#!/usr/bin/env python2 # # OpenStack allows a client to have multiple "projects". To access the # OpenStack API, the client side libraries need some environment # variables set (OS_AUTH_URL, OS_PROJECT_NAME, etc), to tell the # libraries which OpenStack user and project, etc, are used. (As an # aside, one of the environment variblaes is OS_PASSWORD, which is a # bad idea, but we can't help that.) # # OpenStack allows you to download shell "rc" scripts that you source # (". foorc.sh") to set up the environment variables. However, it gets # a bit tedious to manage several such rc scripts. Also, each script # wants you to enter the API password manually, which is just nasty. # # This is os-rchelper, which improves the situation a bit: # # * it reads the environment variables from a YAML file, indexed # by a project name given on the command line (you'll need to # download the rc script and copy the values to the config file) # # * it reads the password with pass(1) so nothing needs to be typed # manually (i.e., don't put OS_PASSWORD in the config file) # # Additionally, this script unsets any pre-existing OS_* environment # variables. # # To use this helper: # # 1. Save API password with pass: # # pass insert openstack-foo # # You need to have pass and gpg set up for this to work. # # 2. Create ~/.config/qvarnlabs/openstack.conf (see example below). Add # the key openstack-pass-name in addition to the OS_* environment # variables. Set openstack-pass-name to the key name you gave # pass (openstack-foo above). # # 3. To set up a shell session: # # eval `os-rchelper foo` # # You may want to define a shell function to make this easier (put it # in .bashrc or similar file): # # osrc() { eval `./os-rchelper "$1"`; } # # Example conf file (~/.config/qvarnlabs/openstack.conf): # # dev: # openstack-pass-name: qvarnlabs-nebula-cloud # OS_AUTH_URL: "https://identity.fi-1.nebulacloud.fi:5000/v3" # OS_PROJECT_ID: "2603e0bfcf624053945a35afa1730dc8" # OS_PROJECT_NAME: "QvarnLabs development" # OS_USER_DOMAIN_NAME: "Default" # OS_USERNAME: "liw@qvarnlabs.com" # OS_REGION_NAME: "fi-1" # OS_INTERFACE: "public" # OS_IDENTITY_API_VERSION: 3 # infra: # openstack-pass-name: qvarnlabs-nebula-cloud # OS_AUTH_URL: "https://identity.fi-1.nebulacloud.fi:5000/v3" # OS_PROJECT_ID: "5b0e1abf166442f2967edc5233f2e6a6" # OS_PROJECT_NAME: "QvarnLabs Infra" # OS_USER_DOMAIN_NAME: "Default" # OS_USERNAME: "liw@qvarnlabs.com" # OS_REGION_NAME: "fi-1" # OS_INTERFACE: "public" # OS_IDENTITY_API_VERSION: 3 # # See: # - https://control.nebulacloud.fi/project/access_and_security/ # for downloading rc files (one per project in OpenStack) from the # Nebula clou import os import pipes import subprocess import sys import yaml def env(name, value): sys.stdout.write('export {}={};\n'.format(name, pipes.quote(value))) project_name = sys.argv[1] filename = os.path.expanduser('~/.config/qvarnlabs/openstack.conf') with open(filename) as f: conf = yaml.safe_load(f) keyname = conf[project_name]['openstack-pass-name'] p = subprocess.Popen(['pass', 'show', keyname], stdout=subprocess.PIPE) password, stderr = p.communicate('') password = password.rstrip() keys_to_remove = [x for x in os.environ if x.startswith('OS_')] for key in keys_to_remove: sys.stdout.write('unset {};\n'.format(key)) keys = conf[project_name].keys() keys.remove('openstack-pass-name') for key in sorted(keys): env(key, conf[project_name][key]) env('OS_PASSWORD', password)