Monthly Archives: April 2017

Uncategorized

Openstack instance tagging

Post Views: 1,046

Openstack instance tagging

Supporting 3 features / api in tagging an instance in Openstack copute :

a. DescribeTags

b. CreateTags

c. DeleteTags

Following tentative policies to be added in mapping.json :

“CreateTags”:
{
“action”: “arn:acs:compute:CreateTags”,
“resources”: [
{
“resource”: “arn:acs:compute::Resource”,
“resourcePath” : “params.ResourceId.N”,
“isResourceValueRequired”: “False”
}
]
},
“DeleteTags”:
{
“action”: “arn:acs:compute:DeleteTags”,
“resources”: [
{
“resource”: “arn:acs:compute::Resource”,
“resourcePath” : “params.ResourceId.N”,
“isResourceValueRequired”: “True”
}
]
},
“DescribeTags”:
{
“action”: “arn:acs:compute:DescribeTags”,
“resources”: [
{
“resource”: “arn:acs:compute::Resource”,
“resourcePath” : “params.ResourceId.N”,
“isResourceValueRequired”: “False”
}
]
},

Same mapping needs to be stored in IAM DB.

Note , here a new resource type Resource is added as compared to defaults like Images , Instances etc. so respective changes are required in IAM side .

Sample request and response:

curl -X GET -H “Accept-Encoding: identity” -H “User-Agent: curl/7.35.0” -H “Accept: application/json” -H “Content-Type: application/json; charset=UTF-8” “<url>/?SignatureVersion=2&AccessKeyId=877e3896ba4c4d1899d1b992e57dc5eb&ResourceId.1=i-93246fc1&Timestamp=2017-03-07T06:30:42Z&Tag.1.Value=MyCustomName&SignatureMethod=HmacSHA256&Version=2016-03-01&Tag.1.Key=name&Signature=uIbLYkfseWCB%2BLXSWCYckL/OciU2NH18t5h3jcwzac4%3D&Action=CreateTags
<CreateTagsResponse xmlns=”<url>/”>
  <requestId>req-f9bbbacd-d18d-47ec-bd3f-3afda68d52c0</requestId>
  <return>true</return>
</CreateTagsResponse>
curl -X GET -H “Accept-Encoding: identity” -H “User-Agent: curl/7.35.0” -H “Accept: application/json” -H “Content-Type: application/json; charset=UTF-8” “<url>/?SignatureVersion=2&AccessKeyId=877e3896ba4c4d1899d1b992e57dc5eb&Timestamp=2017-03-07T06:31:58Z&SignatureMethod=HmacSHA256&Version=2016-03-01&Signature=C8uIVRH4pluozqsAvuBRgVt7eBhYPc4pVe%2BuTJV31Wc%3D&Action=DescribeTags
<DescribeTagsResponse xmlns=”<url>”>
  <requestId>req-ca401a04-5f44-4515-9455-e68d0fff6e65</requestId>
  <tagSet>
    <item>
      <resourceType>instance</resourceType>
      <resourceId>i-93246fc1</resourceId>
      <value>MyCustomName</value>
      <key>name</key>
    </item>
    <item>
      <resourceType>image</resourceType>
      <resourceId>ami-b62aa3ce</resourceId>
      <value>MyCustomName</value>
      <key>name</key>
    </item>
    <item>
      <resourceType>image</resourceType>
      <resourceId>ami-b62aa8cd</resourceId>
      <value>MyCustomName</value>
      <key>name</key>
    </item>
    <item>
      <resourceType>image</resourceType>
      <resourceId>ami-b62aa8ce</resourceId>
      <value>MyCustomName</value>
      <key>name</key>
    </item>
  </tagSet>
</DescribeTagsResponse>
curl -X GET -H “Accept-Encoding: identity” -H “User-Agent: curl/7.35.0” -H “Accept: application/json” -H “Content-Type: application/json; charset=UTF-8” “<url>/?SignatureVersion=2&AccessKeyId=877e3896ba4c4d1899d1b992e57dc5eb&ResourceId.1=i-93246fc1&Timestamp=2017-03-07T06:33:10Z&SignatureMethod=HmacSHA256&Version=2016-03-01&Tag.1.key=name&Signature=Rmaq4f3E3XwNodvnhTUDlhmEOR7whcuLn4TdSh0ATNM%3D&Action=DeleteTags
<DeleteTagsResponse xmlns=”<url>”>
  <requestId>req-ecd0ea39-d27a-42c1-aed2-8acd50232db4</requestId>
  <return>true</return>
</DeleteTagsResponse>