Issue #342: Allow (declaratively?) configurable extra data - ipsilon

ipsilon

#342 Allow (declaratively?) configurable extra data

Opened 24 days ago by nphilipp. Modified 24 days ago

Right now, we have a custom infofas.py in https://pagure.io/fedora-infra/ansible which implements just this:

--- ipsilon/info/infofas.py 2020-08-25 15:18:14.576365008 +0200
+++ /home/nils/src/fedora-infra/ansible/roles/ipsilon/files/infofas.py  2020-02-29 19:47:01.911344737 +0100
@@ -37,6 +37,24 @@

 fas_mapper = Policy(fas_mapping)

+aws_idp_arn = 'arn:aws:iam::125523088429:saml-provider/id.fedoraproject.org'
+aws_groups = {
+    'aws-master': 'arn:aws:iam::125523088429:role/aws-master',
+    'aws-iam': 'arn:aws:iam::125523088429:role/aws-iam',
+    'aws-billing': 'arn:aws:iam::125523088429:role/aws-billing',
+    'aws-atomic': 'arn:aws:iam::125523088429:role/aws-atomic',
+    'aws-s3-readonly': 'arn:aws:iam::125523088429:role/aws-s3-readonly',
+    'aws-fedoramirror': 'arn:aws:iam::125523088429:role/aws-fedoramirror',
+    'aws-s3': 'arn:aws:iam::125523088429:role/aws-s3',
+    'aws-cloud-poc': 'arn:aws:iam::125523088429:role/aws-cloud-poc',
+    'aws-infra': 'arn:aws:iam::125523088429:role/aws-infra',
+    'aws-docs': 'arn:aws:iam::125523088429:role/aws-docs',
+    'aws-copr': 'arn:aws:iam::125523088429:role/aws-copr',
+    'aws-centos': 'arn:aws:iam::125523088429:role/aws-centos',
+    'aws-min': 'arn:aws:iam::125523088429:role/aws-min',
+    'aws-fedora-ci': 'arn:aws:iam::125523088429:role/aws-fedora-ci',
+}
+

 def fas_make_userdata(fas_data):
     userdata, fas_extra = fas_mapper.map_attributes(fas_data)
@@ -60,6 +78,12 @@
         else:
             userdata['_groups'].append(group['name'])

+    userdata['_extras']['awsroles'] = []
+    for group in userdata['_groups']:
+        if group in aws_groups:
+            userdata['_extras']['awsroles'].append(
+                '%s,%s' % (aws_idp_arn, aws_groups[group]))
+
     return userdata

We should find a way to make these customizations configurable rather than replacing source code files wholesale.

simo commented 24 days ago

Sounds like it would be really easy to provide a json config file to be read by fas_make_userdata, if you propose a patch I'll review

Metadata Update from @simo:
- Custom field component adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None

24 days ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

rhbz

None

design_link

None

type

None

component

None

version

None

sensitive

None

patch_available

None

ipsilon

Source Code

#342 Allow (declaratively?) configurable extra data Opened 24 days ago by nphilipp. Modified 24 days ago

Close issue as:

Metadata

#342 Allow (declaratively?) configurable extra data

Opened 24 days ago by nphilipp. Modified 24 days ago