diff --git a/tatu/api/app.py b/tatu/api/app.py index 1181272..6e9bb45 100644 --- a/tatu/api/app.py +++ b/tatu/api/app.py @@ -15,15 +15,9 @@ import os.path from oslo_config import cfg import models -from tatu.castellano import validate_config as validate_castellan_config +from tatu import config # sets up all required config from tatu.db.persistence import SQLAlchemySessionManager -validate_castellan_config() -fname = 'tatu.conf' -CONF = cfg.CONF -if os.path.isfile(fname): - CONF(default_config_files=[fname]) - def create_app(sa): api = falcon.API(middleware=[models.Logger(), sa]) diff --git a/tatu/api/models.py b/tatu/api/models.py index 11a5ee4..a82c577 100644 --- a/tatu/api/models.py +++ b/tatu/api/models.py @@ -215,7 +215,7 @@ class NovaVendorData(object): if auth is None: resp.status = falcon.HTTP_NOT_FOUND return - key = RSA.importKey(auth.user_key) + key = RSA.importKey(db.getAuthUserKey(auth)) pub_key = key.publickey().exportKey('OpenSSH') vendordata = { 'token': token.token_id, diff --git a/tatu/castellano.py b/tatu/castellano.py index 9c0679a..9857056 100644 --- a/tatu/castellano.py +++ b/tatu/castellano.py @@ -16,15 +16,10 @@ from castellan.key_manager import API from castellan.key_manager.key_manager import KeyManager from castellan.options import set_defaults as set_castellan_defaults from oslo_config import cfg +from oslo_log import log as logging -opts = [ - cfg.BoolOpt('use_barbican_key_manager', default=False, - help='Enable the usage of the OpenStack Key Management ' - 'service provided by barbican.'), -] +LOG = logging.getLogger(__name__) -CONF = cfg.CONF -CONF.register_opts(opts, group='tatu') _context = None _api = None diff --git a/tatu/config.py b/tatu/config.py new file mode 100644 index 0000000..1187890 --- /dev/null +++ b/tatu/config.py @@ -0,0 +1,38 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_config import cfg +from oslo_log import log as logging +from tatu import castellano + +# 3 steps: register options; read the config file; use the options + +opts = [ + cfg.BoolOpt('use_barbican_key_manager', default=False, + help='Enable the usage of the OpenStack Key Management ' + 'service provided by barbican.'), +] + +DOMAIN = "tatu" +CONF = cfg.CONF +CONF.register_opts(opts, group='tatu') + +logging.register_options(CONF) +log_levels = logging.get_default_log_levels() + \ + ['tatu=DEBUG', '__main__=DEBUG'] +logging.set_defaults(default_log_levels=log_levels) +#CONF(default_config_files=cfg.find_config_files(project='tatu', prog='tatu')) + +CONF(default_config_files=['tatu.conf']) + +logging.setup(CONF, DOMAIN) +castellano.validate_config() \ No newline at end of file diff --git a/tatu/db/models.py b/tatu/db/models.py index b10a084..ed64885 100644 --- a/tatu/db/models.py +++ b/tatu/db/models.py @@ -83,7 +83,7 @@ def createUserCert(session, user_id, auth_id, pub): certRecord = session.query(UserCert).get([user_id, fingerprint]) if certRecord is not None: return certRecord - cert = generateCert(get_secret(auth.user_key), pub, + cert = generateCert(getAuthUserKey(auth), pub, principals='admin,root') if cert is None: raise falcon.HTTPInternalServerError( @@ -180,7 +180,7 @@ def createHostCert(session, token_id, host_id, pub): certRecord = session.query(HostCert).get([host_id, fingerprint]) if certRecord is not None: raise falcon.HTTPConflict('This public key is already signed.') - cert = generateCert(get_secret(auth.host_key), pub, + cert = generateCert(getAuthHostKey(auth), pub, hostname=token.hostname) if cert == '': raise falcon.HTTPInternalServerError( diff --git a/tatu/notifications.py b/tatu/notifications.py index 0351953..8783461 100644 --- a/tatu/notifications.py +++ b/tatu/notifications.py @@ -17,6 +17,7 @@ from oslo_serialization import jsonutils from sqlalchemy import create_engine from sqlalchemy.orm import scoped_session, sessionmaker import sys +from tatu import config # sets up all required config import time import uuid @@ -24,8 +25,6 @@ from tatu.db.models import createAuthority from tatu.db.persistence import get_url LOG = logging.getLogger(__name__) -CONF = cfg.CONF -DOMAIN = 'tatu' class NotificationEndpoint(object): @@ -47,7 +46,8 @@ class NotificationEndpoint(object): if event_type == 'identity.project.created': proj_id = payload.get('resource_info') - LOG.debug("New project created {}".format(proj_id)) + LOG.debug("New project with ID {} created " + "in Keystone".format(proj_id)) se = self.Session() try: auth_id = str(uuid.UUID(proj_id, version=4)) @@ -63,13 +63,7 @@ class NotificationEndpoint(object): def main(): - logging.register_options(CONF) - log_levels = logging.get_default_log_levels() + \ - ['tatu=DEBUG', '__main__=DEBUG'] - logging.set_defaults(default_log_levels=log_levels) - logging.setup(CONF, DOMAIN) - - transport = oslo_messaging.get_notification_transport(CONF) + transport = oslo_messaging.get_notification_transport(cfg.CONF) targets = [oslo_messaging.Target(topic='notifications')] endpoints = [NotificationEndpoint()] @@ -78,8 +72,7 @@ def main(): endpoints, executor='threading') - LOG.info("Starting") - LOG.debug("Test debug log statement") + LOG.info("Starting notification watcher daemon") server.start() try: while True: diff --git a/tatu/sync_keystone.py b/tatu/sync_keystone.py new file mode 100644 index 0000000..68af6d1 --- /dev/null +++ b/tatu/sync_keystone.py @@ -0,0 +1,53 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from keystoneauth1.identity import v3 as ks_v3 +from keystoneauth1 import session as ks_session +from keystoneclient.v3 import client as ks_client_v3 +from oslo_log import log as logging +from sqlalchemy import create_engine +from sqlalchemy.orm import scoped_session, sessionmaker +from tatu import config # sets up all required config +from tatu.db.models import Base, createAuthority, getAuthority +from tatu.db.persistence import get_url +import uuid + +LOG = logging.getLogger(__name__) + +auth = ks_v3.Password(auth_url='http://localhost/identity/v3', + user_id='fab01a1f2a7749b78a53dffe441a1879', + password='pinot', + project_id='2e6c998ad16f4045821304470a57d160') +keystone = ks_client_v3.Client(session=ks_session.Session(auth=auth)) +projects = keystone.projects.list() + +engine = create_engine(get_url()) +Base.metadata.create_all(engine) +Session = scoped_session(sessionmaker(engine)) + +LOG.debug("Creating CAs for {} Keystone projects.".format(len(projects))) +for proj in projects: + se = Session() + try: + auth_id = str(uuid.UUID(proj.id, version=4)) + if getAuthority(se, auth_id) is None: + createAuthority(se, auth_id) + LOG.info("Created CA for project {} with ID {}".format(proj.name, + auth_id)) + else: + LOG.info("CA already exists for project {}".format(proj.name)) + except Exception as e: + LOG.error( + "Failed to create Tatu CA for project {} with ID {} " + "due to exception {}".format(proj.name, auth_id, e)) + se.rollback() + Session.remove() diff --git a/tox.ini b/tox.ini index 2bf9b4a..68e5a25 100644 --- a/tox.ini +++ b/tox.ini @@ -31,6 +31,9 @@ commands = oslo-config-generator --config-file=etc/oslo-config-generator/tatu.in install_command = pip install -U --force-reinstall {opts} {packages} commands = {posargs} +[testenv:debug] +commands = oslo_debug_helper {posargs} + [testenv:cover] commands = python setup.py testr --coverage