starlingx/openstack-armada-app
Code Issues Proposed changes
openstack-armada-app/python3-k8sapp-openstack
History
Luan Nunes Utimura b2e10bfc5f Add LDAP-related actions in application lifecycle 
This change adds LDAP-related actions in the application lifecycle to
automatically configure resources required for multi-user access to the
OpenStack clients container.

Two hooks are leveraged by this change:

  1) Pre apply:
    - Verify if LDAP group `openstack` exists:
      * If it doesn't, then create it.
    - Create volume mount directory (/var/opt/openstack) and assign it
      to the group `openstack` (with the right modes/permissions).

  3) Post remove:
    - Check if the volume mount directory contains one or more user
      files created in subdirectories:
      * If it does, then keep the directory;
      * If it doesn't, then:
        - Delete the volume mount directory;
        - Delete all members from group `openstack`.
        - Delete group `openstack`.

In addition to leveraging lifecycle hooks, this change also updates the
setup scripts -- to include more information about their purpose and to
standardize them as a whole -- and, in special, adds a new script,
called `local_openstackrc`, to configure the access to the OpenStack
clients container.

This script behaves similarly to the `local_starlingxrc` script [2], the
only difference being the extra step of setting up aliases in the
resulting openrc file.

[1] https://review.opendev.org/c/starlingx/openstack-armada-app/+/887369
[2] https://review.opendev.org/c/starlingx/utilities/+/887117

Test Plan:
PASS - Build python3-k8sapp-openstack package
PASS - Build stx-openstack-helm-fluxcd package
PASS - Build stx-openstack helm charts
PASS - Upload/apply stx-openstack
PASS - Verify that the group `openstack` exists
PASS - Verify that the volume mount directory belongs to it
PASS - Verify that the volume mount directory contains all setup scripts

With a local user, e.g., `sysadmin`:
PASS - Source admin-openrc
PASS - Verify that the OpenStack commands are functional

With an LDAP user, e.g., `admin`:
PASS - Make sure it's a member of group `openstack`
       If not, login to `sysadmin` and run:
       $ sudo ldapaddusertogroup admin openstack
PASS - Source local_openstackrc
PASS - Verify that the OpenStack commands are functional

PASS - Remove/delete stx-openstack
PASS - Verify that the volume mount directory was deleted
PASS - Verify that the group `openstack` was deleted

Story: 2010774
Task: 48351

Change-Id: I0d7c3c951984c2380928850a6a041b1920cd633d
Signed-off-by: Luan Nunes Utimura <LuanNunes.Utimura@windriver.com>
2023-07-14 10:27:42 -03:00
..
debian
Standardize app configs (re-submission)
2023-02-24 18:19:38 +00:00
k8sapp_openstack
Add LDAP-related actions in application lifecycle
2023-07-14 10:27:42 -03:00