fence-agents icon indicating copy to clipboard operation
fence-agents copied to clipboard

Published 20 hours ago verified publisher icon ClusterLabs

fence_openstack: added --auth-plugin option to allow usage of app credentials instead of user credentials

Open s0urc3c0d3 opened this issue 2 years ago • 4 comments

This allows users to user Barbican to generate app creds and put them in the clouds.yml:

clouds:
  openstack:
    auth:
      auth_url: http://CLOUD_ENDPOINT:5000
      application_credential_id: "SOMEID"
      application_credential_secret: "SOMELARGESECRET"
    region_name: "RegionOne"
    interface: "public"
    identity_api_version: 3
    auth_type: "v3applicationcredential"

The app creds can have smaller perm from user and they can be easly generated by users instead of full cloud accounts

To user this feature user can run: $ fence_openstack --cloud openstack -n INSTANCEUUID -o list --auth_plugin v3applicationcredential

s0urc3c0d3 avatar Mar 17 '23 01:03 s0urc3c0d3

Can one of the admins verify this patch?

knet-ci-bot avatar Mar 17 '23 01:03 knet-ci-bot

You'll also have to run make xml-upload to update the metadata and attach it to the PR, so it doesnt fail CI when running make xml-check.

oalbrigt avatar Mar 17 '23 11:03 oalbrigt

ok thx for your time. I'm gonna fix the issues you pointed out and get back here :)

s0urc3c0d3 avatar Mar 20 '23 14:03 s0urc3c0d3

Can one of the admins check and authorise this run please: https://ci.kronosnet.org/job/fence-agents-pipeline/job/PR-533/1/input

knet-jenkins[bot] avatar Jun 12 '23 07:06 knet-jenkins[bot]