Skip to content

Commit 52eec77

Browse files
berendtberendt
committed
Use dynamic credential loading for OpenStack CLI commands
Load OpenStack passwords dynamically from secrets.yml using the os_password_<cloud> pattern. Falls back to /etc/openstack/secure.yml for backward compatibility. Credential loading order: 1. Try os_password_<cloud> from secrets.yml (new approach) 2. Fall back to /etc/openstack/secure.yml if it exists (old approach) Changes: - CLI commands pass password via auth dict to openstack.connect() - If no password found but secure.yml exists, use SDK without auth override - Celery tasks create /tmp/clouds.yaml with injected password - Changed credential loading logs to DEBUG level AI-assisted: Claude Code Signed-off-by: Christian Berendt <berendt@osism.tech>
1 parent 327e61c commit 52eec77

7 files changed

Lines changed: 273 additions & 131 deletions

File tree

osism/commands/amphora.py

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,11 @@
99
import openstack
1010

1111
from osism.commands.octavia import wait_for_amphora_boot, wait_for_amphora_delete
12-
from osism.tasks.openstack import cleanup_cloud_environment, setup_cloud_environment
12+
from osism.tasks.openstack import (
13+
cleanup_cloud_environment,
14+
get_openstack_connection,
15+
setup_cloud_environment,
16+
)
1317

1418
# Default age threshold for rotation (30 days in seconds)
1519
DEFAULT_ROTATION_AGE_SECONDS = 2592000
@@ -38,13 +42,12 @@ def take_action(self, parsed_args):
3842
cloud = parsed_args.cloud
3943
loadbalancer_id = parsed_args.loadbalancer
4044

41-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
45+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
4246
if not success:
43-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
4447
return 1
4548

4649
try:
47-
conn = openstack.connect(cloud=cloud)
50+
conn = get_openstack_connection(cloud, password)
4851

4952
if loadbalancer_id:
5053
amphorae = conn.load_balancer.amphorae(
@@ -96,13 +99,12 @@ def take_action(self, parsed_args):
9699
loadbalancer_id = parsed_args.loadbalancer
97100
force = parsed_args.force
98101

99-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
102+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
100103
if not success:
101-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
102104
return 1
103105

104106
try:
105-
conn = openstack.connect(cloud=cloud)
107+
conn = get_openstack_connection(cloud, password)
106108

107109
done = []
108110

osism/commands/baremetal.py

Lines changed: 29 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,11 @@
1414
import yaml
1515
from openstack.baremetal import configdrive as configdrive_builder
1616

17-
from osism.tasks.openstack import cleanup_cloud_environment, setup_cloud_environment
17+
from osism.tasks.openstack import (
18+
cleanup_cloud_environment,
19+
get_openstack_connection,
20+
setup_cloud_environment,
21+
)
1822
from osism import utils
1923
from osism.tasks.conductor.netbox import get_nb_device_query_list_ironic
2024
from osism.tasks import netbox
@@ -50,13 +54,12 @@ def take_action(self, parsed_args):
5054
provision_state = parsed_args.provision_state
5155
maintenance = parsed_args.maintenance
5256

53-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
57+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
5458
if not success:
55-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
5659
return 1
5760

5861
try:
59-
conn = openstack.connect(cloud=cloud)
62+
conn = get_openstack_connection(cloud, password)
6063

6164
query = {}
6265
if provision_state:
@@ -171,13 +174,12 @@ def take_action(self, parsed_args):
171174
)
172175
return
173176

174-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
177+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
175178
if not success:
176-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
177179
return 1
178180

179181
try:
180-
conn = openstack.connect(cloud=cloud)
182+
conn = get_openstack_connection(cloud, password)
181183

182184
if all_nodes:
183185
deploy_nodes = list(conn.baremetal.nodes(details=True))
@@ -372,13 +374,12 @@ def take_action(self, parsed_args):
372374

373375
if use_ironic:
374376
# Fetch data from Ironic (shows actual deployment state)
375-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
377+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
376378
if not success:
377-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
378379
return 1
379380

380381
try:
381-
conn = openstack.connect(cloud=cloud)
382+
conn = get_openstack_connection(cloud, password)
382383
node = conn.baremetal.find_node(name, ignore_missing=True, details=True)
383384

384385
if not node:
@@ -632,13 +633,12 @@ def take_action(self, parsed_args):
632633
)
633634
return
634635

635-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
636+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
636637
if not success:
637-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
638638
return 1
639639

640640
try:
641-
conn = openstack.connect(cloud=cloud)
641+
conn = get_openstack_connection(cloud, password)
642642

643643
if all_nodes:
644644
deploy_nodes = list(conn.baremetal.nodes())
@@ -929,13 +929,12 @@ def take_action(self, parsed_args):
929929
)
930930
return
931931

932-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
932+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
933933
if not success:
934-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
935934
return 1
936935

937936
try:
938-
conn = openstack.connect(cloud=cloud)
937+
conn = get_openstack_connection(cloud, password)
939938

940939
if all_nodes:
941940
burn_in_nodes = list(conn.baremetal.nodes(details=True))
@@ -1032,13 +1031,12 @@ def take_action(self, parsed_args):
10321031

10331032
clean_steps = [{"interface": "deploy", "step": "erase_devices"}]
10341033

1035-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
1034+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
10361035
if not success:
1037-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
10381036
return 1
10391037

10401038
try:
1041-
conn = openstack.connect(cloud=cloud)
1039+
conn = get_openstack_connection(cloud, password)
10421040

10431041
if all_nodes:
10441042
clean_nodes = list(conn.baremetal.nodes(details=True))
@@ -1122,13 +1120,12 @@ def take_action(self, parsed_args):
11221120
logger.error("Please specify a node name or use --all")
11231121
return
11241122

1125-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
1123+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
11261124
if not success:
1127-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
11281125
return 1
11291126

11301127
try:
1131-
conn = openstack.connect(cloud=cloud)
1128+
conn = get_openstack_connection(cloud, password)
11321129

11331130
if all_nodes:
11341131
provide_nodes = list(conn.baremetal.nodes(details=True))
@@ -1191,13 +1188,12 @@ def take_action(self, parsed_args):
11911188
name = parsed_args.name
11921189
reason = parsed_args.reason
11931190

1194-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
1191+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
11951192
if not success:
1196-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
11971193
return 1
11981194

11991195
try:
1200-
conn = openstack.connect(cloud=cloud)
1196+
conn = get_openstack_connection(cloud, password)
12011197
node = conn.baremetal.find_node(name, ignore_missing=True, details=True)
12021198
if not node:
12031199
logger.warning(f"Could not find node {name}")
@@ -1234,13 +1230,12 @@ def take_action(self, parsed_args):
12341230
cloud = parsed_args.cloud
12351231
name = parsed_args.name
12361232

1237-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
1233+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
12381234
if not success:
1239-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
12401235
return 1
12411236

12421237
try:
1243-
conn = openstack.connect(cloud=cloud)
1238+
conn = get_openstack_connection(cloud, password)
12441239
node = conn.baremetal.find_node(name, ignore_missing=True, details=True)
12451240
if not node:
12461241
logger.warning(f"Could not find node {name}")
@@ -1281,13 +1276,12 @@ def take_action(self, parsed_args):
12811276
logger.error("Please specify a node name")
12821277
return
12831278

1284-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
1279+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
12851280
if not success:
1286-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
12871281
return 1
12881282

12891283
try:
1290-
conn = openstack.connect(cloud=cloud)
1284+
conn = get_openstack_connection(cloud, password)
12911285
node = conn.baremetal.find_node(name, ignore_missing=True, details=True)
12921286
if not node:
12931287
logger.warning(f"Could not find node {name}")
@@ -1335,13 +1329,12 @@ def take_action(self, parsed_args):
13351329
logger.error("Please specify a node name")
13361330
return
13371331

1338-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
1332+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
13391333
if not success:
1340-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
13411334
return 1
13421335

13431336
try:
1344-
conn = openstack.connect(cloud=cloud)
1337+
conn = get_openstack_connection(cloud, password)
13451338
node = conn.baremetal.find_node(name, ignore_missing=True, details=True)
13461339
if not node:
13471340
logger.warning(f"Could not find node {name}")
@@ -1405,13 +1398,12 @@ def take_action(self, parsed_args):
14051398
)
14061399
return
14071400

1408-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
1401+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
14091402
if not success:
1410-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
14111403
return 1
14121404

14131405
try:
1414-
conn = openstack.connect(cloud=cloud)
1406+
conn = get_openstack_connection(cloud, password)
14151407

14161408
if all_nodes:
14171409
delete_nodes = list(conn.baremetal.nodes())

osism/commands/compute.py

Lines changed: 21 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,11 @@
1010
from tabulate import tabulate
1111
from prompt_toolkit import prompt
1212

13-
from osism.tasks.openstack import cleanup_cloud_environment, setup_cloud_environment
13+
from osism.tasks.openstack import (
14+
cleanup_cloud_environment,
15+
get_openstack_connection,
16+
setup_cloud_environment,
17+
)
1418

1519

1620
class ComputeEnable(Command):
@@ -34,13 +38,12 @@ def take_action(self, parsed_args):
3438
cloud = parsed_args.cloud
3539
host = parsed_args.host[0]
3640

37-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
41+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
3842
if not success:
39-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
4043
return 1
4144

4245
try:
43-
conn = openstack.connect(cloud=cloud)
46+
conn = get_openstack_connection(cloud, password)
4447

4548
services = conn.compute.services(**{"host": host, "binary": "nova-compute"})
4649
service = next(services)
@@ -97,13 +100,12 @@ def take_action(self, parsed_args):
97100
cloud = parsed_args.cloud
98101
host = parsed_args.host[0]
99102

100-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
103+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
101104
if not success:
102-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
103105
return 1
104106

105107
try:
106-
conn = openstack.connect(cloud=cloud)
108+
conn = get_openstack_connection(cloud, password)
107109

108110
services = conn.compute.services(**{"host": host, "binary": "nova-compute"})
109111
service = next(services)
@@ -161,13 +163,12 @@ def take_action(self, parsed_args):
161163
project = parsed_args.project
162164
details = parsed_args.details
163165

164-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
166+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
165167
if not success:
166-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
167168
return 1
168169

169170
try:
170-
conn = openstack.connect(cloud=cloud)
171+
conn = get_openstack_connection(cloud, password)
171172

172173
result = []
173174
if host:
@@ -295,13 +296,12 @@ def take_action(self, parsed_args):
295296
target = parsed_args.target
296297
yes = parsed_args.yes
297298

298-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
299+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
299300
if not success:
300-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
301301
return 1
302302

303303
try:
304-
conn = openstack.connect(cloud=cloud)
304+
conn = get_openstack_connection(cloud, password)
305305

306306
result = []
307307
for server in conn.compute.servers(all_projects=True, node=host):
@@ -457,13 +457,12 @@ def take_action(self, parsed_args):
457457
project = parsed_args.project
458458
xfilter = parsed_args.filter
459459

460-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
460+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
461461
if not success:
462-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
463462
return 1
464463

465464
try:
466-
conn = openstack.connect(cloud=cloud)
465+
conn = get_openstack_connection(cloud, password)
467466

468467
result = []
469468
for server in conn.compute.servers(all_projects=True, node=host):
@@ -642,13 +641,12 @@ def take_action(self, parsed_args):
642641
)
643642
return
644643

645-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
644+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
646645
if not success:
647-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
648646
return 1
649647

650648
try:
651-
conn = openstack.connect(cloud=cloud)
649+
conn = get_openstack_connection(cloud, password)
652650

653651
user_id = None
654652
if user:
@@ -788,13 +786,12 @@ def take_action(self, parsed_args):
788786
yes = parsed_args.yes
789787
host = parsed_args.host[0]
790788

791-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
789+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
792790
if not success:
793-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
794791
return 1
795792

796793
try:
797-
conn = openstack.connect(cloud=cloud)
794+
conn = get_openstack_connection(cloud, password)
798795

799796
result = []
800797
for server in conn.compute.servers(all_projects=True, node=host):
@@ -849,13 +846,12 @@ def take_action(self, parsed_args):
849846
yes = parsed_args.yes
850847
host = parsed_args.host[0]
851848

852-
temp_files, original_cwd, success = setup_cloud_environment(cloud)
849+
password, temp_files, original_cwd, success = setup_cloud_environment(cloud)
853850
if not success:
854-
logger.error(f"Failed to setup cloud environment for '{cloud}'")
855851
return 1
856852

857853
try:
858-
conn = openstack.connect(cloud=cloud)
854+
conn = get_openstack_connection(cloud, password)
859855

860856
result = []
861857
for server in conn.compute.servers(all_projects=True, node=host):

0 commit comments

Comments
 (0)