Skip to content

Add cloud creds support for terraform runner #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
agrare merged 15 commits into from
Apr 29, 2024
Merged

Add cloud creds support for terraform runner #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
816f9c8
Add credential classes for generic & vSphere
putmanoj Apr 18, 2024
5ed6374
add amazon_credential classes
putmanoj Apr 19, 2024
920594d
Add credential classes for Azure
putmanoj Apr 19, 2024
c536b6c
add Google cloud credential classes
putmanoj Apr 19, 2024
22237af
add text-box for 'region' and pick value from options
putmanoj Apr 19, 2024
4e34b70
add credential class for openstack
putmanoj Apr 21, 2024
38d12f1
Add credential classes for IBM Cloud
putmanoj Apr 22, 2024
4830aa2
fix blank attribute check
putmanoj Apr 22, 2024
9d0af76
Add embedded_terraform credential tests
putmanoj Apr 22, 2024
3ff09ef
Fix Cyclomatic complexity for connection_parameters
putmanoj Apr 23, 2024
384b4cd
Rename 'Ibmcloud' to 'IbmCloud'
putmanoj Apr 24, 2024
3a57653
rename 'tenant' to 'provider_tenant' for azure credential
putmanoj Apr 24, 2024
2e93640
update cloud region field label
putmanoj Apr 25, 2024
836e3ae
use assign_role from EvmSpecHelper
putmanoj Apr 25, 2024
101cd17
fix with rubocop suggestions - has_key
putmanoj Apr 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions app/models/manageiq/providers/embedded_terraform/automation_manager/amazon_credential.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
class ManageIQ::Providers::EmbeddedTerraform::AutomationManager::AmazonCredential < ManageIQ::Providers::EmbeddedTerraform::AutomationManager::CloudCredential
COMMON_ATTRIBUTES = [
{
:component => 'text-field',
:label => N_('Access Key'),
:helperText => N_('AWS Access Key for this credential'),
:name => 'userid',
:id => 'userid',
:isRequired => true,
:validate => [{:type => 'required'}],
},
{
:component => 'password-field',
:label => N_('Secret Key'),
:helperText => N_('AWS Secret Key for this credential'),
:name => 'password',
:id => 'password',
:type => 'password',
:isRequired => true,
:validate => [{:type => 'required'}],
},
].freeze

EXTRA_ATTRIBUTES = [
{
:component => 'password-field',
:label => N_('STS Token'),
:helperText => N_('Security Token Service(STS) Token for this credential'),
:name => 'security_token',
:id => 'security_token',
:type => 'password',
:maxLength => 1024
},
{
:component => 'text-field',
:label => N_('AWS Region'),
:helperText => N_('AWS Region where the provider will operate. The Region must be set.'),
:name => 'region',
:id => 'region',
:isRequired => true,
:maxLength => 50,
},
].freeze

API_ATTRIBUTES = (COMMON_ATTRIBUTES + EXTRA_ATTRIBUTES).freeze

API_OPTIONS = {
:type => 'cloud',
:label => N_('Amazon'),
:attributes => API_ATTRIBUTES
}.freeze

alias security_token auth_key

def self.display_name(number = 1)
n_('Credential (Amazon)', 'Credentials (Amazon)', number)
end

def self.params_to_attributes(params)
attrs = super.dup
attrs[:auth_key] = attrs.delete(:security_token) if attrs.key?(:security_token)
Copy link
Member

@agrare agrare Apr 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why call a property security_token if we're just going to store it in auth_key, could you use "auth_key" instead up here ☝️ https://github.com/ManageIQ/manageiq-providers-embedded_terraform/pull/16/files#diff-10eac92f3aa8adb511c059784672e62020e8e6172d8154c295c6a5678c75007fR29-R30

Copy link
Member

@jrafanie jrafanie Apr 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. We also have an alias for security_token from auth_key so hopefully we can use auth_key everywhere to keep it consistent.

Copy link
Member

@agrare agrare Apr 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I understand having the :label be something specific but wasn't sure what having the internal key being different from the column bought us

Copy link
Contributor Author

@putmanoj putmanoj Apr 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just followed the pattern of what is in ansible implemetation - just a copy the same
https://github.com/ManageIQ/manageiq/blob/master/app/models/manageiq/providers/embedded_ansible/automation_manager/amazon_credential.rb#L52

Copy link
Member

@jrafanie jrafanie Apr 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, even better. Let's just use auth_key. I don't think it makes sense to translate one field to another unless we have a good reason.

Copy link
Member

@agrare agrare Apr 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be done in a follow-up

Copy link
Member

@jrafanie jrafanie Apr 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yup, I'll do this in a follow up. no need to delay merging on this.

if %i[region].any? { |opt| attrs.key?(opt) }
attrs[:options] ||= {}
attrs[:options][:region] = attrs.delete(:region) if attrs.key?(:region)
end
attrs
end
end
80 changes: 80 additions & 0 deletions app/models/manageiq/providers/embedded_terraform/automation_manager/azure_credential.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
class ManageIQ::Providers::EmbeddedTerraform::AutomationManager::AzureCredential < ManageIQ::Providers::EmbeddedTerraform::AutomationManager::CloudCredential
COMMON_ATTRIBUTES = [].freeze

EXTRA_ATTRIBUTES = [
{
:component => 'text-field',
:label => N_('Subscription ID'),
:helperText => N_('The Subscription ID for the Microsoft Azure account'),
:name => 'subscription',
:id => 'subscription',
:isRequired => true,
:validate => [{:type => 'required'}],
},
{
:component => 'text-field',
:label => N_('Tenant ID'),
:helperText => N_('The Tenant ID for the Microsoft Azure account'),
:name => 'provider_tenant',
:id => 'provider_tenant',
:maxLength => 1024,
},
{
:component => 'password-field',
:label => N_('Client Secret'),
:helperText => N_('The Client Secret for the Microsoft Azure account'),
:name => 'secret',
:id => 'secret',
:type => 'password',
:maxLength => 1024,
},
{
:component => 'text-field',
:label => N_('Client ID'),
:helperText => N_('The Client ID for the Microsoft Azure account'),
:name => 'client',
:id => 'client',
:maxLength => 128,
},
].freeze

API_ATTRIBUTES = (COMMON_ATTRIBUTES + EXTRA_ATTRIBUTES).freeze

API_OPTIONS = {
:type => 'cloud',
:label => N_('Azure'),
:attributes => API_ATTRIBUTES
}.freeze

alias secret auth_key

def self.display_name(number = 1)
n_('Credential (Microsoft Azure)', 'Credentials (Microsoft Azure)', number)
end

def self.params_to_attributes(params)
attrs = super.dup
attrs[:auth_key] = attrs.delete(:secret) if attrs.key?(:secret)

if %i[client provider_tenant subscription].any? { |opt| attrs.key?(opt) }
attrs[:options] ||= {}
attrs[:options][:client] = attrs.delete(:client) if attrs.key?(:client)
attrs[:options][:provider_tenant] = attrs.delete(:provider_tenant) if attrs.key?(:provider_tenant)
attrs[:options][:subscription] = attrs.delete(:subscription) if attrs.key?(:subscription)
end

attrs
end

def client
options && options[:client]
end

def provider_tenant
options && options[:provider_tenant]
end

def subscription
options && options[:subscription]
end
end
2 changes: 2 additions & 0 deletions app/models/manageiq/providers/embedded_terraform/automation_manager/cloud_credential.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
class ManageIQ::Providers::EmbeddedTerraform::AutomationManager::CloudCredential < ManageIQ::Providers::EmbeddedTerraform::AutomationManager::Credential
end
6 changes: 6 additions & 0 deletions app/models/manageiq/providers/embedded_terraform/automation_manager/credential.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,10 @@ class ManageIQ::Providers::EmbeddedTerraform::AutomationManager::Credential < Ma
def self.credential_type
"embedded_terraform_credential_types"
end

FRIENDLY_NAME = "Embedded Terraform Credential".freeze

private_class_method def self.queue_role
"embedded_terraform"
end
end
71 changes: 71 additions & 0 deletions app/models/manageiq/providers/embedded_terraform/automation_manager/google_credential.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
class ManageIQ::Providers::EmbeddedTerraform::AutomationManager::GoogleCredential < ManageIQ::Providers::EmbeddedTerraform::AutomationManager::CloudCredential
COMMON_ATTRIBUTES = [
{
:component => 'text-field',
:label => N_('Service Account Email Address'),
:helperText => N_('The email address assigned to the Google Compute Engine service account'),
:name => 'userid',
:id => 'userid',
:type => 'email',
:isRequired => true,
:validate => [{:type => 'required'}],
},
].freeze

EXTRA_ATTRIBUTES = [
{
:component => 'password-field',
:label => N_('RSA Private Key'),
:helperText => N_('Contents of the PEM file associated with the service account email'),
:componentClass => 'textarea',
:name => 'ssh_key_data',
:id => 'ssh_key_data',
:type => 'password',
:isRequired => true,
:validate => [{:type => 'required'}],
},
{
:component => 'text-field',
:label => N_('Project'),
:helperText => N_('The GCE assigned identification. It is constructed as two words followed by a three digit number, such as: squeamish-ossifrage-123'),
:name => 'project',
:id => 'project',
:maxLength => 100,
},
{
:component => 'text-field',
:label => N_('Google Cloud Region'),
:helperText => N_('The default region for the resources. If another region is specified on the resource, it will take precedence.'),
:name => 'region',
:id => 'region',
:maxLength => 50,
},
].freeze

API_ATTRIBUTES = (COMMON_ATTRIBUTES + EXTRA_ATTRIBUTES).freeze

API_OPTIONS = {
:type => 'cloud',
:label => N_('Google Compute Engine'),
:attributes => API_ATTRIBUTES
}.freeze

alias ssh_key_data auth_key

def self.display_name(number = 1)
n_('Credential (Google)', 'Credentials (Google)', number)
end

def self.params_to_attributes(params)
attrs = super.dup

attrs[:auth_key] = attrs.delete(:ssh_key_data) if attrs.key?(:ssh_key_data)
Copy link
Member

@agrare agrare Apr 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basically the same question here as above (and looks like for a number of these). Maybe there is a good reason? IDK

Copy link
Contributor Author

@putmanoj putmanoj Apr 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Again same pattern as in ansible implementation ...

https://github.com/ManageIQ/manageiq/blob/master/app/models/manageiq/providers/embedded_ansible/automation_manager/google_credential.rb#L54

Copy link
Member

@agrare agrare Apr 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, I don't think we should blindly copy&paste from other code without thinking about it first :)

Copy link
Member

@jrafanie jrafanie Apr 26, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll get this for followup.

attrs[:options] = {:project => attrs.delete(:project)} if attrs[:project]
attrs[:options][:region] = attrs.delete(:region) if attrs.key?(:region)
attrs
end

def project
options && options[:project]
end
end
58 changes: 58 additions & 0 deletions app/models/manageiq/providers/embedded_terraform/automation_manager/ibm_cloud_credential.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
class ManageIQ::Providers::EmbeddedTerraform::AutomationManager::IbmCloudCredential < ManageIQ::Providers::EmbeddedTerraform::AutomationManager::CloudCredential
COMMON_ATTRIBUTES = [
{
:component => 'password-field',
:label => N_('IBM Cloud API Key'),
:helperText => N_('The API key for IBM Cloud. A value for this field is required if classic user name and classic API key are not provided. A valid connection must have value for IBM Cloud API Key or, IBM Cloud Classic Infrastructure User Name and IBM Cloud Classic Infrastructure API Key.'),
:name => 'auth_key',
:id => 'auth_key',
:type => 'password',
:isRequired => true,
:validate => [{:type => 'required'}],
},
].freeze

EXTRA_ATTRIBUTES = [
{
:component => 'text-field',
:label => N_('IBM Cloud Classic Infrastructure User Name'),
:helperText => N_('The User Name for IBM Cloud Classic Infrastructure. A value for this field is required when using classic IBM Cloud resources. A valid connection must have value for IBM Cloud API Key or, IBM Cloud Classic Infrastructure User Name and IBM Cloud Classic Infrastructure API Key.'),
:name => 'classic_user',
:id => 'classic_user',
:maxLength => 100,
},
{
:component => 'password-field',
:label => N_('IBM Cloud Classic Infrastructure API Key'),
:helperText => N_('The API key for IBM Cloud Classic Infrastructure A value for this field is required when using classic IBM Cloud resources. A valid connection must have value for IBM Cloud API Key or, IBM Cloud Classic Infrastructure User Name and IBM Cloud Classic Infrastructure API Key.'),
:name => 'classic_key',
:id => 'classic_key',
:type => 'password',
},
].freeze

API_ATTRIBUTES = (COMMON_ATTRIBUTES + EXTRA_ATTRIBUTES).freeze

API_OPTIONS = {
:type => 'cloud',
:label => N_('IBM Cloud'),
:attributes => API_ATTRIBUTES
}.freeze

def self.display_name(number = 1)
n_('Credential (IBM Cloud)', 'Credentials (IBM Cloud)', number)
end

def self.params_to_attributes(params)
attrs = super.dup

attrs[:auth_key] = attrs.delete(:auth_key) if attrs.key?(:auth_key)

if %i[classic_user classic_key].any? { |opt| attrs.key?(opt) }
attrs[:userid] = attrs.delete(:classic_user) if attrs.key?(:classic_user)
attrs[:password] = attrs.delete(:classic_key) if attrs.key?(:classic_key)
end

attrs
end
end
Loading