summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSpyros Trigazis <spyridon.trigazis@cern.ch>2017-12-12 15:23:11 +0000
committerSpyros Trigazis <strigazi@gmail.com>2018-02-09 09:15:38 +0000
commit2d5efb2e4da8bfae03a9e550dfa325115cc4cd3b (patch)
tree49f9ccc3aac4545757b74b3c29d89c9d1451071c
parente3202b95e1f708a0db284e05f2b0f9a58127b65a (diff)
Make cluster-config rbac compatible for kubebernetes
The user admin needs to have system:master in the organization and needs to be named admin. Closes-Bug: #1689849 Change-Id: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
Notes
Notes (review): Code-Review+2: yatin <ykarel@redhat.com> Workflow+1: Spyros Trigazis (strigazi) <strigazi@gmail.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 09 Feb 2018 14:40:38 +0000 Reviewed-on: https://review.openstack.org/527428 Project: openstack/python-magnumclient Branch: refs/heads/master
-rw-r--r--magnumclient/common/utils.py16
1 files changed, 9 insertions, 7 deletions
diff --git a/magnumclient/common/utils.py b/magnumclient/common/utils.py
index e13d753..57ce02e 100644
--- a/magnumclient/common/utils.py
+++ b/magnumclient/common/utils.py
@@ -193,13 +193,13 @@ def _config_cluster_kubernetes(cluster, cluster_template,
193 "contexts:\n" 193 "contexts:\n"
194 "- context:\n" 194 "- context:\n"
195 " cluster: %(name)s\n" 195 " cluster: %(name)s\n"
196 " user: %(name)s\n" 196 " user: admin\n"
197 " name: %(name)s\n" 197 " name: default\n"
198 "current-context: %(name)s\n" 198 "current-context: default\n"
199 "kind: Config\n" 199 "kind: Config\n"
200 "preferences: {}\n" 200 "preferences: {}\n"
201 "users:\n" 201 "users:\n"
202 "- name: %(name)s\n" 202 "- name: admin\n"
203 " user:\n" 203 " user:\n"
204 " client-certificate: %(cfg_dir)s/cert.pem\n" 204 " client-certificate: %(cfg_dir)s/cert.pem\n"
205 " client-key: %(cfg_dir)s/key.pem\n" 205 " client-key: %(cfg_dir)s/key.pem\n"
@@ -249,9 +249,11 @@ def generate_csr_and_key():
249 key_size=2048, 249 key_size=2048,
250 backend=default_backend()) 250 backend=default_backend())
251 251
252 csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([ 252 csr = x509.CertificateSigningRequestBuilder().subject_name(
253 x509.NameAttribute(NameOID.COMMON_NAME, u"Magnum User"), 253 x509.Name([
254 ])).sign(key, hashes.SHA256(), default_backend()) 254 x509.NameAttribute(NameOID.COMMON_NAME, u"admin"),
255 x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"system:masters")
256 ])).sign(key, hashes.SHA256(), default_backend())
255 257
256 result = { 258 result = {
257 'csr': csr.public_bytes( 259 'csr': csr.public_bytes(