129 lines
5.3 KiB
Diff
129 lines
5.3 KiB
Diff
From 20915c0f10c6b2089189584b7971f2594cd7ed56 Mon Sep 17 00:00:00 2001
|
|
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
|
Date: Wed, 9 Jun 2021 11:13:05 +0200
|
|
Subject: [PATCH 1/2] gcp-vpc-move-route: add serviceaccount JSON file support
|
|
|
|
---
|
|
heartbeat/gcp-vpc-move-route.in | 30 +++++++++++++++++++++++++++++-
|
|
1 file changed, 29 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/heartbeat/gcp-vpc-move-route.in b/heartbeat/gcp-vpc-move-route.in
|
|
index fd2d2ec59..dac6e4ea8 100644
|
|
--- a/heartbeat/gcp-vpc-move-route.in
|
|
+++ b/heartbeat/gcp-vpc-move-route.in
|
|
@@ -47,6 +47,10 @@ from ocf import *
|
|
try:
|
|
import googleapiclient.discovery
|
|
import pyroute2
|
|
+ try:
|
|
+ from google.oauth2.service_account import Credentials as ServiceAccountCredentials
|
|
+ except ImportError:
|
|
+ from oauth2client.service_account import ServiceAccountCredentials
|
|
except ImportError:
|
|
pass
|
|
|
|
@@ -132,6 +136,12 @@ Route name
|
|
<content type="string" default="ra-%s" />
|
|
</parameter>
|
|
|
|
+<parameter name="serviceaccount">
|
|
+<longdesc lang="en">Path to Service account JSON file</longdesc>
|
|
+<shortdesc lang="en">Service account JSONfile</shortdesc>
|
|
+<content type="string" default="" />
|
|
+</parameter>
|
|
+
|
|
<parameter name="stackdriver_logging" unique="0" required="0">
|
|
<longdesc lang="en">If enabled (set to true), IP failover logs will be posted to stackdriver logging</longdesc>
|
|
<shortdesc lang="en">Stackdriver-logging support</shortdesc>
|
|
@@ -212,7 +222,25 @@ def validate(ctx):
|
|
sys.exit(OCF_ERR_PERM)
|
|
|
|
try:
|
|
- ctx.conn = googleapiclient.discovery.build('compute', 'v1')
|
|
+ serviceaccount = os.environ.get("OCF_RESKEY_serviceaccount")
|
|
+ if not serviceaccount:
|
|
+ try:
|
|
+ from googleapiclient import _auth
|
|
+ credentials = _auth.default_credentials();
|
|
+ except:
|
|
+ credentials = GoogleCredentials.get_application_default()
|
|
+ logging.debug("using application default credentials")
|
|
+ else:
|
|
+ scope = ['https://www.googleapis.com/auth/cloud-platform']
|
|
+ logging.debug("using credentials from service account")
|
|
+ try:
|
|
+ credentials = ServiceAccountCredentials.from_service_account_file(filename=serviceaccount, scopes=scope)
|
|
+ except AttributeError:
|
|
+ credentials = ServiceAccountCredentials.from_json_keyfile_name(serviceaccount, scope)
|
|
+ except Exception as e:
|
|
+ logging.error(str(e))
|
|
+ sys.exit(OCF_ERR_GENERIC)
|
|
+ ctx.conn = googleapiclient.discovery.build('compute', 'v1', credentials=credentials, cache_discovery=False)
|
|
except Exception as e:
|
|
logger.error('Couldn\'t connect with google api: ' + str(e))
|
|
sys.exit(OCF_ERR_CONFIGURED)
|
|
|
|
From 28e0d428db1fdd9d5270a2916bb9b0064115c11c Mon Sep 17 00:00:00 2001
|
|
From: Oyvind Albrigtsen <oalbrigt@redhat.com>
|
|
Date: Wed, 9 Jun 2021 11:22:09 +0200
|
|
Subject: [PATCH 2/2] gcp-vpc-move-vip: add serviceaccount JSON file support
|
|
|
|
---
|
|
heartbeat/gcp-vpc-move-vip.in | 28 ++++++++++++++++++++++++++++
|
|
1 file changed, 28 insertions(+)
|
|
|
|
diff --git a/heartbeat/gcp-vpc-move-vip.in b/heartbeat/gcp-vpc-move-vip.in
|
|
index c41155511..7e9d61f55 100755
|
|
--- a/heartbeat/gcp-vpc-move-vip.in
|
|
+++ b/heartbeat/gcp-vpc-move-vip.in
|
|
@@ -30,6 +30,10 @@ from ocf import *
|
|
|
|
try:
|
|
import googleapiclient.discovery
|
|
+ try:
|
|
+ from google.oauth2.service_account import Credentials as ServiceAccountCredentials
|
|
+ except ImportError:
|
|
+ from oauth2client.service_account import ServiceAccountCredentials
|
|
except ImportError:
|
|
pass
|
|
|
|
@@ -87,6 +91,11 @@ METADATA = \
|
|
<shortdesc lang="en">Project ID</shortdesc>
|
|
<content type="string" default="default" />
|
|
</parameter>
|
|
+ <parameter name="serviceaccount">
|
|
+ <longdesc lang="en">Path to Service account JSON file</longdesc>
|
|
+ <shortdesc lang="en">Service account JSONfile</shortdesc>
|
|
+ <content type="string" default="" />
|
|
+ </parameter>
|
|
<parameter name="stackdriver_logging" unique="0" required="0">
|
|
<longdesc lang="en">If enabled (set to true), IP failover logs will be posted to stackdriver logging</longdesc>
|
|
<shortdesc lang="en">Stackdriver-logging support</shortdesc>
|
|
@@ -136,7 +145,26 @@ def get_metadata(metadata_key, params=None, timeout=None):
|
|
def create_api_connection():
|
|
for i in range(MAX_RETRIES):
|
|
try:
|
|
+ serviceaccount = os.environ.get("OCF_RESKEY_serviceaccount")
|
|
+ if not serviceaccount:
|
|
+ try:
|
|
+ from googleapiclient import _auth
|
|
+ credentials = _auth.default_credentials();
|
|
+ except:
|
|
+ credentials = GoogleCredentials.get_application_default()
|
|
+ logging.debug("using application default credentials")
|
|
+ else:
|
|
+ scope = ['https://www.googleapis.com/auth/cloud-platform']
|
|
+ logging.debug("using credentials from service account")
|
|
+ try:
|
|
+ credentials = ServiceAccountCredentials.from_service_account_file(filename=serviceaccount, scopes=scope)
|
|
+ except AttributeError:
|
|
+ credentials = ServiceAccountCredentials.from_json_keyfile_name(serviceaccount, scope)
|
|
+ except Exception as e:
|
|
+ logging.error(str(e))
|
|
+ sys.exit(OCF_ERR_GENERIC)
|
|
return googleapiclient.discovery.build('compute', 'v1',
|
|
+ credentials=credentials,
|
|
cache_discovery=False)
|
|
except Exception as e:
|
|
logger.error('Couldn\'t connect with google api: ' + str(e))
|