Moved config handling to one file.

tatu/api/app.py

@@ -15,15 +15,9 @@ import os.path
 from oslo_config import cfg
 
 import models
-from tatu.castellano import validate_config as validate_castellan_config
+from tatu import config # sets up all required config
 from tatu.db.persistence import SQLAlchemySessionManager
 
-validate_castellan_config()
-fname = 'tatu.conf'
-CONF = cfg.CONF
-if os.path.isfile(fname):
-    CONF(default_config_files=[fname])
-
 
 def create_app(sa):
     api = falcon.API(middleware=[models.Logger(), sa])

tatu/api/models.py

@@ -215,7 +215,7 @@ class NovaVendorData(object):
         if auth is None:
             resp.status = falcon.HTTP_NOT_FOUND
             return
-        key = RSA.importKey(auth.user_key)
+        key = RSA.importKey(db.getAuthUserKey(auth))
         pub_key = key.publickey().exportKey('OpenSSH')
         vendordata = {
             'token': token.token_id,

tatu/castellano.py

@@ -16,15 +16,10 @@ from castellan.key_manager import API
 from castellan.key_manager.key_manager import KeyManager
 from castellan.options import set_defaults as set_castellan_defaults
 from oslo_config import cfg
+from oslo_log import log as logging
 
-opts = [
+LOG = logging.getLogger(__name__)
-    cfg.BoolOpt('use_barbican_key_manager', default=False,
-                help='Enable the usage of the OpenStack Key Management '
-                     'service provided by barbican.'),
-]
 
-CONF = cfg.CONF
-CONF.register_opts(opts, group='tatu')
 _context = None
 _api = None
 

tatu/config.py

@@ -0,0 +1,38 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from oslo_config import cfg
+from oslo_log import log as logging
+from tatu import castellano
+
+# 3 steps: register options; read the config file; use the options
+
+opts = [
+    cfg.BoolOpt('use_barbican_key_manager', default=False,
+                help='Enable the usage of the OpenStack Key Management '
+                     'service provided by barbican.'),
+]
+
+DOMAIN = "tatu"
+CONF = cfg.CONF
+CONF.register_opts(opts, group='tatu')
+
+logging.register_options(CONF)
+log_levels = logging.get_default_log_levels() + \
+             ['tatu=DEBUG', '__main__=DEBUG']
+logging.set_defaults(default_log_levels=log_levels)
+#CONF(default_config_files=cfg.find_config_files(project='tatu', prog='tatu'))
+
+CONF(default_config_files=['tatu.conf'])
+
+logging.setup(CONF, DOMAIN)
+castellano.validate_config()

tatu/db/models.py

@@ -83,7 +83,7 @@ def createUserCert(session, user_id, auth_id, pub):
     certRecord = session.query(UserCert).get([user_id, fingerprint])
     if certRecord is not None:
         return certRecord
-    cert = generateCert(get_secret(auth.user_key), pub,
+    cert = generateCert(getAuthUserKey(auth), pub,
                         principals='admin,root')
     if cert is None:
         raise falcon.HTTPInternalServerError(
@@ -180,7 +180,7 @@ def createHostCert(session, token_id, host_id, pub):
     certRecord = session.query(HostCert).get([host_id, fingerprint])
     if certRecord is not None:
         raise falcon.HTTPConflict('This public key is already signed.')
-    cert = generateCert(get_secret(auth.host_key), pub,
+    cert = generateCert(getAuthHostKey(auth), pub,
                         hostname=token.hostname)
     if cert == '':
         raise falcon.HTTPInternalServerError(

tatu/notifications.py

@@ -17,6 +17,7 @@ from oslo_serialization import jsonutils
 from sqlalchemy import create_engine
 from sqlalchemy.orm import scoped_session, sessionmaker
 import sys
+from tatu import config # sets up all required config
 import time
 import uuid
 
@@ -24,8 +25,6 @@ from tatu.db.models import createAuthority
 from tatu.db.persistence import get_url
 
 LOG = logging.getLogger(__name__)
-CONF = cfg.CONF
-DOMAIN = 'tatu'
 
 
 class NotificationEndpoint(object):
@@ -47,7 +46,8 @@ class NotificationEndpoint(object):
 
         if event_type == 'identity.project.created':
             proj_id = payload.get('resource_info')
-            LOG.debug("New project created {}".format(proj_id))
+            LOG.debug("New project with ID {} created "
+                      "in Keystone".format(proj_id))
             se = self.Session()
             try:
                 auth_id = str(uuid.UUID(proj_id, version=4))
@@ -63,13 +63,7 @@ class NotificationEndpoint(object):
 
 
 def main():
-    logging.register_options(CONF)
+    transport = oslo_messaging.get_notification_transport(cfg.CONF)
-    log_levels = logging.get_default_log_levels() + \
-        ['tatu=DEBUG', '__main__=DEBUG']
-    logging.set_defaults(default_log_levels=log_levels)
-    logging.setup(CONF, DOMAIN)
-
-    transport = oslo_messaging.get_notification_transport(CONF)
     targets = [oslo_messaging.Target(topic='notifications')]
     endpoints = [NotificationEndpoint()]
 
@@ -78,8 +72,7 @@ def main():
                                                       endpoints,
                                                       executor='threading')
 
-    LOG.info("Starting")
+    LOG.info("Starting notification watcher daemon")
-    LOG.debug("Test debug log statement")
     server.start()
     try:
         while True:

tatu/sync_keystone.py

@@ -0,0 +1,53 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystoneauth1.identity import v3 as ks_v3
+from keystoneauth1 import session as ks_session
+from keystoneclient.v3 import client as ks_client_v3
+from oslo_log import log as logging
+from sqlalchemy import create_engine
+from sqlalchemy.orm import scoped_session, sessionmaker
+from tatu import config # sets up all required config
+from tatu.db.models import Base, createAuthority, getAuthority
+from tatu.db.persistence import get_url
+import uuid
+
+LOG = logging.getLogger(__name__)
+
+auth = ks_v3.Password(auth_url='http://localhost/identity/v3',
+                      user_id='fab01a1f2a7749b78a53dffe441a1879',
+                      password='pinot',
+                      project_id='2e6c998ad16f4045821304470a57d160')
+keystone = ks_client_v3.Client(session=ks_session.Session(auth=auth))
+projects = keystone.projects.list()
+
+engine = create_engine(get_url())
+Base.metadata.create_all(engine)
+Session = scoped_session(sessionmaker(engine))
+
+LOG.debug("Creating CAs for {} Keystone projects.".format(len(projects)))
+for proj in projects:
+    se = Session()
+    try:
+        auth_id = str(uuid.UUID(proj.id, version=4))
+        if getAuthority(se, auth_id) is None:
+            createAuthority(se, auth_id)
+            LOG.info("Created CA for project {} with ID {}".format(proj.name,
+                                                                   auth_id))
+        else:
+            LOG.info("CA already exists for project {}".format(proj.name))
+    except Exception as e:
+        LOG.error(
+            "Failed to create Tatu CA for project {} with ID {} "
+            "due to exception {}".format(proj.name, auth_id, e))
+        se.rollback()
+        Session.remove()

tox.ini

@@ -31,6 +31,9 @@ commands = oslo-config-generator --config-file=etc/oslo-config-generator/tatu.in
 install_command = pip install -U --force-reinstall {opts} {packages}
 commands = {posargs}
 
+[testenv:debug]
+commands = oslo_debug_helper {posargs}
+
 [testenv:cover]
 commands =
   python setup.py testr --coverage