Skip to content

Enable access to Openstack via application credentials #277

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 20, 2023
Merged

Enable access to Openstack via application credentials #277

merged 3 commits into from
Apr 20, 2023

Conversation

holgerkoser
Copy link
Member

@holgerkoser holgerkoser commented Apr 18, 2023
edited
Loading

What this PR does / why we need it:
Secrets in Openstack can also be created using application credentials.
However the command gardenctl provider-env ... does not generate the necessary env variables.
There must be the following env variables available to get access to Openstack via application credentials:

export OS_AUTH_URL=https://keystone.server/identity/v3
export OS_PROJECT_DOMAIN_NAME=domain
export OS_USER_DOMAIN_NAME=domain
export OS_REGION_NAME=europe
export OS_AUTH_STRATEGY=""
export OS_TENANT_NAME=""
export OS_USERNAME=""
export OS_PASSWORD=""
export OS_AUTH_TYPE=v3applicationcredential
export OS_APPLICATION_CREDENTIAL_ID=6cb5fa6a13184e6fab65ba2108adf50c
export OS_APPLICATION_CREDENTIAL_NAME=glance_cred
export OS_APPLICATION_CREDENTIAL_SECRET=glance_secret

The varaibles OS_AUTH_STRATEGY and OS_TENANT_NAME must be unset or initial. Documentation can be found here https://docs.openstack.org/keystone/latest/user/application_credentials.html.

Which issue(s) this PR fixes:
Fixes #276

Special notes for your reviewer:

Release note:

The command `gardenctl provider-env ...` now also supports openstack infrastructure secrets with application credentials

@holgerkoser holgerkoser requested a review from a team as a code owner April 18, 2023 15:09
@gardener-robot gardener-robot added the needs/review Needs review label Apr 18, 2023
@holgerkoser holgerkoser marked this pull request as draft April 18, 2023 15:10
@gardener-robot gardener-robot added the size/s Size of pull request is small (see gardener-robot robot/bots/size.py) label Apr 18, 2023
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Apr 18, 2023
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Apr 19, 2023
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 19, 2023
@holgerkoser holgerkoser marked this pull request as ready for review April 19, 2023 09:36
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 19, 2023
petersutter
petersutter approved these changes Apr 19, 2023
View reviewed changes
Copy link
Member

@petersutter petersutter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review labels Apr 19, 2023
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Apr 19, 2023
@holgerkoser holgerkoser merged commit fac6bb0 into master Apr 20, 2023
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Apr 20, 2023
@holgerkoser holgerkoser deleted the enh/fix-276 branch April 20, 2023 08:11
tedteng pushed a commit to tedteng/gardenctl-v2 that referenced this pull request Apr 25, 2023
@holgerkoser @tedteng
Enable access to Openstack via application credentials (gardener#277)
52330b0 
* Add OS_APPLICATION_CREDENTIAL_xxx environment variables to template

* always set all env vars

* linting
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@petersutter petersutter petersutter approved these changes

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) size/s Size of pull request is small (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enable access to Openstack via application credentials
6 participants
@holgerkoser @petersutter @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3 @gardener-robot