Render paste ini properly and other fixes

2015-12-11 13:43:03 +00:00 · 2015-12-11 13:43:03 +00:00 · 0c6bb990c9
commit 0c6bb990c9
parent 653329d5bb
6 changed files with 66 additions and 20 deletions
--- a/barbican.yaml
+++ b/barbican.yaml
@ -13,15 +13,16 @@ openstack-services:
      branch: lp:~openstack-charmers/charms/trusty/rabbitmq-server/next
      constraints: mem=1G
    keystone:
-      branch: lp:~openstack-charmers/charms/trusty/keystone/next
+      branch: lp:~gnuoy/charms/trusty/keystone/secret-store
      constraints: mem=1G
      options:
        admin-password: openstack
        admin-token: ubuntutesting
+        openstack-origin: cloud:trusty-kilo
    barbican:
      charm: barbican
      options:
-        openstack-origin: cloud:trusty-liberty
+        openstack-origin: cloud:trusty-kilo
  relations:
    - [ keystone, mysql ]
    - [ barbican, mysql ]
--- a/barbican/reactive/barbican.py
+++ b/barbican/reactive/barbican.py
@ -1,4 +1,4 @@
-from openstack.adapters import OpenStackRelationAdapters
+from openstack.adapters import OpenStackRelationAdapters, ConfigurationAdapter
 from openstack.ip import canonical_url, PUBLIC, INTERNAL, ADMIN
 from charmhelpers.contrib.openstack.utils import (
    configure_installation_source,
@ -41,7 +41,33 @@ class BarbicanAdapters(OpenStackRelationAdapters):
    """
    Adapters class for the Barbican charm.
    """
-    pass
+    def __init__(self, relations):
+        super(BarbicanAdapters, self).__init__(relations, options=BarbicanConfigurationAdapter)
+
+
+class BarbicanConfigurationAdapter(ConfigurationAdapter):
+
+    def __init__(self):
+        super(BarbicanConfigurationAdapter, self).__init__()
+        if config('keystone-api-version') not in ['2', '3', 'none']:
+            raise ValueError('Unsupported keystone-api-version (%s). Should'
+                             'be 2 or 3' % (config('keystone-api-version')))
+        
+    @property
+    def barbican_api_keystone_pipeline(self):
+        if config('keystone-api-version') == "2":
+            return 'keystone_authtoken context apiapp'
+        else:
+            return 'keystone_v3_authtoken context apiapp'
+
+    @property
+    def barbican_api_pipeline(self):
+        if config('keystone-api-version') == "2":
+            return "keystone_authtoken context apiapp"
+        elif config('keystone-api-version') == "3":
+            return "keystone_v3_authtoken context apiapp"
+        elif config('keystone-api-version') == "none":
+            return "unauthenticated-context apiapp"


 def api_port(service):
@ -80,7 +106,7 @@ def setup_endpoint(keystone):
    internal_url = '{}:{}'.format(canonical_url(CONFIGS, INTERNAL),
                                  api_port('barbican-internal-api')
                                  )
-    keystone.register_endpoints('keystore', config('region'), public_url,
+    keystone.register_endpoints('secretstore', config('region'), public_url,
                                internal_url, admin_url)

@when('shared-db.available')
--- a/barbican/templates/juno/barbican-api-paste.ini
+++ b/barbican/templates/juno/barbican-api-paste.ini
@ -11,7 +11,7 @@ pipeline = versionapp
 [pipeline:barbican_api]
 ####pipeline = simple apiapp
 #pipeline = keystone_authtoken context apiapp
-pipeline = {{ barbican_api_pipeline }}
+pipeline = {{ options.barbican_api_pipeline }}

 #Use this pipeline to activate a repoze.profile middleware and HTTP port,
 #  to provide profiling information for the REST API processing.
@ -21,7 +21,7 @@ pipeline = unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions prof
 #Use this pipeline for keystone auth
 [pipeline:barbican-api-keystone]
 #pipeline = keystone_authtoken context apiapp
-pipeline = {{ barbican_api_keystone_pipeline }}
+pipeline = {{ options.barbican_api_keystone_pipeline }}

 [app:apiapp]
 paste.app_factory = barbican.api.app:create_main_app
@ -41,13 +41,13 @@ paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory
 [filter:keystone_authtoken] 
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
 signing_dir = /var/lib/barbican/keystone-signing
-auth_host = {{ auth_host }}
+auth_host = {{ identity_service.auth_host }}
 #need ability to re-auth a token, thus admin url
-auth_port = {{ auth_port }} 
-auth_protocol = {{ auth_protocol }} 
-admin_tenant_name = {{ admin_tenant_name }} 
-admin_user = {{ admin_user }} 
-admin_password = {{ admin_password }} 
+auth_port = {{ identity_service.auth_port }} 
+auth_protocol = {{ identity_service.auth_protocol }} 
+admin_tenant_name = {{ identity_service.service_tenant }} 
+admin_user = {{ identity_service.service_username }} 
+admin_password = {{ identity_service.service_password }} 
 auth_version = v2.0 
 #delay failing perhaps to log the unauthorized request in barbican ..
 #delay_auth_decision = true
@ -55,13 +55,13 @@ auth_version = v2.0
 [filter:keystone_v3_authtoken] 
 paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
 signing_dir = /var/lib/barbican/keystone-signing
-auth_host = {{ auth_host }}
+auth_host = {{ identity_service.auth_host }}
 #need ability to re-auth a token, thus admin url
-auth_port = {{ auth_port }} 
-auth_protocol = {{ auth_protocol }} 
-admin_tenant_name = {{ admin_tenant_name }} 
-admin_user = {{ admin_user }} 
-admin_password = {{ admin_password }} 
+auth_port = {{ identity_service.auth_port }} 
+auth_protocol = {{ identity_service.auth_protocol }} 
+admin_tenant_name = {{ identity_service.service_tenant }} 
+admin_user = {{ identity_service.service_username }} 
+admin_password = {{ identity_service.service_password }} 
 auth_version = v3.0 
 #delay failing perhaps to log the unauthorized request in barbican ..
 #delay_auth_decision = true  
--- a/keystone_setup.sh
+++ b/keystone_setup.sh
@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -ex
+
+# Create demo/testing users, tenants and flavor
+openstack project create demo
+openstack user create --project demo --password pass --email demo@dev.null demo
+openstack role add --user demo --project demo Member
+openstack project create alt_demo
+openstack user create --project alt_demo --password secret --email demo@dev.null alt_demo
+openstack role add --user alt_demo --project alt_demo Member
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+export OS_REGION_NAME=RegionOne
+export OS_USER_DOMAIN_ID=Default
+export OS_PROJECT_NAME=admin
+export OS_PASSWORD=openstack
+export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://`juju-deployer -f keystone`:5000/v3
+export OS_USERNAME=admin
+export OS_TENANT_NAME=admin
+export OS_PROJECT_DOMAIN_NAME=Default
--- a/setup.sh
+++ b/setup.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 export http_proxy=http://squid.internal:3128                                                              
 export https_proxy=http://squid.internal:3128
-export JUJU_REPOSITORY=build
+export JUJU_REPOSITORY="$(pwd)/build"
 #export INTERFACE_PATH=interfaces
 export LAYER_PATH=layers
 rm -rf $JUJU_REPOSITORY