is first started. It creates or updates the appropriate
applicationcredential."""
identity = utils.get_openstack_connection().identity
user = _get_admin_user_id()
credential = \
identity.find_application_credential(user=user, name_or_id=name)
if credential is None:
credential = \
identity.create_application_credential(user=user, name=name)
utils.create_or_update(
'identity/secret-applicationcredential.yml.j2',
name=name, secret=credential.secret,
id=credential.id, adopt=True)
@kopf.on.delete('identity.openstack.org', 'v1alpha1', 'applicationcredentials')
def delete(name, **_):
"""Delete an endpoint
This function runs when the applicationcredential CR is deleted and
removes the record from Keystone.
"""
identity = utils.get_openstack_connection().identity
user = _get_admin_user_id()
credential = \
identity.find_application_credential(user=user, name_or_id=name)
if credential is None:
return
identity.delete_application_credential(user=user,
application_credential=name)