openstack/barbican
Code Issues Proposed changes
02dc4cdb71
barbican/doc/source/setup/keystone.rst
Juan Antonio Osorio Robles 3b20d84312 Display all versions info in versions controller 
This patch enables the "versions controller" or "/" resource to display
information relevant to all the versions of the Barbican API (which is
only v1 at the moment). This is done in the same fashion Keystone
displays it, and it has the purpose of enabling more automatic discovery
as described in the blueprint.

Accessing the root resource with the "build" query parameter, such as:

    $ curl http://localhost:9311/?build

will display the build information.

On the other hand, this introduces the V1Controller, which is now the
root controller (which requires authentication) for Barbican.

Accessing the "/v1" resource will display the version information in the
way it's required by keystone.

The json-home implementation is left for a subsequent CR.

Partially implements blueprint fix-version-api
Change-Id: Ie7e706adcf1b5d74f64776b888a06638247b4e87
2015-06-18 05:21:10 +03:00

1.7 KiB
Raw Blame History

Using Keystone Middleware with Barbican

Prerequisites

To enable Keystone integration with Barbican you'll need a relatively current version of Keystone. If you don't have an instance of Keystone available, you can use one of the following ways to setup your own.

  1. Simple Dockerized Keystone
  2. Installing Keystone
  3. Devstack

Hooking up Barbican to Keystone

Assuming that you've already setup your Keystone instance, connecting Barbican to Keystone is quite simple. When completed, Barbican should require a valid X-Auth-Token to be provided with all API calls except the get version call.

  1. Turn off any active instances of Barbican

  2. Edit /etc/barbican/barbican-api-paste.ini

    1. Replace the barbican_api pipeline with an authenticated pipeline
    [pipeline:barbican_api]
pipeline = keystone_authtoken context apiapp_v1
    1. Replace keystone_authtoken filter values to match your Keystone setup
    [filter:keystone_authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
signing_dir = /tmp/barbican/cache
identity_uri = http://{YOUR_KEYSTONE_ENDPOINT}:35357
admin_tenant_name = service
admin_user = {YOUR_KEYSTONE_USERNAME}
admin_password = {YOUR_KEYSTONE_PASSWORD}
auth_version = v2.0

  3. Start Barbican {barbican_home}/bin/barbican.sh start