Make Barbican integration work with Keystone middleware.

This commit is contained in:
Pino de Candia 2017-12-21 16:39:28 +00:00
parent 6ea9865b2a
commit a419429041
6 changed files with 40 additions and 21 deletions

View File

@ -13,11 +13,13 @@ pipeline = authtoken myapp
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
www_authenticate_uri = http://147.75.79.167/identity
identity_uri = http://147.75.79.167/identity
admin_user = nova
admin_password = pinot
admin_tenant_name = service
www_authenticate_uri = http://localhost/identity
identity_uri = http://localhost/identity
#auth_version = v2
admin_token = gAAAAABaO-LnZQ03QZArlHYnXJL9Lg6valCBRUQ0n4eu4JOhIR3lHnxxoNuK1Zod41V_xDbkEqk75BO5rdvjuwDqDNOptje6E-XsE4dCu1WFJAhVyzLDd9DLctlNoeY8fnia-L8VacaNWQQ3EGX3uay434ZOErqKJ6Joxal11cG6u7VmYtu10xQ
#admin_user = nova
#admin_password = pinot
#admin_tenant_name = service
[app:myapp]
#use = call:tatu.api.app:main

12
files/tatu.conf Normal file
View File

@ -0,0 +1,12 @@
[DEFAULT]
[tatu]
use_barbican_key_manager = True
[key_manager]
auth_url = http://147.75.72.229/identity
auth_type = keystone_password
username = admin
password = pinot
project_id = 2e6c998ad16f4045821304470a57d160
user_domain_name = default

View File

@ -18,7 +18,6 @@ pyramid>=1.9.1 # BSD-derived (http://www.repoze.org/LICENSE.txt)
Paste # MIT
dogpile.cache
python-memcached
oslo_concurrency
eventlet
vine
python-designateclient

View File

@ -13,13 +13,15 @@
import falcon
import os.path
from oslo_config import cfg
from oslo_log import log as logging
import models
from tatu import config # sets up all required config
from tatu.db.persistence import SQLAlchemySessionManager
LOG = logging.getLogger(__name__)
def create_app(sa):
LOG.info("Creating falcon API instance.")
api = falcon.API(middleware=[models.Logger(), sa])
api.add_route('/authorities', models.Authorities())
api.add_route('/authorities/{auth_id}', models.Authority())

View File

@ -14,7 +14,6 @@ from castellan.common.objects.passphrase import Passphrase
from castellan.common.utils import credential_factory
from castellan.key_manager import API
from castellan.key_manager.key_manager import KeyManager
from castellan.options import set_defaults as set_castellan_defaults
from oslo_config import cfg
from oslo_log import log as logging
@ -24,18 +23,10 @@ _context = None
_api = None
def validate_config():
if CONF.tatu.use_barbican_key_manager:
set_castellan_defaults(CONF)
else:
set_castellan_defaults(CONF,
api_class='tatu.castellano.TatuKeyManager')
def context():
global _context
if _context is None and CONF.tatu.use_barbican_key_manager:
_context = credential_factory(conf=CONF)
if _context is None and cfg.CONF.tatu.use_barbican_key_manager:
_context = credential_factory(conf=cfg.CONF)
return _context

View File

@ -12,8 +12,11 @@
from oslo_config import cfg
from oslo_log import log as logging
from castellan.options import set_defaults as set_castellan_defaults
from tatu import castellano
import sys
LOG = logging.getLogger(__name__)
# 3 steps: register options; read the config file; use the options
opts = [
@ -32,7 +35,17 @@ log_levels = logging.get_default_log_levels() + \
logging.set_defaults(default_log_levels=log_levels)
#CONF(default_config_files=cfg.find_config_files(project='tatu', prog='tatu'))
CONF(default_config_files=['tatu.conf'])
try:
CONF(args=[], default_config_files=['files/tatu.conf'])
except Exception as e:
LOG.error("Failed to load configuration file: {}".format(e))
logging.setup(CONF, DOMAIN)
castellano.validate_config()
if CONF.tatu.use_barbican_key_manager:
LOG.debug("Using Barbican as key manager.")
set_castellan_defaults(CONF)
else:
LOG.debug("Using Tatu as key manager.")
set_castellan_defaults(CONF,
api_class='tatu.castellano.TatuKeyManager')