Pass temporary (not persisted) credentials when creating deployment

[machristie]

Add the ability to providing credentials when creating a deployment. Currently the cloudlaunch-cli can create a deployment only if the user has default credentials for the given target cloud stored on the CLoudLaunch server. This new capability will support use cases where it is simpler to not have persisted default credentials in CloudLaunch and also to support users who may be reluctant to store their credentials with CloudLaunch.

The credentials can be passed as

• environment variables
  • For AWS: AWS_ACCESS_KEY and AWS_SECRET_KEY
  • For OpenStack: OS_USERNAME, OS_PASSWORD, OS_PROJECT_NAME, OS_PROJECT_DOMAIN_NAME, and OS_USER_DOMAIN_NAME
  • For Azure: AZURE_SUBSCRIPTION_ID, AZURE_CLIENT_ID, AZURE_SECRET, AZURE_TENANT, AZURE_RESOURCE_GROUP, AZURE_STORAGE_ACCOUNT, AZURE_VM_DEFAULT_USERNAME
  • For Google Compute Engine: GCE_CREDENTIALS_JSON which can either be a file path or the entire JSON as a string
• the path to a JSON file with the credential properties, via a --credentials argument
  • For AWS this would be of the form

  {"aws_access_key": "",
   "aws_secret_key": ""}

  • For OpenStack this would be of the form

  {"os_username": "",
   "os_password": "",
   "os_project_name": "",
   "os_project_domain_name": "",
   "os_user_domain_name": ""}

  • For Azure this would be of the form

  {"azure_subscription_id": "",
   "azure_client_id": "",
   "azure_secret": "",
   "azure_tenant": "",
   "azure_resource_group": "",
   "azure_storage_account": "",
   "azure_vm_default_username": ""}

  • For GCE this would just be the JSON credentials file that is obtained from GCE

TODO

• AWS credentials via env vars and credentials file
• GCE credentials via env vars and credentials file
• openstack credentials via env vars and credentials file
• Azure credentials via env vars and credentials file
• cloudlaunch deployments delete
• Document env var names, dict keys
• finish unit tests

[machristie]

@afgane @nuwang when you have a moment can you review the description of this issue?

[nuwang]

@machristie I cross checked against the list here and this sounds right: https://github.com/galaxyproject/cloudlaunch/blob/dev/django-cloudlaunch/cloudlaunchserver/settings.py#L45

cl-os-identity-api-version is stored in the model, so I think it should be removed from settings.py

[machristie]

I was able to create a deployment with credentials passed in the request, but the problem I then run into is that I'm not able, in the UI, to delete that deployment. I think we'll need to add a delete deployment option to the command line.

[nuwang]

@machristie Not sure I follow - shouldn't it appear in the "My Appliances" list as usual and be deletable?

[nuwang]

Ok, I think I see the problem now. No credentials! Right, makes sense.

[machristie]

I've gone ahead and merged my in-progress work. I've finished creating abstractions for loading AWS, GCE, OpenStack and Azure credentials from the environment variables or a json file, as described in the issue description. Remaining todos are listed above.