Skip to content

Commit

Permalink
feat(workflows): sensor and trigger to sync keystone to nautobot
Browse files Browse the repository at this point in the history
Added an EventSource listener for keystone notifications. Added a Sensor
to trigger a workflow to be run when projects are created, updated or
deleted in keystone. Added a workflow to execute the keystone sync
script on each of those triggers.
  • Loading branch information
cardoe committed Sep 4, 2024
1 parent 4301386 commit 44f9988
Show file tree
Hide file tree
Showing 8 changed files with 175 additions and 0 deletions.
1 change: 1 addition & 0 deletions .github/workflows/yamllint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ jobs:
argo-workflows/**/workflowtemplates/*.y*ml
argo-workflows/**/sensors/*.y*ml
argo-workflows/**/workflows/*.y*ml
apps/understack-workflows/workflowtemplates/wf-*.y*ml
shellcheck:
runs-on: ubuntu-latest
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,4 @@ resources:
- argo-rabbitmq.yaml
- eventbus-default.yaml
- openstack-event-source.yaml
- sensor-keystone-event-project.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,38 @@ spec:
password:
name: argo-user-credentials
key: password
---
apiVersion: argoproj.io/v1alpha1
kind: EventSource
metadata:
name: openstack-keystone
spec:
amqp:
notifications:
# amqp server url
url: amqp://rabbitmq-server-0.rabbitmq-nodes.openstack.svc.cluster.local:5672/keystone
routingKey: 'notifications.info'
# jsonBody specifies that all event body payload coming from this
# source will be JSON
jsonBody: true
# name of the exchange.
exchangeName: keystone
exchangeType: topic
exchangeDeclare:
durable: false
# optional consume settings
# if not provided, default values will be used
consume:
consumerTag: "argo-events"
autoAck: true
exclusive: false
noLocal: false
# username and password for authentication
# use secret selectors
auth:
username:
name: argo-user-credentials
key: username
password:
name: argo-user-credentials
key: password
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
---
apiVersion: argoproj.io/v1alpha1
kind: Sensor
metadata:
finalizers:
- sensor-controller
labels:
argocd.argoproj.io/instance: argo-events
name: keystone-event-project
namespace: argo-events
annotations:
workflows.argoproj.io/description: |
Defined in `apps/understack-workflows/sensors/sensor-keystone-event-project.yaml`
spec:
dependencies:
- eventName: notifications
eventSourceName: openstack-keystone
name: keystone-msg
transform:
jq: ".body[\"oslo.message\"] | fromjson"
filters:
dataLogicalOperator: "and"
data:
- path: "event_type"
type: "string"
value:
- "identity.project.created"
- "identity.project.updated"
- "identity.project.deleted"
template:
serviceAccountName: operate-workflow-sa
triggers:
- template:
name: keystone-event-project
argoWorkflow:
operation: submit
parameters:
- dest: spec.arguments.parameters.0.value
src:
dataKey: event_type
dependencyName: keystone-msg
- dest: spec.arguments.parameters.1.value
src:
dataKey: payload.target.id
dependencyName: keystone-msg
source:
resource:
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: keystone-event-project-
namespace: argo-events
spec:
arguments:
parameters:
- name: event_type
value: "replace by parameters section"
- name: project_uuid
value: "replaced by parameters section"
serviceAccountName: workflow
workflowTemplateRef:
name: keystone-event-project
1 change: 1 addition & 0 deletions apps/understack-workflows/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ kind: Kustomization

resources:
- eventsource-openstack
- workflowtemplates
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

# this is where our workflows currently run
namespace: argo-events

resources:
- openstack-svc-acct.yaml
- wf-keystone-event-project.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: openstack-svc-acct
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: openstack
target:
name: openstack-svc-acct
template:
engineVersion: v2
data:
clouds.yaml: |
clouds:
understack:
auth_url: http://keystone-api.openstack.svc.cluster.local:5000/v3
user_domain_name: {{ .user_domain }}
username: {{ .username }}
password: {{ .password }}
# this should switch to where we will be creating the ironic nodes
# in the future
project_domain_name: default
project_name: undercloud
dataFrom:
- extract:
key: svc-acct-argoworkflow
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
apiVersion: argoproj.io/v1alpha1
metadata:
name: keystone-event-project
annotations:
workflows.argoproj.io/description: |
Defined in `apps/understack-workflows/workflowtemplates/wf-keystone-event-project.yaml`
kind: WorkflowTemplate
spec:
serviceAccountName: workflow
entrypoint: sync-keystone
templates:
- name: sync-keystone
container:
image: ghcr.io/rackerlabs/understack/ironic-nautobot-client:latest
command:
- sync-keystone
args:
- "--only-domain"
- "default"
- "{{workflow.parameters.event_type}}"
- "{{workflow.parameters.project_uuid}}"
volumeMounts:
- mountPath: /etc/nb-token/
name: nb-token
readOnly: true
- mountPath: /etc/openstack
name: 'clouds.yaml'
readOnly: true
inputs:
parameters:
- name: project_uuid
volumes:
- name: nb-token
secret:
secretName: nautobot-token
- name: openstack-svc-acct
secret:
secretName: openstack-svc-acct

0 comments on commit 44f9988

Please sign in to comment.