Render paste ini properly and other fixes
Liam Young
parent
653329d5bb
commit
0c6bb990c9
|
|
@ -13,15 +13,16 @@ openstack-services:
|
|||
branch: lp:~openstack-charmers/charms/trusty/rabbitmq-server/next
|
||||
constraints: mem=1G
|
||||
keystone:
|
||||
branch: lp:~openstack-charmers/charms/trusty/keystone/next
|
||||
branch: lp:~gnuoy/charms/trusty/keystone/secret-store
|
||||
constraints: mem=1G
|
||||
options:
|
||||
admin-password: openstack
|
||||
admin-token: ubuntutesting
|
||||
openstack-origin: cloud:trusty-kilo
|
||||
barbican:
|
||||
charm: barbican
|
||||
options:
|
||||
openstack-origin: cloud:trusty-liberty
|
||||
openstack-origin: cloud:trusty-kilo
|
||||
relations:
|
||||
- [ keystone, mysql ]
|
||||
- [ barbican, mysql ]
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
from openstack.adapters import OpenStackRelationAdapters
|
||||
from openstack.adapters import OpenStackRelationAdapters, ConfigurationAdapter
|
||||
from openstack.ip import canonical_url, PUBLIC, INTERNAL, ADMIN
|
||||
from charmhelpers.contrib.openstack.utils import (
|
||||
configure_installation_source,
|
||||
|
|
@ -41,7 +41,33 @@ class BarbicanAdapters(OpenStackRelationAdapters):
|
|||
"""
|
||||
Adapters class for the Barbican charm.
|
||||
"""
|
||||
pass
|
||||
def __init__(self, relations):
|
||||
super(BarbicanAdapters, self).__init__(relations, options=BarbicanConfigurationAdapter)
|
||||
|
||||
|
||||
class BarbicanConfigurationAdapter(ConfigurationAdapter):
|
||||
|
||||
def __init__(self):
|
||||
super(BarbicanConfigurationAdapter, self).__init__()
|
||||
if config('keystone-api-version') not in ['2', '3', 'none']:
|
||||
raise ValueError('Unsupported keystone-api-version (%s). Should'
|
||||
'be 2 or 3' % (config('keystone-api-version')))
|
||||
|
||||
@property
|
||||
def barbican_api_keystone_pipeline(self):
|
||||
if config('keystone-api-version') == "2":
|
||||
return 'keystone_authtoken context apiapp'
|
||||
else:
|
||||
return 'keystone_v3_authtoken context apiapp'
|
||||
|
||||
@property
|
||||
def barbican_api_pipeline(self):
|
||||
if config('keystone-api-version') == "2":
|
||||
return "keystone_authtoken context apiapp"
|
||||
elif config('keystone-api-version') == "3":
|
||||
return "keystone_v3_authtoken context apiapp"
|
||||
elif config('keystone-api-version') == "none":
|
||||
return "unauthenticated-context apiapp"
|
||||
|
||||
|
||||
def api_port(service):
|
||||
|
|
@ -80,7 +106,7 @@ def setup_endpoint(keystone):
|
|||
internal_url = '{}:{}'.format(canonical_url(CONFIGS, INTERNAL),
|
||||
api_port('barbican-internal-api')
|
||||
)
|
||||
keystone.register_endpoints('keystore', config('region'), public_url,
|
||||
keystone.register_endpoints('secretstore', config('region'), public_url,
|
||||
internal_url, admin_url)
|
||||
|
||||
@when('shared-db.available')
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ pipeline = versionapp
|
|||
[pipeline:barbican_api]
|
||||
####pipeline = simple apiapp
|
||||
#pipeline = keystone_authtoken context apiapp
|
||||
pipeline = {{ barbican_api_pipeline }}
|
||||
pipeline = {{ options.barbican_api_pipeline }}
|
||||
|
||||
#Use this pipeline to activate a repoze.profile middleware and HTTP port,
|
||||
# to provide profiling information for the REST API processing.
|
||||
|
|
@ -21,7 +21,7 @@ pipeline = unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions prof
|
|||
#Use this pipeline for keystone auth
|
||||
[pipeline:barbican-api-keystone]
|
||||
#pipeline = keystone_authtoken context apiapp
|
||||
pipeline = {{ barbican_api_keystone_pipeline }}
|
||||
pipeline = {{ options.barbican_api_keystone_pipeline }}
|
||||
|
||||
[app:apiapp]
|
||||
paste.app_factory = barbican.api.app:create_main_app
|
||||
|
|
@ -41,13 +41,13 @@ paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory
|
|||
[filter:keystone_authtoken]
|
||||
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
|
||||
signing_dir = /var/lib/barbican/keystone-signing
|
||||
auth_host = {{ auth_host }}
|
||||
auth_host = {{ identity_service.auth_host }}
|
||||
#need ability to re-auth a token, thus admin url
|
||||
auth_port = {{ auth_port }}
|
||||
auth_protocol = {{ auth_protocol }}
|
||||
admin_tenant_name = {{ admin_tenant_name }}
|
||||
admin_user = {{ admin_user }}
|
||||
admin_password = {{ admin_password }}
|
||||
auth_port = {{ identity_service.auth_port }}
|
||||
auth_protocol = {{ identity_service.auth_protocol }}
|
||||
admin_tenant_name = {{ identity_service.service_tenant }}
|
||||
admin_user = {{ identity_service.service_username }}
|
||||
admin_password = {{ identity_service.service_password }}
|
||||
auth_version = v2.0
|
||||
#delay failing perhaps to log the unauthorized request in barbican ..
|
||||
#delay_auth_decision = true
|
||||
|
|
@ -55,13 +55,13 @@ auth_version = v2.0
|
|||
[filter:keystone_v3_authtoken]
|
||||
paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
|
||||
signing_dir = /var/lib/barbican/keystone-signing
|
||||
auth_host = {{ auth_host }}
|
||||
auth_host = {{ identity_service.auth_host }}
|
||||
#need ability to re-auth a token, thus admin url
|
||||
auth_port = {{ auth_port }}
|
||||
auth_protocol = {{ auth_protocol }}
|
||||
admin_tenant_name = {{ admin_tenant_name }}
|
||||
admin_user = {{ admin_user }}
|
||||
admin_password = {{ admin_password }}
|
||||
auth_port = {{ identity_service.auth_port }}
|
||||
auth_protocol = {{ identity_service.auth_protocol }}
|
||||
admin_tenant_name = {{ identity_service.service_tenant }}
|
||||
admin_user = {{ identity_service.service_username }}
|
||||
admin_password = {{ identity_service.service_password }}
|
||||
auth_version = v3.0
|
||||
#delay failing perhaps to log the unauthorized request in barbican ..
|
||||
#delay_auth_decision = true
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -ex
|
||||
|
||||
# Create demo/testing users, tenants and flavor
|
||||
openstack project create demo
|
||||
openstack user create --project demo --password pass --email demo@dev.null demo
|
||||
openstack role add --user demo --project demo Member
|
||||
openstack project create alt_demo
|
||||
openstack user create --project alt_demo --password secret --email demo@dev.null alt_demo
|
||||
openstack role add --user alt_demo --project alt_demo Member
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
export OS_REGION_NAME=RegionOne
|
||||
export OS_USER_DOMAIN_ID=Default
|
||||
export OS_PROJECT_NAME=admin
|
||||
export OS_PASSWORD=openstack
|
||||
export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://`juju-deployer -f keystone`:5000/v3
|
||||
export OS_USERNAME=admin
|
||||
export OS_TENANT_NAME=admin
|
||||
export OS_PROJECT_DOMAIN_NAME=Default
|
||||
Loading…
Reference in New Issue