def _get_zaqar_signal_queue_id(self):
"""Return a zaqar queue_id for signaling this resource.
This uses the created user for the credentials.
"""
queue_id = self.data().get('zaqar_signal_queue_id')
if queue_id:
return queue_id
if self.id is None:
# it is too early
return
if self._get_user_id() is None:
if self.password is None:
self.password = password_gen.generate_openstack_password()
self._create_user()
queue_id = self.physical_resource_name()
zaqar_plugin = self.client_plugin('zaqar')
zaqar = zaqar_plugin.create_for_tenant(
self.stack.stack_user_project_id, self._user_token())
queue = zaqar.queue(queue_id)
signed_url_data = queue.signed_url(
['messages'], methods=['GET', 'DELETE'])
self.data_set('zaqar_queue_signed_url_data',
jsonutils.dumps(signed_url_data))
self.data_set('zaqar_signal_queue_id', queue_id)
return queue_id
def _get_zaqar_signal_queue_id(self):
"""Return a zaqar queue_id for signaling this resource.
This uses the created user for the credentials.
"""
queue_id = self.data().get('zaqar_signal_queue_id')
if queue_id:
return queue_id
if self.id is None:
# it is too early
return
if self._get_user_id() is None:
if self.password is None:
self.password = password_gen.generate_openstack_password()
self._create_user()
queue_id = self.physical_resource_name()
zaqar_plugin = self.client_plugin('zaqar')
zaqar = zaqar_plugin.create_for_tenant(
self.stack.stack_user_project_id, self._user_token())
queue = zaqar.queue(queue_id)
signed_url_data = queue.signed_url(
['messages'], methods=['GET', 'DELETE'])
self.data_set('zaqar_queue_signed_url_data',
jsonutils.dumps(signed_url_data))
self.data_set('zaqar_signal_queue_id', queue_id)
return queue_id
def _get_heat_signal_credentials(self):
"""Return OpenStack credentials that can be used to send a signal.
These credentials are for the user associated with this resource in
the heat stack user domain.
"""
if self._get_user_id() is None:
if self.password is None:
self.password = password_gen.generate_openstack_password()
self._create_user()
return {
'auth_url':
self.keystone().server_keystone_endpoint_url(
fallback_endpoint=self.keystone().v3_endpoint),
'username':
self.physical_resource_name(),
'user_id':
self._get_user_id(),
'password':
self.password,
'project_id':
self.stack.stack_user_project_id,
'domain_id':
self.keystone().stack_domain_id,
'region_name':
self._get_region_name()
}
def _create_transport_credentials(self, props):
if self.transport_poll_server_cfn(props):
self._create_user()
self._create_keypair()
elif (self.transport_poll_server_heat(props) or
self.transport_zaqar_message(props)):
if self.password is None:
self.password = password_gen.generate_openstack_password()
self._create_user()
self._register_access_key()
def handle_create(self):
self.password = password_gen.generate_openstack_password()
super(HeatWaitConditionHandle, self).handle_create()
if self._signal_transport_token():
# FIXME(shardy): The assumption here is that token expiry > timeout
# but we probably need a check here to fail fast if that's not true
# Also need to implement an update property, such that the handle
# can be replaced on update which will replace the token
token = self._user_token()
self.data_set('token', token, True)
self.data_set('endpoint',
'%s/signal' % self._get_resource_endpoint())
def create_stack_domain_user_keypair(self, user_id, project_id):
if not self.stack_domain:
# FIXME(shardy): Legacy fallback for folks using old heat.conf
# files which lack domain configuration
return self.create_ec2_keypair(user_id)
data_blob = {'access': uuid.uuid4().hex,
'secret': password_gen.generate_openstack_password()}
creds = self.domain_admin_client.credentials.create(
user=user_id, type='ec2', blob=jsonutils.dumps(data_blob),
project=project_id)
return AccessKey(id=creds.id,
access=data_blob['access'],
secret=data_blob['secret'])
def create_ec2_keypair(self, user_id=None):
user_id = user_id or self.context.get_access(self.session).user_id
project_id = self.context.tenant_id
data_blob = {'access': uuid.uuid4().hex,
'secret': password_gen.generate_openstack_password()}
ec2_creds = self.client.credentials.create(
user=user_id, type='ec2', blob=jsonutils.dumps(data_blob),
project=project_id)
# Return a AccessKey namedtuple for easier access to the blob contents
# We return the id as the v3 api provides no way to filter by
# access in the blob contents, so it will be much more efficient
# if we manage credentials by ID instead
return AccessKey(id=ec2_creds.id,
access=data_blob['access'],
secret=data_blob['secret'])
def create_stack_domain_user_keypair(self, user_id, project_id):
if not self.stack_domain:
# FIXME(shardy): Legacy fallback for folks using old heat.conf
# files which lack domain configuration
return self.create_ec2_keypair(user_id)
data_blob = {
'access': uuid.uuid4().hex,
'secret': password_gen.generate_openstack_password()
}
creds = self.domain_admin_client.credentials.create(
user=user_id,
type='ec2',
blob=jsonutils.dumps(data_blob),
project=project_id)
return AccessKey(id=creds.id,
access=data_blob['access'],
secret=data_blob['secret'])
def _get_heat_signal_credentials(self):
"""Return OpenStack credentials that can be used to send a signal.
These credentials are for the user associated with this resource in
the heat stack user domain.
"""
if self._get_user_id() is None:
if self.password is None:
self.password = password_gen.generate_openstack_password()
self._create_user()
return {'auth_url': self.keystone().v3_endpoint,
'username': self.physical_resource_name(),
'user_id': self._get_user_id(),
'password': self.password,
'project_id': self.stack.stack_user_project_id,
'domain_id': self.keystone().stack_domain_id,
'region_name': (self.context.region_name or
cfg.CONF.region_name_for_services)}
def create_ec2_keypair(self, user_id=None):
user_id = user_id or self.context.get_access(self.session).user_id
project_id = self.context.tenant_id
data_blob = {
'access': uuid.uuid4().hex,
'secret': password_gen.generate_openstack_password()
}
ec2_creds = self.client.credentials.create(
user=user_id,
type='ec2',
blob=jsonutils.dumps(data_blob),
project=project_id)
# Return a AccessKey namedtuple for easier access to the blob contents
# We return the id as the v3 api provides no way to filter by
# access in the blob contents, so it will be much more efficient
# if we manage credentials by ID instead
return AccessKey(id=ec2_creds.id,
access=data_blob['access'],
secret=data_blob['secret'])
