78 lines
2.5 KiB
Python
78 lines
2.5 KiB
Python
# Copyright 2020 VEXXHOST, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
"""Application Credential Operator
|
|
|
|
This operator helps manage the creation and removal of application
|
|
credential inside Keystone using custom resources.
|
|
"""
|
|
|
|
import kopf
|
|
from openstack_operator import utils
|
|
|
|
|
|
def _get_admin_user_id():
|
|
"""Get admin user id"""
|
|
|
|
conn = utils.get_openstack_connection()
|
|
user_name = conn.config.auth["username"]
|
|
domain_id = conn.config.auth["user_domain_id"]
|
|
user = conn.get_user(name_or_id=user_name, domain_id=domain_id)
|
|
return user.id
|
|
|
|
|
|
@kopf.on.resume('identity.openstack.org', 'v1alpha1', 'applicationcredentials')
|
|
@kopf.on.create('identity.openstack.org', 'v1alpha1', 'applicationcredentials')
|
|
def create_or_resume(name, **_):
|
|
"""Create or resume controller
|
|
|
|
This function runs when a new resource is created or when the
|
|
controller is first started. It creates or updates the appropriate
|
|
applicationcredential."""
|
|
|
|
identity = utils.get_openstack_connection().identity
|
|
|
|
user = _get_admin_user_id()
|
|
credential = \
|
|
identity.find_application_credential(user=user, name_or_id=name)
|
|
|
|
if credential is None:
|
|
credential = \
|
|
identity.create_application_credential(user=user, name=name)
|
|
utils.create_or_update(
|
|
'identity/secret-applicationcredential.yml.j2',
|
|
name=name, secret=credential.secret,
|
|
id=credential.id, adopt=True)
|
|
|
|
|
|
@kopf.on.delete('identity.openstack.org', 'v1alpha1', 'applicationcredentials')
|
|
def delete(name, **_):
|
|
"""Delete an endpoint
|
|
|
|
This function runs when the applicationcredential CR is deleted and
|
|
removes the record from Keystone.
|
|
"""
|
|
|
|
identity = utils.get_openstack_connection().identity
|
|
|
|
user = _get_admin_user_id()
|
|
credential = \
|
|
identity.find_application_credential(user=user, name_or_id=name)
|
|
|
|
if credential is None:
|
|
return
|
|
|
|
identity.delete_application_credential(user=user,
|
|
application_credential=name)
|