CentOS-PaaS-SIG · samvarankashyap · May 23, 2017 · May 12, 2017 · May 12, 2017 · May 12, 2017
diff --git a/linchpin/__init__.py b/linchpin/__init__.py
@@ -64,8 +64,11 @@ def get_command(self, ctx, name):
         help='Enable verbose output')
 @click.option('--version', is_flag=True,
         help='Prints the version and exits')
+@click.option('-cp', '--creds-path', type=click.Path(), envvar='LP_CREDS',
+        help='Use the specified credentials path if WORKSPACE environment variable '
+        'is not set')
 @pass_context
-def runcli(ctx, config, workspace, verbose, version):
+def runcli(ctx, config, workspace, verbose, version, creds_path):
     """linchpin: hybrid cloud orchestration"""
 
     ctx.verbose = verbose
@@ -80,8 +83,16 @@ def runcli(ctx, config, workspace, verbose, version):
 
     if workspace is not None:
         ctx.workspace = os.path.realpath(os.path.expanduser(workspace))
+    else:
+        ctx.workspace = os.getenv('PWD')
+
+    if creds_path is not None:
+        ctx.creds_path = os.path.realpath(os.path.expanduser(creds_path))
+    else:
+        ctx.creds_path = str(None)
 
     ctx.log_debug("ctx.workspace: {0}".format(ctx.workspace))
+    ctx.log_debug("ctx.creds_path: {0}".format(ctx.creds_path))
 
     ctx.pinfile = ctx.cfgs['init']['pinfile']
 

diff --git a/linchpin/api/__init__.py b/linchpin/api/__init__.py
@@ -188,6 +188,8 @@ def run_playbook(self, pinfile, targets='all', playbook='up'):
         if self.ctx.cfgs.get('ansible'):
             ansible_console = ast.literal_eval(self.ctx.cfgs['ansible'].get('console', 'False'))
 
+        self.set_evar('creds_path', self.ctx.creds_path)
+
         if not ansible_console:
             ansible_console = self.ctx.verbose
 

diff --git a/linchpin/api/context.py b/linchpin/api/context.py
@@ -40,6 +40,7 @@ def __init__(self):
         self.lib_path = os.path.realpath(os.path.join(lib_path, os.pardir))
 
         self.workspace = os.path.realpath(os.path.curdir)
+        self.creds_path = None
 
 
     def load_config(self, lpconfig=None):

diff --git a/linchpin/defaults/schemas/schema_v3.json b/linchpin/defaults/schemas/schema_v3.json
@@ -643,9 +643,20 @@
                 "assoc_creds": {
                     "description":"contains creds file associated to this resource",
                     "type":"string"
-                }
+                },
+		"credentials": {
+	            "type": "object",
+		    "properties":{
+		        "name": {
+			  "type": "string"
+			},
+			"auth_type": {
+			  "type": "string"
+			}
+		    }
+		}
             },
-            "required":["resource_group_name","res_group_type","res_defs","assoc_creds"],
+            "required":["resource_group_name","res_group_type","res_defs"],
             "additionalProperties": true
         },
         "aws": {

diff --git a/linchpin/defaults/schemas/schema_v4.json b/linchpin/defaults/schemas/schema_v4.json
@@ -9,18 +9,6 @@
             "description": "Date of creation",
             "type": "string"
         },
-        "site": {
-            "description": "site of provisioning ",
-            "type": "string"
-        },
-        "credentials": {
-             "description": "contains various credential_vaults names",
-             "type": "array",
-             "items":{
-                "type":"string"
-             },
-             "minimum":1
-        },
         "resource_groups": {
             "description": "contains list of resources ",
             "type": "array",
@@ -705,7 +693,18 @@
                 },
                 "credentials": {
                     "description":"contains creds file associated to this resource",
-                    "type":"string"
+                    "type":"object",
+		    "properties": {
+	                "profile": {
+			  "type": "string"
+			},
+		        "auth_type": {
+		          "type": "string"
+			},
+			"name": {
+			  "type": "string"
+			}
+		    }
                 }
             },
             "required":["resource_group_name","resource_group_type","resource_definitions","credentials"],
@@ -736,7 +735,18 @@
                 },
                 "credentials": {
                     "description":"contains creds file associated to this resource",
-                    "type":"string"
+		    "type":"object",
+                    "properties": {
+                        "profile": {
+                          "type": "string"
+                        },
+                        "auth_type": {
+                          "type": "string"
+                        },
+                        "name": {
+                          "type": "string"
+                        }
+                    }
                 }
             },
             "required":["resource_group_name","resource_group_type","resource_definitions","credentials"],
@@ -763,7 +773,15 @@
                 },
                 "credentials": {
                     "description":"contains creds file associated to this resource",
-                    "type":"string"
+                    "type":"object",
+		    "properties": {
+                        "auth_type": {
+                          "type": "string"
+                        },
+                        "name": {
+                          "type": "string"
+                        }
+                    }
                 }
             },
             "required":["resource_group_name","resource_group_type","resource_definitions","credentials"],

diff --git a/linchpin/linchpin.conf b/linchpin/linchpin.conf
@@ -23,7 +23,7 @@ async = False
 async_timeout = 1000
 output = True
 check_mode = False
-
+creds_path = None
 # default paths in playbooks
 #
 # lp_path = <src_dir>/linchpin

diff --git a/linchpin/provision/filter_plugins/provide_default.py b/linchpin/provision/filter_plugins/provide_default.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python
+import os
+
+def provide_default(fetched, default):
+    if fetched == "":
+        return default
+    else:
+        return fetched
+
+class FilterModule(object):
+    ''' A filter to fix interface's name format '''
+    def filters(self):
+        return {
+            'provide_default': provide_default
+        }
diff --git a/linchpin/provision/library/auth_driver.py b/linchpin/provision/library/auth_driver.py
@@ -13,11 +13,24 @@
   - This module allows a user to fetch credentials on request and egister it as variable in ansible.
 
 options:
-  type:
+  name:
     description:
-      type of credential required
+      name of the credential file to be used 
     required: true
-
+  cred_type:
+    description:
+      credential type , type of credential to be used.
+      eg: aws, gcloud , openstack , etc.,
+    required: false
+  cred_path:
+    description:
+      credentials path where the credentials are to be stored
+    required: false
+  driver:
+    description:
+      defaults to file type. 
+    required: true
+
 author: Samvaran Kashyap Rallabandi -
 '''
 
@@ -29,28 +42,71 @@
 import shlex
 import tempfile
 import yaml
+import glob
+try:
+    import configparser as ConfigParser
+except ImportError:
+    import ConfigParser as ConfigParser
 
 
-def check_file_paths(module, *args):
-    for file_path in args:
-        if not os.path.exists(file_path):
-            module.fail_json(msg= "File not found %s not found" % (file_path))
-        if not os.access(file_path, os.R_OK):
-            module.fail_json(msg= "File not accesible %s not found" % (file_path))
-        if os.path.isdir(file_path):
-            module.fail_json(msg= "Recursive directory not supported  %s " % (file_path))
+class ConfigDict(ConfigParser.ConfigParser):
 
+    def as_dict(self):
+        d = dict(self._sections)
+        for k in d:
+            d[k] = dict(self._defaults, **d[k])
+            d[k].pop('__name__', None)
+        return d
+
+def list_files(path):
+    return glob.glob(path+"/*.*")
+
+def parse_file(filename):
+    cred_str = open(filename, "r").read()
+    try:
+        out = json.loads(cred_str)
+    except Exception as e:
+        try:
+            out = yaml.load(cred_str)
+        except Exception as e:
+            try:
+                config = ConfigDict()
+                f = open(filename)
+                config.readfp(f)
+                out = config.as_dict()
+                f.close()
+            except Exception as e:
+                module.fail_json(msg= "Error  {0} ".format(str(e)))
+    return out
+
+def get_cred(name, creds_path):
+    paths = creds_path.split(";")
+    files = []
+    for path in paths:
+        files = list_files(path)
+        for filename in files:
+            if name == filename.split("/")[-1].split(".")[0]:
+                out = parse_file(filename)
+                return out, path
+    module.fail_json(msg= "Error: Credential not found")
 def main():
+    global module
     module = AnsibleModule(
     argument_spec={
-            'type':     {'required': True, 'aliases': ['auth_type']},
-            'creds_store': {'required': False, 'aliases': ['credential_store']},
+            'name':     {'required': True, 'aliases': ['name']},
+            'cred_type':     {'required': False, 'aliases': ['credential_type']},
+            'cred_path': {'required': True, 'aliases': ['credential_store']},
+            'driver': {'required': True, 'aliases': ['driver_type']},
         },
         required_one_of=[],
         supports_check_mode=True
     )
+    name = module.params["name"]
+    cred_type = module.params["cred_type"]
+    cred_path = module.params["cred_path"]
+    driver_type = module.params["driver"]
+    output, path = get_cred(name, cred_path)
     changed = True
-    module.exit_json(changed=changed, output={})
+    module.exit_json(changed=changed, output=output, params=module.params, path=path)
 
-from ansible.module_utils.basic import *
 main()
diff --git a/linchpin/provision/roles/aws/tasks/main.yml b/linchpin/provision/roles/aws/tasks/main.yml
@@ -22,5 +22,5 @@
   include: teardown_resource_group.yml res_grp={{ item.0 }} topo_output_file={{ item.1 }}
   with_nested:
     - "{{ aws_res_grps }}"
-    - ["{{ resources_file | default( default_resources_path+'/'+outputs.topology_name+'.output.yaml' ) }}"]
+    - ["{{ resources_file | default( default_resources_path+'/'+outputs.topology_name+'.output' ) }}"]
   when: state == "absent"
diff --git a/linchpin/provision/roles/aws/tasks/provision_aws_cfn.yml b/linchpin/provision/roles/aws/tasks/provision_aws_cfn.yml
@@ -12,8 +12,8 @@
 
 - name: "Provision cloud formation stack"
   cloudformation:
-    aws_access_key: "{{ aws_access_key_id | default(omit) }}"
-    aws_secret_key: "{{  aws_secret_access_key | default(omit) }}"
+    aws_access_key: "{{ auth_var['aws_access_key_id'] | default(omit) }}"
+    aws_secret_key: "{{  auth_var['aws_secret_access_key'] | default(omit) }}"
     stack_name:  "{{ res_def['res_name'] | default(res_def['name']) }}"
     state: "{{ state }}"
     region:  "{{ res_def['region'] }}"
@@ -27,8 +27,8 @@
 
 - name: "Provision cloud formation stack"
   cloudformation:
-    aws_access_key: "{{ aws_access_key_id | default(omit) }}"
-    aws_secret_key: "{{  aws_secret_access_key | default(omit) }}"
+    aws_access_key: "{{ auth_var['aws_access_key_id'] | default(omit) }}"
+    aws_secret_key: "{{  auth_var['aws_secret_access_key'] | default(omit) }}"
     stack_name:  "{{ res_def['res_name'] | default(res_def['name']) }}"
     state: "{{ state }}"
     region:  "{{ res_def['region'] }}"

diff --git a/linchpin/provision/roles/aws/tasks/provision_aws_ec2.yml b/linchpin/provision/roles/aws/tasks/provision_aws_ec2.yml
@@ -8,8 +8,8 @@
 
 - name: "Provisioning AWS_EC2 Resource when not async"
   ec2:
-    aws_access_key: "{{ aws_access_key_id | default(omit) }}"
-    aws_secret_key: "{{  aws_secret_access_key | default(omit) }}"
+    aws_access_key: "{{ auth_var['aws_access_key_id'] | default(omit) }}"
+    aws_secret_key: "{{  auth_var['aws_secret_access_key'] | default(omit) }}"
     key_name: "{{ res_def['keypair'] }}"
     instance_type: "{{ res_def['flavor'] }}"
     image: "{{ res_def['image'] }}"
@@ -30,8 +30,8 @@
 
 - name: "Async:: Provisioning AWS_EC2 Resource"
   ec2:
-    aws_access_key: "{{ aws_access_key_id | default(omit) }}"
-    aws_secret_key: "{{  aws_secret_access_key | default(omit) }}"
+    aws_access_key: "{{ auth_var['aws_access_key_id'] | default(omit) }}"
+    aws_secret_key: "{{  auth_var['aws_secret_access_key'] | default(omit) }}"
     key_name: "{{ res_def['keypair'] }}"
     instance_type: "{{ res_def['flavor'] }}"
     image: "{{ res_def['image'] }}"

diff --git a/linchpin/provision/roles/aws/tasks/provision_aws_ec2_key.yml b/linchpin/provision/roles/aws/tasks/provision_aws_ec2_key.yml
@@ -1,7 +1,7 @@
 - name: "Provisioning AWS EC2 KEY "
   ec2_key:
-    aws_access_key: "{{ aws_access_key_id | default(omit) }}"
-    aws_secret_key: "{{  aws_secret_access_key | default(omit) }}"
+    aws_access_key: "{{ auth_var['aws_access_key_id'] | default(omit) }}"
+    aws_secret_key: "{{  auth_var['aws_secret_access_key'] | default(omit) }}"
     region: "{{ res_def['region'] }}"
     name:  "{{ res_def['res_name'] | default(res_def['name']) }}"
     state: "{{ state }}"

diff --git a/linchpin/provision/roles/aws/tasks/provision_aws_s3.yml b/linchpin/provision/roles/aws/tasks/provision_aws_s3.yml
@@ -5,8 +5,8 @@
 
 - name: "Provisioning AWS_S3 Resource"
   s3:
-    aws_access_key: "{{ aws_access_key_id | default(omit) }}"
-    aws_secret_key: "{{  aws_secret_access_key | default(omit) }}"
+    aws_access_key: "{{ auth_var['aws_access_key_id'] | default(omit) }}"
+    aws_secret_key: "{{  auth_var['aws_secret_access_key'] | default(omit) }}"
     bucket: "{{ res_def['res_name'] | default(res_def['name']) }}"
     mode: "{{ s3_mode }}"
     region: "{{ res_def['region'] }}"

diff --git a/linchpin/provision/roles/aws/tasks/provision_aws_sg.yml b/linchpin/provision/roles/aws/tasks/provision_aws_sg.yml
@@ -4,7 +4,7 @@
     name: "{{ res_def['res_name'] | default(res_def['name']) }}"
     description: "{{ res_def['description']}}"
     region: "{{ res_def['region']}}"
-    aws_access_key: "{{ aws_access_key_id }}"
-    aws_secret_key: "{{ aws_secret_access_key }}"
+    aws_access_key: "{{ auth_var['aws_access_key_id'] }}"
+    aws_secret_key: "{{ auth_var['aws_secret_access_key'] }}"
     rules: "{{ res_def['rules'] | aws_sg_rules('inbound') }}"
     rules_egress: "{{ res_def['rules'] | aws_sg_rules('outbound') }}"
diff --git a/linchpin/provision/roles/aws/tasks/provision_resource_group.yml b/linchpin/provision/roles/aws/tasks/provision_resource_group.yml
@@ -2,9 +2,27 @@
   debug:
     msg: "The current Resource Group obj is {{ res_grp }} "
 
-- name: "Including credentials of current resource {{ res_grp['resource_group_name'] }} "
-  include_vars: "roles/aws/vars/{{ res_grp['assoc_creds'] | default(res_grp['credentials']) }}.yml"
-  no_log: true
+- name: "Unset the authvar from previous run"
+  set_fact:
+    auth_var: ""
+
+- name: "Set cred profile"
+  set_fact:
+    cred_profile: "{{ res_grp['credentials']['profile'] | default('default') }}"
+
+- name: "Get creds from auth driver"
+  auth_driver:
+    name: "{{ res_grp['credentials']['name']  }}"
+    cred_type: "aws"
+    cred_path: "{{ creds_path }}"
+    driver: "file"
+  register: auth_var
+  ignore_errors: true
+
+- name: "Set auth_var "
+  set_fact:
+    auth_var: "{{ auth_var['output'][cred_profile] | default('') }}"
+  ignore_errors: true
 
 - name: "provisioning resource definitions of current group"
   include: provision_res_defs.yml res_def={{ res_item.0 }} res_grp_name={{ res_item.1 }}