ipsilon

Clone
Source Code
GIT

#342 Allow (declaratively?) configurable extra data
Opened 11 months ago by nphilipp. Modified 11 months ago

Open
Close issue as:
Invalid Insufficient data Fixed Duplicate

Right now, we have a custom infofas.py in https://pagure.io/fedora-infra/ansible which implements just this:

--- ipsilon/info/infofas.py 2020-08-25 15:18:14.576365008 +0200
+++ /home/nils/src/fedora-infra/ansible/roles/ipsilon/files/infofas.py  2020-02-29 19:47:01.911344737 +0100
@@ -37,6 +37,24 @@

 fas_mapper = Policy(fas_mapping)

+aws_idp_arn = 'arn:aws:iam::125523088429:saml-provider/id.fedoraproject.org'
+aws_groups = {
+    'aws-master': 'arn:aws:iam::125523088429:role/aws-master',
+    'aws-iam': 'arn:aws:iam::125523088429:role/aws-iam',
+    'aws-billing': 'arn:aws:iam::125523088429:role/aws-billing',
+    'aws-atomic': 'arn:aws:iam::125523088429:role/aws-atomic',
+    'aws-s3-readonly': 'arn:aws:iam::125523088429:role/aws-s3-readonly',
+    'aws-fedoramirror': 'arn:aws:iam::125523088429:role/aws-fedoramirror',
+    'aws-s3': 'arn:aws:iam::125523088429:role/aws-s3',
+    'aws-cloud-poc': 'arn:aws:iam::125523088429:role/aws-cloud-poc',
+    'aws-infra': 'arn:aws:iam::125523088429:role/aws-infra',
+    'aws-docs': 'arn:aws:iam::125523088429:role/aws-docs',
+    'aws-copr': 'arn:aws:iam::125523088429:role/aws-copr',
+    'aws-centos': 'arn:aws:iam::125523088429:role/aws-centos',
+    'aws-min': 'arn:aws:iam::125523088429:role/aws-min',
+    'aws-fedora-ci': 'arn:aws:iam::125523088429:role/aws-fedora-ci',
+}
+

 def fas_make_userdata(fas_data):
     userdata, fas_extra = fas_mapper.map_attributes(fas_data)
@@ -60,6 +78,12 @@
         else:
             userdata['_groups'].append(group['name'])

+    userdata['_extras']['awsroles'] = []
+    for group in userdata['_groups']:
+        if group in aws_groups:
+            userdata['_extras']['awsroles'].append(
+                '%s,%s' % (aws_idp_arn, aws_groups[group]))
+
     return userdata

We should find a way to make these customizations configurable rather than replacing source code files wholesale.

Sounds like it would be really easy to provide a json config file to be read by fas_make_userdata, if you propose a patch I'll review

Metadata Update from @simo:
- Custom field component adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None
11 months ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.2
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.