Blame SOURCES/bz1732766-fence_aliyun-1-add-RAM-role.patch

21d5fd
From 31548d184c977521dad5e6320c7a74ed732c19bb Mon Sep 17 00:00:00 2001
21d5fd
From: dongchen126 <51401223+dongchen126@users.noreply.github.com>
21d5fd
Date: Thu, 11 Jul 2019 14:05:58 +0800
21d5fd
Subject: [PATCH 1/4] Update fence_aliyun.py
21d5fd
21d5fd
1.Import region provider to enable Alibaba cloud private zone functionality which support  API endpoint access from intranet
21d5fd
2.Add ram role functionality to improve security which disable AccessKey ID and Access Key Secret
21d5fd
---
21d5fd
 agents/aliyun/fence_aliyun.py | 28 +++++++++++++++++++++-------
21d5fd
 1 file changed, 21 insertions(+), 7 deletions(-)
21d5fd
21d5fd
diff --git a/agents/aliyun/fence_aliyun.py b/agents/aliyun/fence_aliyun.py
21d5fd
index d780e2ab..aea1ea8f 100644
21d5fd
--- a/agents/aliyun/fence_aliyun.py
21d5fd
+++ b/agents/aliyun/fence_aliyun.py
21d5fd
@@ -15,6 +15,7 @@
21d5fd
 	from aliyunsdkecs.request.v20140526.StartInstanceRequest import StartInstanceRequest
21d5fd
 	from aliyunsdkecs.request.v20140526.StopInstanceRequest import StopInstanceRequest
21d5fd
 	from aliyunsdkecs.request.v20140526.RebootInstanceRequest import RebootInstanceRequest
21d5fd
+	from aliyunsdkcore.profile import region_provider
21d5fd
 except ImportError:
21d5fd
 	pass
21d5fd
 
21d5fd
@@ -121,12 +122,20 @@ def define_new_opts():
21d5fd
 		"required" : "0",
21d5fd
 		"order" : 4
21d5fd
 	}
21d5fd
+	all_opt["ram_role"] = {
21d5fd
+		"getopt": "m:",
21d5fd
+		"longopt": "ram-role",
21d5fd
+		"help": "-m, --ram-role=[name]        Ram Role",
21d5fd
+		"shortdesc": "Ram Role.",
21d5fd
+		"required": "0",
21d5fd
+		"order": 5
21d5fd
+	}
21d5fd
 
21d5fd
 # Main agent method
21d5fd
 def main():
21d5fd
 	conn = None
21d5fd
 
21d5fd
-	device_opt = ["port", "no_password", "region", "access_key", "secret_key"]
21d5fd
+	device_opt = ["port", "no_password", "region", "access_key", "secret_key", "ram_role"]
21d5fd
 
21d5fd
 	atexit.register(atexit_handler)
21d5fd
 
21d5fd
@@ -144,13 +153,18 @@ def main():
21d5fd
 
21d5fd
 	run_delay(options)
21d5fd
 
21d5fd
-	if "--region" in options and "--access-key" in options and "--secret-key" in options:  
21d5fd
+	if "--region" in options:
21d5fd
 		region = options["--region"]
21d5fd
-		access_key = options["--access-key"]
21d5fd
-		secret_key = options["--secret-key"]
21d5fd
-		conn = client.AcsClient(access_key, secret_key, region)
21d5fd
-
21d5fd
-
21d5fd
+		if "--access-key" in options and "--secret-key" in options:
21d5fd
+			access_key = options["--access-key"]
21d5fd
+			secret_key = options["--secret-key"]
21d5fd
+			conn = client.AcsClient(access_key, secret_key, region)
21d5fd
+		elif "--ram-role" in options:
21d5fd
+			ram_role = options["--ram-role"]
21d5fd
+			role = EcsRamRoleCredential(ram_role)
21d5fd
+			conn = client.AcsClient(region_id=region, credential=role)
21d5fd
+		region_provider.modify_point('Ecs', region, 'ecs.%s.aliyuncs.com' % region)
21d5fd
+		
21d5fd
 	# Operate the fencing device
21d5fd
 	result = fence_action(conn, options, set_power_status, get_power_status, get_nodes_list)
21d5fd
 	sys.exit(result)
21d5fd
21d5fd
From 285d29d398bbf8f87da7acfde3f89f83b32fa586 Mon Sep 17 00:00:00 2001
21d5fd
From: chen dong <51401223+dongchen126@users.noreply.github.com>
21d5fd
Date: Thu, 11 Jul 2019 15:30:10 +0800
21d5fd
Subject: [PATCH 2/4] Update fence_aliyun.xml
21d5fd
21d5fd
Add ram role for security
21d5fd
Add region provider for private zone functionality
21d5fd
---
21d5fd
 tests/data/metadata/fence_aliyun.xml | 5 +++++
21d5fd
 1 file changed, 5 insertions(+)
21d5fd
21d5fd
diff --git a/tests/data/metadata/fence_aliyun.xml b/tests/data/metadata/fence_aliyun.xml
21d5fd
index b41d82bf..eecd6f4e 100644
21d5fd
--- a/tests/data/metadata/fence_aliyun.xml
21d5fd
+++ b/tests/data/metadata/fence_aliyun.xml
21d5fd
@@ -33,6 +33,11 @@
21d5fd
 		<content type="string"  />
21d5fd
 		<shortdesc lang="en">Secret Key.</shortdesc>
21d5fd
 	</parameter>
21d5fd
+	<parameter name="ram_role" unique="0" required="0">
21d5fd
+		<getopt mixed="-m, --ram-role=[name]" />
21d5fd
+		<content type="string"  />
21d5fd
+		<shortdesc lang="en">Ram Role.</shortdesc>
21d5fd
+	</parameter>
21d5fd
 	<parameter name="quiet" unique="0" required="0">
21d5fd
 		<getopt mixed="-q, --quiet" />
21d5fd
 		<content type="boolean"  />
21d5fd
21d5fd
From d4de57fdb94eeee483988584086c5690c8967f76 Mon Sep 17 00:00:00 2001
21d5fd
From: chen dong <51401223+dongchen126@users.noreply.github.com>
21d5fd
Date: Wed, 24 Jul 2019 17:23:48 +0800
21d5fd
Subject: [PATCH 3/4] Update fence_aliyun.py
21d5fd
MIME-Version: 1.0
21d5fd
Content-Type: text/plain; charset=UTF-8
21d5fd
Content-Transfer-Encoding: 8bit
21d5fd
21d5fd
delet paramater “m”
21d5fd
---
21d5fd
 agents/aliyun/fence_aliyun.py | 4 ++--
21d5fd
 1 file changed, 2 insertions(+), 2 deletions(-)
21d5fd
21d5fd
diff --git a/agents/aliyun/fence_aliyun.py b/agents/aliyun/fence_aliyun.py
21d5fd
index aea1ea8f..3bc825fe 100644
21d5fd
--- a/agents/aliyun/fence_aliyun.py
21d5fd
+++ b/agents/aliyun/fence_aliyun.py
21d5fd
@@ -123,9 +123,9 @@ def define_new_opts():
21d5fd
 		"order" : 4
21d5fd
 	}
21d5fd
 	all_opt["ram_role"] = {
21d5fd
-		"getopt": "m:",
21d5fd
+		"getopt": ":",
21d5fd
 		"longopt": "ram-role",
21d5fd
-		"help": "-m, --ram-role=[name]        Ram Role",
21d5fd
+		"help": "--ram-role=[name]        Ram Role",
21d5fd
 		"shortdesc": "Ram Role.",
21d5fd
 		"required": "0",
21d5fd
 		"order": 5
21d5fd
21d5fd
From 367c17ef4f44b6cce2d10f0a220b55b02d0d631e Mon Sep 17 00:00:00 2001
21d5fd
From: chen dong <51401223+dongchen126@users.noreply.github.com>
21d5fd
Date: Wed, 24 Jul 2019 17:25:39 +0800
21d5fd
Subject: [PATCH 4/4] Update fence_aliyun.xml
21d5fd
21d5fd
delete "m" parameter
21d5fd
---
21d5fd
 tests/data/metadata/fence_aliyun.xml | 2 +-
21d5fd
 1 file changed, 1 insertion(+), 1 deletion(-)
21d5fd
21d5fd
diff --git a/tests/data/metadata/fence_aliyun.xml b/tests/data/metadata/fence_aliyun.xml
21d5fd
index eecd6f4e..2de3a8aa 100644
21d5fd
--- a/tests/data/metadata/fence_aliyun.xml
21d5fd
+++ b/tests/data/metadata/fence_aliyun.xml
21d5fd
@@ -34,7 +34,7 @@
21d5fd
 		<shortdesc lang="en">Secret Key.</shortdesc>
21d5fd
 	</parameter>
21d5fd
 	<parameter name="ram_role" unique="0" required="0">
21d5fd
-		<getopt mixed="-m, --ram-role=[name]" />
21d5fd
+		<getopt mixed="--ram-role=[name]" />
21d5fd
 		<content type="string"  />
21d5fd
 		<shortdesc lang="en">Ram Role.</shortdesc>
21d5fd
 	</parameter>