valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-08 09:23:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add support for reading salt-cloud provider password from keyring

Browse Source
This commit is contained in:
Marek Skrobacki 2014-04-25 13:04:43 +01:00
parent ef7fb71082
commit fe5ef198d8
3 changed files with 37 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
requirements.txt
View File

@ -7,3 +7,4 @@ pyzmq >= 2.2.0
MarkupSafe MarkupSafe
apache-libcloud >= 0.14.0 apache-libcloud >= 0.14.0
requests requests
keyring

37
salt/cloud/clouds/openstack.py
View File

@ -73,6 +73,12 @@ Either a password or an API key must also be specified:
# The OpenStack API key # The OpenStack API key
apikey: 901d3f579h23c8v73q9 apikey: 901d3f579h23c8v73q9
Optionally, if you don't want to save plain-text password in your configuration file, you can use keyring:
.. code-block:: yaml
my-openstack-keyring-config:
# The OpenStack password is stored in keyring
password: USE_KEYRING
For local installations that only use private IP address ranges, the For local installations that only use private IP address ranges, the
following option may be useful. Using the old syntax: following option may be useful. Using the old syntax:
@ -236,27 +242,42 @@ def get_conn():
import libcloud.security import libcloud.security
libcloud.security.VERIFY_SSL_CERT = False libcloud.security.VERIFY_SSL_CERT = False
user = config.get_cloud_config_value(
'user', vm_, __opts__, search_global=False
)
password = config.get_cloud_config_value( password = config.get_cloud_config_value(
'password', vm_, __opts__, search_global=False 'password', vm_, __opts__, search_global=False
) )
if password is not None: if password is not None:
authinfo['ex_force_auth_version'] = '2.0_password' authinfo['ex_force_auth_version'] = '2.0_password'
log.debug('OpenStack authenticating using password') log.debug('OpenStack authenticating using password')
if password == 'USE_KEYRING':
# retrieve password from system keyring
credential_id = "salt.cloud.provider.%s" % __active_provider_name__
logging.debug("Retrieving keyring password for %s (%s)" %
(credential_id, user)
)
actual_password = salt.utils.cloud.retrieve_password_from_keyring(
credential_id,
user)
if actual_password is None:
raise RuntimeError(
"Unable to retrieve password from keyring for provider %s" %
__active_provider_name__
)
else:
actual_password = password
return driver( return driver(
config.get_cloud_config_value( user,
'user', vm_, __opts__, search_global=False actual_password,
),
password,
**authinfo **authinfo
) )
authinfo['ex_force_auth_version'] = '2.0_apikey' authinfo['ex_force_auth_version'] = '2.0_apikey'
log.debug('OpenStack authenticating using apikey') log.debug('OpenStack authenticating using apikey')
return driver( return driver(
config.get_cloud_config_value('user', user,
vm_,
__opts__,
search_global=False),
config.get_cloud_config_value('apikey', vm_, __opts__, config.get_cloud_config_value('apikey', vm_, __opts__,
search_global=False), **authinfo) search_global=False), **authinfo)

7
salt/utils/cloud.py
View File

@ -19,6 +19,7 @@ import json
import traceback import traceback
import copy import copy
import re import re
import keyring
# Let's import pwd and catch the ImportError. We'll raise it if this is not # Let's import pwd and catch the ImportError. We'll raise it if this is not
# Windows # Windows
@ -2037,3 +2038,9 @@ def _salt_cloud_force_ascii(exc):
raise exc raise exc
codecs.register_error('salt-cloud-force-ascii', _salt_cloud_force_ascii) codecs.register_error('salt-cloud-force-ascii', _salt_cloud_force_ascii)
def retrieve_password_from_keyring(credential_id, username):
'''
Retrieve particular user's password for a specified credential set from system keyring.
'''
return keyring.get_password(credential_id, username)