Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added additional OpenStack credential flags #38

Merged
merged 3 commits into from
Sep 17, 2019
Merged

Added additional OpenStack credential flags #38

merged 3 commits into from
Sep 17, 2019

Conversation

afritzler
Copy link
Member

What this PR does / why we need it:
This PR adds some additional authentication flags to the designate client code. It now support the following values:

  • userDomanName, OS_USER_DOMAIN_NAME
  • userDomainID, OS_USER_DOMAIN_ID
  • tenantID, OS_PROJECT_ID
  • domainID, OS_DOMAIN_ID

Which issue(s) this PR fixes:
This PR is needed for the overall extension support of this flags: https://github.com/gardener/gardener-extensions/issues/154

Release note:

Added addional OpenStack credential flags (domainID, tenantID, userDomainName, userDomainID)

@afritzler afritzler requested a review from mandelsoft as a code owner August 26, 2019 11:16
@afritzler afritzler changed the title Added addional OpenStack credential flags [WIP] Added addional OpenStack credential flags Aug 26, 2019
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 26, 2019
@afritzler afritzler changed the title [WIP] Added addional OpenStack credential flags Added additional OpenStack credential flags Sep 9, 2019
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Sep 10, 2019
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Sep 16, 2019
@afritzler
Copy link
Member Author

@MartinWeindel I now removed the validation logic leaving it to gophercloud/OpenStack backend to provider a proper error handling.

kayrus
kayrus reviewed Sep 16, 2019
View reviewed changes
pkg/controller/provider/openstack/handler.go
@@ -38,6 +39,7 @@ type Handler struct {

var _ provider.DNSHandler = &Handler{}

// NewHandler constructs a new DNSHandler object.
func NewHandler(config *provider.DNSHandlerConfig) (provider.DNSHandler, error) {
authConfig, err := readAuthConfig(config)
Copy link

@kayrus kayrus Sep 16, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no need to use the readAuthConfig function, since clientconfig.AuthOptions already fetches env parameters. I also don't see a reason why do you need to keep the authConfig struct. Take a look on this commit: 02d50ec

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The properties are read from a Kubernetes secret. Although the code may look similar to reading environmental parameters, this is not the case here. We only use the same names in the secret data. And the secrets are associated with the DNS providers, which can be managed during the runtime of the controller-manager.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I missed this part. Nevertheless, I don't like the current situation with the auth options. It looks even worse than in https://github.com/kubernetes/cloud-provider-openstack. I propose to create a package, which will handle all the auth options in one place.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's true, it looks a bit complicated now. I suggest to apply these changes to the pull request:
88eeb96

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we keep that for now as is?

@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Sep 16, 2019
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Sep 17, 2019
@MartinWeindel MartinWeindel merged commit 634b5af into gardener:master Sep 17, 2019
@afritzler afritzler mentioned this pull request Jan 30, 2020
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kayrus kayrus kayrus left review comments

@MartinWeindel MartinWeindel MartinWeindel left review comments

@mandelsoft mandelsoft Awaiting requested review from mandelsoft

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@afritzler @MartinWeindel @kayrus @gardener-robot-ci-1