x/tatu
Code Issues Proposed changes

Moved config handling to one file.

Browse Source
This commit is contained in:
Pino de Candia 2017-12-20 15:07:15 -06:00
parent 303827c514
commit 25fdd3b800
8 changed files with 105 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
tatu/api/app.py
View File

@ -15,15 +15,9 @@ import os.path
from oslo_config import cfg
import models
from tatu.castellano import validate_config as validate_castellan_config
from tatu import config # sets up all required config
from tatu.db.persistence import SQLAlchemySessionManager
validate_castellan_config()
fname = 'tatu.conf'
CONF = cfg.CONF
if os.path.isfile(fname):
CONF(default_config_files=[fname])
def create_app(sa):
api = falcon.API(middleware=[models.Logger(), sa])

2
tatu/api/models.py
View File

@ -215,7 +215,7 @@ class NovaVendorData(object):
if auth is None:
resp.status = falcon.HTTP_NOT_FOUND
return
key = RSA.importKey(auth.user_key)
key = RSA.importKey(db.getAuthUserKey(auth))
pub_key = key.publickey().exportKey('OpenSSH')
vendordata = {
'token': token.token_id,

9
tatu/castellano.py
View File

@ -16,15 +16,10 @@ from castellan.key_manager import API
from castellan.key_manager.key_manager import KeyManager
from castellan.options import set_defaults as set_castellan_defaults
from oslo_config import cfg
from oslo_log import log as logging
opts = [
cfg.BoolOpt('use_barbican_key_manager', default=False,
help='Enable the usage of the OpenStack Key Management '
'service provided by barbican.'),
]
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
CONF.register_opts(opts, group='tatu')
_context = None
_api = None

38
tatu/config.py Normal file
View File

@ -0,0 +1,38 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from oslo_log import log as logging
from tatu import castellano
# 3 steps: register options; read the config file; use the options
opts = [
cfg.BoolOpt('use_barbican_key_manager', default=False,
help='Enable the usage of the OpenStack Key Management '
'service provided by barbican.'),
]
DOMAIN = "tatu"
CONF = cfg.CONF
CONF.register_opts(opts, group='tatu')
logging.register_options(CONF)
log_levels = logging.get_default_log_levels() + \
['tatu=DEBUG', '__main__=DEBUG']
logging.set_defaults(default_log_levels=log_levels)
#CONF(default_config_files=cfg.find_config_files(project='tatu', prog='tatu'))
CONF(default_config_files=['tatu.conf'])
logging.setup(CONF, DOMAIN)
castellano.validate_config()

4
tatu/db/models.py
View File

@ -83,7 +83,7 @@ def createUserCert(session, user_id, auth_id, pub):
certRecord = session.query(UserCert).get([user_id, fingerprint])
if certRecord is not None:
return certRecord
cert = generateCert(get_secret(auth.user_key), pub,
cert = generateCert(getAuthUserKey(auth), pub,
principals='admin,root')
if cert is None:
raise falcon.HTTPInternalServerError(
@ -180,7 +180,7 @@ def createHostCert(session, token_id, host_id, pub):
certRecord = session.query(HostCert).get([host_id, fingerprint])
if certRecord is not None:
raise falcon.HTTPConflict('This public key is already signed.')
cert = generateCert(get_secret(auth.host_key), pub,
cert = generateCert(getAuthHostKey(auth), pub,
hostname=token.hostname)
if cert == '':
raise falcon.HTTPInternalServerError(

17
tatu/notifications.py
View File

@ -17,6 +17,7 @@ from oslo_serialization import jsonutils
from sqlalchemy import create_engine
from sqlalchemy.orm import scoped_session, sessionmaker
import sys
from tatu import config # sets up all required config
import time
import uuid
@ -24,8 +25,6 @@ from tatu.db.models import createAuthority
from tatu.db.persistence import get_url
LOG = logging.getLogger(__name__)
CONF = cfg.CONF
DOMAIN = 'tatu'
class NotificationEndpoint(object):
@ -47,7 +46,8 @@ class NotificationEndpoint(object):
if event_type == 'identity.project.created':
proj_id = payload.get('resource_info')
LOG.debug("New project created {}".format(proj_id))
LOG.debug("New project with ID {} created "
"in Keystone".format(proj_id))
se = self.Session()
try:
auth_id = str(uuid.UUID(proj_id, version=4))
@ -63,13 +63,7 @@ class NotificationEndpoint(object):
def main():
logging.register_options(CONF)
log_levels = logging.get_default_log_levels() + \
['tatu=DEBUG', '__main__=DEBUG']
logging.set_defaults(default_log_levels=log_levels)
logging.setup(CONF, DOMAIN)
transport = oslo_messaging.get_notification_transport(CONF)
transport = oslo_messaging.get_notification_transport(cfg.CONF)
targets = [oslo_messaging.Target(topic='notifications')]
endpoints = [NotificationEndpoint()]
@ -78,8 +72,7 @@ def main():
endpoints,
executor='threading')
LOG.info("Starting")
LOG.debug("Test debug log statement")
LOG.info("Starting notification watcher daemon")
server.start()
try:
while True:

53
tatu/sync_keystone.py Normal file
View File

@ -0,0 +1,53 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystoneauth1.identity import v3 as ks_v3
from keystoneauth1 import session as ks_session
from keystoneclient.v3 import client as ks_client_v3
from oslo_log import log as logging
from sqlalchemy import create_engine
from sqlalchemy.orm import scoped_session, sessionmaker
from tatu import config # sets up all required config
from tatu.db.models import Base, createAuthority, getAuthority
from tatu.db.persistence import get_url
import uuid
LOG = logging.getLogger(__name__)
auth = ks_v3.Password(auth_url='http://localhost/identity/v3',
user_id='fab01a1f2a7749b78a53dffe441a1879',
password='pinot',
project_id='2e6c998ad16f4045821304470a57d160')
keystone = ks_client_v3.Client(session=ks_session.Session(auth=auth))
projects = keystone.projects.list()
engine = create_engine(get_url())
Base.metadata.create_all(engine)
Session = scoped_session(sessionmaker(engine))
LOG.debug("Creating CAs for {} Keystone projects.".format(len(projects)))
for proj in projects:
se = Session()
try:
auth_id = str(uuid.UUID(proj.id, version=4))
if getAuthority(se, auth_id) is None:
createAuthority(se, auth_id)
LOG.info("Created CA for project {} with ID {}".format(proj.name,
auth_id))
else:
LOG.info("CA already exists for project {}".format(proj.name))
except Exception as e:
LOG.error(
"Failed to create Tatu CA for project {} with ID {} "
"due to exception {}".format(proj.name, auth_id, e))
se.rollback()
Session.remove()

3
tox.ini
View File

@ -31,6 +31,9 @@ commands = oslo-config-generator --config-file=etc/oslo-config-generator/tatu.in
install_command = pip install -U --force-reinstall {opts} {packages}
commands = {posargs}
[testenv:debug]
commands = oslo_debug_helper {posargs}
[testenv:cover]
commands =
python setup.py testr --coverage