From 0c6bb990c962e35b010c2ed9f6599e6e1ba7f081 Mon Sep 17 00:00:00 2001
From: Liam Young <liam.young@canonical.com>
Date: Fri, 11 Dec 2015 13:43:03 +0000
Subject: [PATCH] Render paste ini properly and other fixes

---
 barbican.yaml                                 |  5 +--
 barbican/reactive/barbican.py                 | 32 +++++++++++++++++--
 .../templates/juno/barbican-api-paste.ini     | 28 ++++++++--------
 keystone_setup.sh                             | 11 +++++++
 novarc                                        |  8 +++++
 setup.sh                                      |  2 +-
 6 files changed, 66 insertions(+), 20 deletions(-)
 create mode 100755 keystone_setup.sh
 create mode 100644 novarc

diff --git a/barbican.yaml b/barbican.yaml
index ccda4ec..aadeb64 100644
--- a/barbican.yaml
+++ b/barbican.yaml
@@ -13,15 +13,16 @@ openstack-services:
       branch: lp:~openstack-charmers/charms/trusty/rabbitmq-server/next
       constraints: mem=1G
     keystone:
-      branch: lp:~openstack-charmers/charms/trusty/keystone/next
+      branch: lp:~gnuoy/charms/trusty/keystone/secret-store
       constraints: mem=1G
       options:
         admin-password: openstack
         admin-token: ubuntutesting
+        openstack-origin: cloud:trusty-kilo
     barbican:
       charm: barbican
       options:
-        openstack-origin: cloud:trusty-liberty
+        openstack-origin: cloud:trusty-kilo
   relations:
     - [ keystone, mysql ]
     - [ barbican, mysql ]
diff --git a/barbican/reactive/barbican.py b/barbican/reactive/barbican.py
index b3c3bf1..6fe5276 100644
--- a/barbican/reactive/barbican.py
+++ b/barbican/reactive/barbican.py
@@ -1,4 +1,4 @@
-from openstack.adapters import OpenStackRelationAdapters
+from openstack.adapters import OpenStackRelationAdapters, ConfigurationAdapter
 from openstack.ip import canonical_url, PUBLIC, INTERNAL, ADMIN
 from charmhelpers.contrib.openstack.utils import (
     configure_installation_source,
@@ -41,7 +41,33 @@ class BarbicanAdapters(OpenStackRelationAdapters):
     """
     Adapters class for the Barbican charm.
     """
-    pass
+    def __init__(self, relations):
+        super(BarbicanAdapters, self).__init__(relations, options=BarbicanConfigurationAdapter)
+
+
+class BarbicanConfigurationAdapter(ConfigurationAdapter):
+
+    def __init__(self):
+        super(BarbicanConfigurationAdapter, self).__init__()
+        if config('keystone-api-version') not in ['2', '3', 'none']:
+            raise ValueError('Unsupported keystone-api-version (%s). Should'
+                             'be 2 or 3' % (config('keystone-api-version')))
+        
+    @property
+    def barbican_api_keystone_pipeline(self):
+        if config('keystone-api-version') == "2":
+            return 'keystone_authtoken context apiapp'
+        else:
+            return 'keystone_v3_authtoken context apiapp'
+
+    @property
+    def barbican_api_pipeline(self):
+        if config('keystone-api-version') == "2":
+            return "keystone_authtoken context apiapp"
+        elif config('keystone-api-version') == "3":
+            return "keystone_v3_authtoken context apiapp"
+        elif config('keystone-api-version') == "none":
+            return "unauthenticated-context apiapp"
 
 
 def api_port(service):
@@ -80,7 +106,7 @@ def setup_endpoint(keystone):
     internal_url = '{}:{}'.format(canonical_url(CONFIGS, INTERNAL),
                                   api_port('barbican-internal-api')
                                   )
-    keystone.register_endpoints('keystore', config('region'), public_url,
+    keystone.register_endpoints('secretstore', config('region'), public_url,
                                 internal_url, admin_url)
 
 @when('shared-db.available')
diff --git a/barbican/templates/juno/barbican-api-paste.ini b/barbican/templates/juno/barbican-api-paste.ini
index 05ff298..dfd224a 100644
--- a/barbican/templates/juno/barbican-api-paste.ini
+++ b/barbican/templates/juno/barbican-api-paste.ini
@@ -11,7 +11,7 @@ pipeline = versionapp
 [pipeline:barbican_api]
 ####pipeline = simple apiapp
 #pipeline = keystone_authtoken context apiapp
-pipeline = {{ barbican_api_pipeline }}
+pipeline = {{ options.barbican_api_pipeline }}
 
 #Use this pipeline to activate a repoze.profile middleware and HTTP port,
 #  to provide profiling information for the REST API processing.
@@ -21,7 +21,7 @@ pipeline = unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions prof
 #Use this pipeline for keystone auth
 [pipeline:barbican-api-keystone]
 #pipeline = keystone_authtoken context apiapp
-pipeline = {{ barbican_api_keystone_pipeline }}
+pipeline = {{ options.barbican_api_keystone_pipeline }}
 
 [app:apiapp]
 paste.app_factory = barbican.api.app:create_main_app
@@ -41,13 +41,13 @@ paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory
 [filter:keystone_authtoken] 
 paste.filter_factory = keystonemiddleware.auth_token:filter_factory
 signing_dir = /var/lib/barbican/keystone-signing
-auth_host = {{ auth_host }}
+auth_host = {{ identity_service.auth_host }}
 #need ability to re-auth a token, thus admin url
-auth_port = {{ auth_port }} 
-auth_protocol = {{ auth_protocol }} 
-admin_tenant_name = {{ admin_tenant_name }} 
-admin_user = {{ admin_user }} 
-admin_password = {{ admin_password }} 
+auth_port = {{ identity_service.auth_port }} 
+auth_protocol = {{ identity_service.auth_protocol }} 
+admin_tenant_name = {{ identity_service.service_tenant }} 
+admin_user = {{ identity_service.service_username }} 
+admin_password = {{ identity_service.service_password }} 
 auth_version = v2.0 
 #delay failing perhaps to log the unauthorized request in barbican ..
 #delay_auth_decision = true
@@ -55,13 +55,13 @@ auth_version = v2.0
 [filter:keystone_v3_authtoken] 
 paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory
 signing_dir = /var/lib/barbican/keystone-signing
-auth_host = {{ auth_host }}
+auth_host = {{ identity_service.auth_host }}
 #need ability to re-auth a token, thus admin url
-auth_port = {{ auth_port }} 
-auth_protocol = {{ auth_protocol }} 
-admin_tenant_name = {{ admin_tenant_name }} 
-admin_user = {{ admin_user }} 
-admin_password = {{ admin_password }} 
+auth_port = {{ identity_service.auth_port }} 
+auth_protocol = {{ identity_service.auth_protocol }} 
+admin_tenant_name = {{ identity_service.service_tenant }} 
+admin_user = {{ identity_service.service_username }} 
+admin_password = {{ identity_service.service_password }} 
 auth_version = v3.0 
 #delay failing perhaps to log the unauthorized request in barbican ..
 #delay_auth_decision = true  
diff --git a/keystone_setup.sh b/keystone_setup.sh
new file mode 100755
index 0000000..5a75cc0
--- /dev/null
+++ b/keystone_setup.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -ex
+
+# Create demo/testing users, tenants and flavor
+openstack project create demo
+openstack user create --project demo --password pass --email demo@dev.null demo
+openstack role add --user demo --project demo Member
+openstack project create alt_demo
+openstack user create --project alt_demo --password secret --email demo@dev.null alt_demo
+openstack role add --user alt_demo --project alt_demo Member
diff --git a/novarc b/novarc
new file mode 100644
index 0000000..4c3c6c1
--- /dev/null
+++ b/novarc
@@ -0,0 +1,8 @@
+export OS_REGION_NAME=RegionOne
+export OS_USER_DOMAIN_ID=Default
+export OS_PROJECT_NAME=admin
+export OS_PASSWORD=openstack
+export OS_AUTH_URL=${OS_AUTH_PROTOCOL:-http}://`juju-deployer -f keystone`:5000/v3
+export OS_USERNAME=admin
+export OS_TENANT_NAME=admin
+export OS_PROJECT_DOMAIN_NAME=Default
diff --git a/setup.sh b/setup.sh
index 5c30c39..48cd87e 100755
--- a/setup.sh
+++ b/setup.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 export http_proxy=http://squid.internal:3128                                                              
 export https_proxy=http://squid.internal:3128
-export JUJU_REPOSITORY=build
+export JUJU_REPOSITORY="$(pwd)/build"
 #export INTERFACE_PATH=interfaces
 export LAYER_PATH=layers
 rm -rf $JUJU_REPOSITORY