Login/Register
Authentication only via config file?
Asked Answered
Solved pythonopenstackopenstack-shade
F

2

11

I am looking into the python shade module in order to automate some tasks using our OpenStack installation.

This page instructs:

Create a configuration file to store your user name, password, project_name in ~/.config/openstack/clouds.yml.

I had a close look; but I couldn't find any information how to provide credentials in a different way; for example as parameters to some objects that I could create within python code.

Long story short: is that even possible? Or does this requirement immediately force me "off shade"; and to use the OpenStack python sdk instead?

Filigreed answered 14/2, 2017 at 9:33 Comment(0)
D
4

I am not a python expert, but after some searching how "other" openclient modules do it; maybe the following could work (example code from your link; just a bit of enhancement):

from shade import *

auth_data = {
# URL to the Keystone API endpoint.
  'auth_url': 'url',
# User credentials.
'user_domain_name': ...
}

to later do this:

cloud = openstack_cloud(cloud='your-cloud', **auth_data)
Dominican answered 17/2, 2017 at 14:7 Comment(2)
Neat. I do not care too much about the reputation points, but for sure, I am not going to complain about it :-)Dominican
Still the best answer - so you got it!Filigreed
M
0

From what I understand this puts whatever keys, passwords or security sensitive files in a your yml file that we use with Travis.yml and that stays in the local directory and gets added to the git ignore.

That being said this was using python and twitter api function, I'm pretty sure it uses or references a program called tweepy.

It was very helpful for us and sounded like it might be close for you.

Let me know if this helps.

with open("secrets.yml") as f:
    content = f.read()
# from secrets.yml import CONSUMER_KEY, CONSUMER_SECRET, ACCESS_TOKEN, ACCESS_SECRET
secret = yaml.load(content)
##################################################################################################
# authorize tweepy with CONSUMER_KEY and CONSUMER_SECRET
auth = tweepy.OAuthHandler(secret["CONSUMER_KEY"], secret["CONSUMER_SECRET"])
auth.secure = True
# read in ACCESS_TOKEN and ACCESS_SECRET variables to tweepy
auth.set_access_token(secret["ACCESS_TOKEN"], secret["ACCESS_SECRET"])
Mae answered 22/2, 2017 at 18:3 Comment(5)
I will check it out. But please delete your other answer - as it is not an answer, but a comment!Filigreed
And then; I am not so sure what your point is here: A) I actually want to use "as less of file input as possible B) What type does auth have in your example; and how would that relate to the python shades library?!Filigreed
The shades library doesn't have anything to do with tweepy, they are both python and work together. Using "as less of file input as possible" is good. Is there a specific reason you need to cut down your code so much? With my code I need to get a prototype up and running as fast as possible so we bend and tweak code to get it working rather than make perfect code. tweedy took 5 min.Mae
My problem is: we want to automate the creation / configuration of virtual machines using a jenkins job; which will be used by many users. So I really don't want build jobs that store passwords in some "well known" file on the hard drive in plain text. And well, my question is specifically about shades - I need a solution for that thing; and not for another tool?!Filigreed
Ok, hmmm. 1 You could save the file in a folder that can be sent to the virtual machine with jenkins. I was referring that using YML files in a separate folder for passwords is fairly normal so its a known secure option for us. You probably don't need to use tweepy. just save the files in a YML. Openstack just shows that there is a way for password for the user so it may not be built-in. docs.openstack.org/infra/shade/usage.html Best of luck.Mae

© 2022 - 2024 — McMap. All rights reserved.