11

I am looking into the python shade module in order to automate some tasks using our OpenStack installation.

This page instructs:

Create a configuration file to store your user name, password, project_name in ~/.config/openstack/clouds.yml.

I had a close look; but I couldn't find any information how to provide credentials in a different way; for example as parameters to some objects that I could create within python code.

Long story short: is that even possible? Or does this requirement immediately force me "off shade"; and to use the OpenStack python sdk instead?

GhostCat
  • 137,827
  • 25
  • 176
  • 248

2 Answers2

4

I am not a python expert, but after some searching how "other" openclient modules do it; maybe the following could work (example code from your link; just a bit of enhancement):

from shade import *

auth_data = {
# URL to the Keystone API endpoint.
  'auth_url': 'url',
# User credentials.
'user_domain_name': ...
}

to later do this:

cloud = openstack_cloud(cloud='your-cloud', **auth_data)
Tom Bulgur
  • 176
  • 1
  • 7
0

From what I understand this puts whatever keys, passwords or security sensitive files in a your yml file that we use with Travis.yml and that stays in the local directory and gets added to the git ignore.

That being said this was using python and twitter api function, I'm pretty sure it uses or references a program called tweepy.

It was very helpful for us and sounded like it might be close for you.

Let me know if this helps.

with open("secrets.yml") as f:
    content = f.read()
# from secrets.yml import CONSUMER_KEY, CONSUMER_SECRET, ACCESS_TOKEN, ACCESS_SECRET
secret = yaml.load(content)
##################################################################################################
# authorize tweepy with CONSUMER_KEY and CONSUMER_SECRET
auth = tweepy.OAuthHandler(secret["CONSUMER_KEY"], secret["CONSUMER_SECRET"])
auth.secure = True
# read in ACCESS_TOKEN and ACCESS_SECRET variables to tweepy
auth.set_access_token(secret["ACCESS_TOKEN"], secret["ACCESS_SECRET"])
Seattle Python Noobie
  • 51
  • 9
  • I will check it out. But please delete your other answer - as it is not an answer, but a comment! – GhostCat Feb 22 '17 at 18:17
  • And then; I am not so sure what your point is here: A) I actually want to use "as less of file input as possible B) What type does `auth` have in your example; and how would that relate to the python `shades` library?! – GhostCat Feb 22 '17 at 18:19
  • The shades library doesn't have anything to do with tweepy, they are both python and work together. Using "as less of file input as possible" is good. Is there a specific reason you need to cut down your code so much? With my code I need to get a prototype up and running as fast as possible so we bend and tweak code to get it working rather than make perfect code. tweedy took 5 min. – Seattle Python Noobie Feb 22 '17 at 18:27
  • My problem is: we want to automate the creation / configuration of virtual machines using a jenkins job; which will be used by many users. So I really don't want build jobs that store passwords in some "well known" file on the hard drive in plain text. And well, my question is specifically about shades - I need a solution for that thing; and not for another tool?! – GhostCat Feb 22 '17 at 18:31
  • Ok, hmmm. 1 You could save the file in a folder that can be sent to the virtual machine with jenkins. I was referring that using YML files in a separate folder for passwords is fairly normal so its a known secure option for us. You probably don't need to use tweepy. just save the files in a YML. Openstack just shows that there is a way for password for the user so it may not be built-in. https://docs.openstack.org/infra/shade/usage.html Best of luck. – Seattle Python Noobie Feb 22 '17 at 18:41