openstack/charm-interface-keystone
Code Issues Proposed changes
charm-interface-keystone/requires.py
Frode Nordahl 0ec113afb7 Add support for passing optional `requested_roles` attribute 
When passing ``requested_roles`` down the ``identity-service``
relation the Keystone charm will create the listed roles for you.

Useful for charm authors implementing charms with specific role
requirements.

Change-Id: I7c1eedb1e78ffc53ac3e0df81f6b52358dd8dfa5
Closes-Bug: #1813602
2019-01-28 16:43:11 +01:00

161 lines
5.8 KiB
Python
Raw Blame History

#!/usr/bin/python
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import base64
from charms.reactive import RelationBase
from charms.reactive import hook
from charms.reactive import scopes
class KeystoneRequires(RelationBase):
scope = scopes.GLOBAL
# These remote data fields will be automatically mapped to accessors
# with a basic documentation string provided.
auto_accessors = ['private-address', 'service_host', 'service_protocol',
'service_port', 'service_tenant', 'service_username',
'service_password', 'service_tenant_id', 'auth_host',
'auth_protocol', 'auth_port', 'admin_token', 'ssl_key',
'ca_cert', 'ssl_cert', 'https_keystone',
'ssl_cert_admin', 'ssl_cert_internal',
'ssl_cert_public', 'ssl_key_admin', 'ssl_key_internal',
'ssl_key_public', 'api_version', 'service_domain']
@hook('{requires:keystone}-relation-joined')
def joined(self):
self.set_state('{relation_name}.connected')
self.update_state()
def update_state(self):
if self.base_data_complete():
self.set_state('{relation_name}.available')
if self.ssl_data_complete():
self.set_state('{relation_name}.available.ssl')
else:
self.remove_state('{relation_name}.available.ssl')
if self.ssl_data_complete_legacy():
self.set_state('{relation_name}.available.ssl_legacy')
else:
self.remove_state('{relation_name}.available.ssl_legacy')
if self.auth_data_complete():
self.set_state('{relation_name}.available.auth')
else:
self.remove_state('{relation_name}.available.auth')
else:
self.remove_state('{relation_name}.available')
self.remove_state('{relation_name}.available.ssl')
self.remove_state('{relation_name}.available.ssl_legacy')
self.remove_state('{relation_name}.available.auth')
@hook('{requires:keystone}-relation-changed')
def changed(self):
self.update_state()
@hook('{requires:keystone}-relation-{broken,departed}')
def departed(self):
self.update_state()
def base_data_complete(self):
data = {
'private-address': self.private_address(),
'service_host': self.service_host(),
'service_protocol': self.service_protocol(),
'service_port': self.service_port(),
'auth_host': self.auth_host(),
'auth_protocol': self.auth_protocol(),
'auth_port': self.auth_port(),
}
if all(data.values()):
return True
return False
def auth_data_complete(self):
data = {
'service_tenant': self.service_tenant(),
'service_username': self.service_username(),
'service_password': self.service_password(),
'service_tenant_id': self.service_tenant_id(),
}
if all(data.values()):
return True
return False
def ssl_data_complete(self):
data = {
'ssl_cert_admin': self.ssl_cert_admin(),
'ssl_cert_internal': self.ssl_cert_internal(),
'ssl_cert_public': self.ssl_cert_public(),
'ssl_key_admin': self.ssl_key_admin(),
'ssl_key_internal': self.ssl_key_internal(),
'ssl_key_public': self.ssl_key_public(),
'ca_cert': self.ca_cert(),
}
for value in data.values():
if not value or value == '__null__':
return False
return True
def ssl_data_complete_legacy(self):
data = {
'ssl_key': self.ssl_key(),
'ssl_cert': self.ssl_cert(),
'ca_cert': self.ca_cert(),
}
for value in data.values():
if not value or value == '__null__':
return False
return True
def register_endpoints(self, service, region, public_url, internal_url,
admin_url, requested_roles=None):
"""
Register this service with keystone
"""
relation_info = {
'service': service,
'public_url': public_url,
'internal_url': internal_url,
'admin_url': admin_url,
'region': region,
}
if requested_roles:
relation_info.update(
{'requested_roles': ','.join(requested_roles)})
self.set_local(**relation_info)
self.set_remote(**relation_info)
def request_keystone_endpoint_information(self):
self.register_endpoints('None', 'None', 'None', 'None', 'None')
def get_ssl_key(self, cn=None):
relation_key = 'ssl_key_{}'.format(cn) if cn else 'ssl_key'
key = self.get_remote(relation_key)
if key:
key = base64.b64decode(key).decode('utf-8')
return key
def get_ssl_cert(self, cn=None):
relation_key = 'ssl_cert_{}'.format(cn) if cn else 'ssl_cert'
cert = self.get_remote(relation_key)
if cert:
cert = base64.b64decode(cert).decode('utf-8')
return cert
def get_ssl_ca(self, cn=None):
ca = None
if self.ca_cert():
ca = base64.b64decode(self.ca_cert()).decode('utf-8')
return ca
View Git Blame Copy Permalink