1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
#!/usr/bin/env python2
#
# OpenStack allows a client to have multiple "projects". To access the
# OpenStack API, the client side libraries need some environment
# variables set (OS_AUTH_URL, OS_PROJECT_NAME, etc), to tell the
# libraries which OpenStack user and project, etc, are used. (As an
# aside, one of the environment variblaes is OS_PASSWORD, which is a
# bad idea, but we can't help that.)
#
# OpenStack allows you to download shell "rc" scripts that you source
# (". foorc.sh") to set up the environment variables. However, it gets
# a bit tedious to manage several such rc scripts. Also, each script
# wants you to enter the API password manually, which is just nasty.
#
# This is os-rchelper, which improves the situation a bit:
#
# * it reads the environment variables from a YAML file, indexed
# by a project name given on the command line (you'll need to
# download the rc script and copy the values to the config file)
#
# * it reads the password with pass(1) so nothing needs to be typed
# manually (i.e., don't put OS_PASSWORD in the config file)
#
# Additionally, this script unsets any pre-existing OS_* environment
# variables.
#
# To use this helper:
#
# 1. Save API password with pass:
#
# pass insert openstack-foo
#
# You need to have pass and gpg set up for this to work.
#
# 2. Create ~/.config/qvarnlabs/openstack.conf (see example below). Add
# the key openstack-pass-name in addition to the OS_* environment
# variables. Set openstack-pass-name to the key name you gave
# pass (openstack-foo above).
#
# 3. To set up a shell session:
#
# eval `os-rchelper foo`
#
# You may want to define a shell function to make this easier (put it
# in .bashrc or similar file):
#
# osrc() { eval `./os-rchelper "$1"`; }
#
# Example conf file (~/.config/qvarnlabs/openstack.conf):
#
# dev:
# openstack-pass-name: qvarnlabs-nebula-cloud
# OS_AUTH_URL: "https://identity.fi-1.nebulacloud.fi:5000/v3"
# OS_PROJECT_ID: "2603e0bfcf624053945a35afa1730dc8"
# OS_PROJECT_NAME: "QvarnLabs development"
# OS_USER_DOMAIN_NAME: "Default"
# OS_USERNAME: "liw@qvarnlabs.com"
# OS_REGION_NAME: "fi-1"
# OS_INTERFACE: "public"
# OS_IDENTITY_API_VERSION: 3
# infra:
# openstack-pass-name: qvarnlabs-nebula-cloud
# OS_AUTH_URL: "https://identity.fi-1.nebulacloud.fi:5000/v3"
# OS_PROJECT_ID: "5b0e1abf166442f2967edc5233f2e6a6"
# OS_PROJECT_NAME: "QvarnLabs Infra"
# OS_USER_DOMAIN_NAME: "Default"
# OS_USERNAME: "liw@qvarnlabs.com"
# OS_REGION_NAME: "fi-1"
# OS_INTERFACE: "public"
# OS_IDENTITY_API_VERSION: 3
#
# See:
# - https://control.nebulacloud.fi/project/access_and_security/
# for downloading rc files (one per project in OpenStack) from the
# Nebula clou
import os
import pipes
import subprocess
import sys
import yaml
def env(name, value):
sys.stdout.write('export {}={};\n'.format(name, pipes.quote(value)))
project_name = sys.argv[1]
filename = os.path.expanduser('~/.config/qvarnlabs/openstack.conf')
with open(filename) as f:
conf = yaml.safe_load(f)
keyname = conf[project_name]['openstack-pass-name']
p = subprocess.Popen(['pass', 'show', keyname], stdout=subprocess.PIPE)
password, stderr = p.communicate('')
password = password.rstrip()
keys_to_remove = [x for x in os.environ if x.startswith('OS_')]
for key in keys_to_remove:
sys.stdout.write('unset {};\n'.format(key))
keys = conf[project_name].keys()
keys.remove('openstack-pass-name')
for key in sorted(keys):
env(key, conf[project_name][key])
env('OS_PASSWORD', password)
|