Authentication only via config file?

Question

I am looking into the python shade module in order to automate some tasks using our OpenStack installation.

This page instructs:

Create a configuration file to store your user name, password, project_name in ~/.config/openstack/clouds.yml.

I had a close look; but I couldn't find any information how to provide credentials in a different way; for example as parameters to some objects that I could create within python code.

Long story short: is that even possible? Or does this requirement immediately force me "off shade"; and to use the OpenStack python sdk instead?

Answer 1

I am not a python expert, but after some searching how "other" openclient modules do it; maybe the following could work (example code from your link; just a bit of enhancement):

from shade import *

auth_data = {
# URL to the Keystone API endpoint.
  'auth_url': 'url',
# User credentials.
'user_domain_name': ...
}

to later do this:

cloud = openstack_cloud(cloud='your-cloud', **auth_data)

Answer 2

From what I understand this puts whatever keys, passwords or security sensitive files in a your yml file that we use with Travis.yml and that stays in the local directory and gets added to the git ignore.

That being said this was using python and twitter api function, I'm pretty sure it uses or references a program called tweepy.

It was very helpful for us and sounded like it might be close for you.

Let me know if this helps.

with open("secrets.yml") as f:
    content = f.read()
# from secrets.yml import CONSUMER_KEY, CONSUMER_SECRET, ACCESS_TOKEN, ACCESS_SECRET
secret = yaml.load(content)
##################################################################################################
# authorize tweepy with CONSUMER_KEY and CONSUMER_SECRET
auth = tweepy.OAuthHandler(secret["CONSUMER_KEY"], secret["CONSUMER_SECRET"])
auth.secure = True
# read in ACCESS_TOKEN and ACCESS_SECRET variables to tweepy
auth.set_access_token(secret["ACCESS_TOKEN"], secret["ACCESS_SECRET"])