rpm/salt
SHA256
1
0
Fork 0
forked from pool/salt
Code Pull Requests Activity
ff3dbe1ea9
salt/integration-of-msi-authentication-with-azurearm-clou.patch

119 lines
4.5 KiB
Diff
Raw Normal View History

Accepting request 636187 from home:mdinca:branches:systemsmanagement:saltstack - Prepend current directory when path is just filename (bsc#1095942) - Integration of MSI authentication for azurearm - Adds fix for SUSE Expanded Support os grain detection - Fixes 509x remote signing - Fix for StringIO import in Python2 - Use Adler32 algorithm to compute string checksums (bsc#1102819) - Only do reverse DNS lookup on IPs for salt-ssh (bsc#1104154) - Add support for Python 3.7 - Fix license macro to build on SLE12SP2 - Decode file contents for python2 (bsc#1102013) - Fix for sorting of multi-version packages (bsc#1097174 and bsc#1097413) - Fix mine.get not returning data - workaround for #48020 (bsc#1100142) - Added: * change-stringio-import-in-python2-to-import-the-clas.patch * integration-of-msi-authentication-with-azurearm-clou.patch * x509-fixes-for-remote-signing-106.patch * fix-for-suse-expanded-support-detection.patch * only-do-reverse-dns-lookup-on-ips-for-salt-ssh.patch * prepend-current-directory-when-path-is-just-filename.patch * add-support-for-python-3.7.patch * decode-file-contents-for-python2-bsc-1102013.patch * fix-mine.get-not-returning-data-workaround-for-48020.patch * x509-fixes-111.patch * use-adler32-algorithm-to-compute-string-checksums.patch - Modified: * fix-for-sorting-of-multi-version-packages-bsc-109717.patch OBS-URL: https://build.opensuse.org/request/show/636187 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=129
2018-09-17 16:18:45 +02:00
From 06aff97c83342cf9635fa750222f774ab1664a0d Mon Sep 17 00:00:00 2001
From: ed lane <ed.lane.0@gmail.com>
Date: Thu, 30 Aug 2018 06:07:08 -0600
Subject: [PATCH] Integration of MSI authentication with azurearm cloud
driver (#105)
---
salt/cloud/clouds/azurearm.py | 47 +++++++++++++++++++++++++++--------
1 file changed, 36 insertions(+), 11 deletions(-)
diff --git a/salt/cloud/clouds/azurearm.py b/salt/cloud/clouds/azurearm.py
index bd9a25a7e2..8b9a9e8903 100644
--- a/salt/cloud/clouds/azurearm.py
+++ b/salt/cloud/clouds/azurearm.py
@@ -25,6 +25,9 @@ The Azure cloud module is used to control access to Microsoft Azure
* ``client_id``
* ``secret``
+ if using MSI-style authentication:
+ * ``subscription_id``
+
Example ``/etc/salt/cloud.providers`` or
``/etc/salt/cloud.providers.d/azure.conf`` configuration:
@@ -48,6 +51,10 @@ Example ``/etc/salt/cloud.providers`` or
For example, this creates a service principal with 'owner' role for the whole subscription:
az ad sp create-for-rbac -n "http://mysaltapp" --role owner --scopes /subscriptions/3287abc8-f98a-c678-3bde-326766fd3617
*Note: review the details of Service Principals. Owner role is more than you normally need, and you can restrict scope to a resource group or individual resources.
+
+ Or my-azure-config with MSI-style authentication:
+ driver: azure
+ subscription_id: 3287abc8-f98a-c678-3bde-326766fd3617
'''
# pylint: disable=E0102
@@ -86,6 +93,7 @@ try:
UserPassCredentials,
ServicePrincipalCredentials,
)
+ from msrestazure.azure_active_directory import MSIAuthentication
from azure.mgmt.compute import ComputeManagementClient
from azure.mgmt.compute.models import (
CachingTypes,
@@ -166,19 +174,30 @@ def get_configured_provider():
'''
Return the first configured instance.
'''
+ # check if using Service Principle style authentication...
provider = config.is_provider_configured(
__opts__,
__active_provider_name__ or __virtualname__,
- ('subscription_id', 'tenant', 'client_id', 'secret')
+ required_keys=('subscription_id', 'tenant', 'client_id', 'secret'),
+ log_message=False #... allowed to fail so no need to log warnings
)
if provider is False:
- return config.is_provider_configured(
+ # check if using username/password style authentication...
+ provider = config.is_provider_configured(
__opts__,
__active_provider_name__ or __virtualname__,
- ('subscription_id', 'username', 'password')
+ required_keys=('subscription_id', 'username', 'password'),
+ log_message=False
)
- else:
- return provider
+ if provider is False:
+ # check if using MSI style credentials...
+ provider = config.is_provider_configured(
+ __opts__,
+ __active_provider_name__ or __virtualname__,
+ required_keys=('subscription_id',),
+ log_message=False
+ )
+ return provider
def get_dependencies():
@@ -210,6 +229,7 @@ def get_conn(Client=None):
get_configured_provider(), __opts__, search_global=False
)
if tenant is not None:
+ # using Service Principle style authentication...
client_id = config.get_cloud_config_value(
'client_id',
get_configured_provider(), __opts__, search_global=False
@@ -224,15 +244,20 @@ def get_conn(Client=None):
'username',
get_configured_provider(), __opts__, search_global=False
)
- password = config.get_cloud_config_value(
- 'password',
- get_configured_provider(), __opts__, search_global=False
- )
- credentials = UserPassCredentials(username, password)
+ if username is not None:
+ # using username/password style authentication...
+ password = config.get_cloud_config_value(
+ 'password',
+ get_configured_provider(), __opts__, search_global=False
+ )
+ credentials = UserPassCredentials(username, password)
+ else:
+ # using MSI style authentication ...
+ credentials = MSIAuthentication()
client = Client(
credentials=credentials,
- subscription_id=subscription_id,
+ subscription_id=str(subscription_id),
)
client.config.add_user_agent('SaltCloud/{0}'.format(salt.version.__version__))
return client
--
2.19.0
Copy Permalink