Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 67630d4c52aef5ddcb15cff4f3b6594d447e8992^! / . / tools / update_clouds_yaml.py
commit67630d4c52aef5ddcb15cff4f3b6594d447e8992[log] [tgz]
authorArtem Goncharov <artem.goncharov@gmail.com>Sun Jun 18 14:46:06 2023 +0200
committergtema <artem.goncharov@gmail.com>Thu Oct 26 11:07:30 2023 +0200
tree9d7e78c06fd38076837c807384822b26cb005d3b
parent29e73a215557b2d20d0d9611e0d5317e08cf9538 [diff] [blame]
Enable keystone token caching by OSC

SDK uses python keyring library to enable token caching. Normally this
is requiring a proper desktop (interactive) session, but there are some
backend plugins working in non-interactive mode. Store cache in an
unencrypted file on FS (this is not worse than storing passwords in
plaintext).

Change-Id: I42d698f15db5918443073fff8f27b926126d1d0f

diff --git a/tools/update_clouds_yaml.py b/tools/update_clouds_yaml.py
index 74dcdb2..9189882 100755
--- a/tools/update_clouds_yaml.py
+++ b/tools/update_clouds_yaml.py

@@ -30,7 +30,9 @@
             self._clouds_path = os.path.expanduser(
                 '~/.config/openstack/clouds.yaml')
             self._create_directory = True
-        self._clouds = {}
+        self._keyringrc_path = os.path.expanduser(
+                '~/.config/python_keyring/keyringrc.cfg')
+        self._config = {}
 
         self._cloud = args.os_cloud
         self._cloud_data = {
@@ -65,14 +67,17 @@
     def _read_clouds(self):
         try:
             with open(self._clouds_path) as clouds_file:
-                self._clouds = yaml.safe_load(clouds_file)
+                self._config = yaml.safe_load(clouds_file)
         except IOError:
             # The user doesn't have a clouds.yaml file.
             print("The user clouds.yaml file didn't exist.")
-            self._clouds = {}
+        if "cache" not in self._config:
+            # Enable auth (and only auth) caching. Currently caching into the
+            # file on FS is configured in `_write_clouds` function.
+            self._config["cache"] = {"auth": True}
 
     def _update_clouds(self):
-        self._clouds.setdefault('clouds', {})[self._cloud] = self._cloud_data
+        self._config.setdefault('clouds', {})[self._cloud] = self._cloud_data
 
     def _write_clouds(self):
 
@@ -81,7 +86,19 @@
             os.makedirs(clouds_dir)
 
         with open(self._clouds_path, 'w') as clouds_file:
-            yaml.dump(self._clouds, clouds_file, default_flow_style=False)
+            yaml.dump(self._config, clouds_file, default_flow_style=False)
+
+        # Enable keyring token caching
+        keyringrc_dir = os.path.dirname(self._keyringrc_path)
+        os.makedirs(keyringrc_dir, exist_ok=True)
+
+        # Configure auth caching into the file on FS. We do not bother of any
+        # expiration since SDK is smart enough to reauth once the token becomes
+        # invalid.
+        with open(self._keyringrc_path, 'w') as keyringrc_file:
+            keyringrc_file.write("[backend]\n")
+            keyringrc_file.write(
+                "default-keyring=keyrings.alt.file.PlaintextKeyring\n")
 
 
 def main():