Commit 539d5ad8 authored by Jose Castro Leon's avatar Jose Castro Leon

Add jobs to force synchronization of keys on a project

parent f9838798
Pipeline #1478570 passed with stages
in 6 minutes and 39 seconds
......@@ -155,6 +155,72 @@ workflows:
rgw_access_key: <% $.rgw_access_key %>
rgw_secret_key: <% $.rgw_secret_key %>
force_sync_one:
type: direct
description: This workflow pushes all keys in keystone to radosgw on one project specified by project_id
input:
- project_id
- region: "cern"
tasks:
retrieve_project:
description: 'Retrieves project information'
action: keystone.projects_get
input:
project: <% $.project_id %>
publish:
project: <% task(retrieve_project).result %>
on-success:
- retrieve_credentials_for_project
retrieve_credentials_for_project:
description: 'Retrieves ec2 credentials mapped to that project'
action: keystone.credentials_list
input:
type: "ec2"
keep-result: false
publish:
raw_credentials: <% let(project_id => $.project_id) -> task(retrieve_credentials_for_project).result.where($.project_id = $project_id).select(dict(project_id => $.project_id, blob => json_parse($.blob))) %>
on-success:
- reduce_credentials_to_sync
reduce_credentials_to_sync:
action: std.noop
publish:
credentials: <% $.raw_credentials.select(dict(access_key => $.blob.access, secret_key => $.blob.secret, user => $.project_id)) %>
on-success:
- force_sync_project
retrieve_access_key:
description: 'Retrieves the access key from barbican'
workflow: secret_retrieve
input:
name: rgw_access_key
publish:
rgw_access_key: <% task(retrieve_access_key).result.payload %>
on-success:
- force_sync_project
retrieve_secret_key:
description: 'Retrieves the secret key from barbican'
workflow: secret_retrieve
input:
name: rgw_secret_key
publish:
rgw_secret_key: <% task(retrieve_secret_key).result.payload %>
on-success:
- force_sync_project
force_sync_project:
join: all
description: 'Fork to synchronize the projects'
workflow: radosgw_key_sync.force_sync_project
input:
project: <% $.project %>
credentials: <% let(project_id => $.project.id) -> $.credentials.where($.user = $project_id) %>
region: <% $.region %>
rgw_access_key: <% $.rgw_access_key %>
rgw_secret_key: <% $.rgw_secret_key %>
sync_job_project:
type: direct
description: Synchronizes a given projects with the credentials passed by parameter
......@@ -211,4 +277,65 @@ workflows:
access_key: <% $.key.access_key %>
rgw_access: <% $.rgw_access_key %>
rgw_secret: <% $.rgw_secret_key %>
action_region: <% $.region %>
\ No newline at end of file
action_region: <% $.region %>
force_sync_project:
type: direct
description: Synchronizes a given projects with the credentials passed by parameter
input:
- project
- credentials
- rgw_access_key
- rgw_secret_key
- region: "cern"
tasks:
retrieve_keys_from_radosgw_before:
description: 'Retrieves the keys stored in radosgw'
action: radosgw.user_get
input:
uid: <% $.project.id %>
rgw_access: <% $.rgw_access_key %>
rgw_secret: <% $.rgw_secret_key %>
action_region: <% $.region %>
publish:
radosgw_keys_before: <% task(retrieve_keys_from_radosgw_before).result.keys %>
on-success:
- remove_keys_from_radosgw
remove_keys_from_radosgw:
description: Removes the key from radosgw
with-items: key in <% $.radosgw_keys_before %>
concurrency: 1
action: radosgw.user_key_remove
input:
uid: <% $.project.id %>
access_key: <% $.key.access_key %>
rgw_access: <% $.rgw_access_key %>
rgw_secret: <% $.rgw_secret_key %>
action_region: <% $.region %>
on-success:
- add_keys_to_radosgw
add_keys_to_radosgw:
description: Adds the key into radosgw
with-items: key in <% $.credentials %>
concurrency: 1
action: radosgw.user_key_create
input:
uid: <% $.project.id %>
access_key: <% $.key.access_key %>
secret_key: <% $.key.secret_key %>
rgw_access: <% $.rgw_access_key %>
rgw_secret: <% $.rgw_secret_key %>
action_region: <% $.region %>
retrieve_keys_from_radosgw_after:
description: 'Retrieves the keys stored in radosgw'
action: radosgw.user_get
input:
uid: <% $.project.id %>
rgw_access: <% $.rgw_access_key %>
rgw_secret: <% $.rgw_secret_key %>
action_region: <% $.region %>
publish:
radosgw_keys_after: <% task(retrieve_keys_from_radosgw_after).result.keys %>
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment