From a419429041d83301bf79c640de2609aa12c8b4da Mon Sep 17 00:00:00 2001 From: Pino de Candia Date: Thu, 21 Dec 2017 16:39:28 +0000 Subject: [PATCH] Make Barbican integration work with Keystone middleware. --- files/paste.ini | 12 +++++++----- files/tatu.conf | 12 ++++++++++++ requirements.txt | 1 - tatu/api/app.py | 4 +++- tatu/castellano.py | 13 ++----------- tatu/config.py | 19 ++++++++++++++++--- 6 files changed, 40 insertions(+), 21 deletions(-) create mode 100644 files/tatu.conf diff --git a/files/paste.ini b/files/paste.ini index c4df1cb..1a1b646 100644 --- a/files/paste.ini +++ b/files/paste.ini @@ -13,11 +13,13 @@ pipeline = authtoken myapp [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory -www_authenticate_uri = http://147.75.79.167/identity -identity_uri = http://147.75.79.167/identity -admin_user = nova -admin_password = pinot -admin_tenant_name = service +www_authenticate_uri = http://localhost/identity +identity_uri = http://localhost/identity +#auth_version = v2 +admin_token = gAAAAABaO-LnZQ03QZArlHYnXJL9Lg6valCBRUQ0n4eu4JOhIR3lHnxxoNuK1Zod41V_xDbkEqk75BO5rdvjuwDqDNOptje6E-XsE4dCu1WFJAhVyzLDd9DLctlNoeY8fnia-L8VacaNWQQ3EGX3uay434ZOErqKJ6Joxal11cG6u7VmYtu10xQ +#admin_user = nova +#admin_password = pinot +#admin_tenant_name = service [app:myapp] #use = call:tatu.api.app:main diff --git a/files/tatu.conf b/files/tatu.conf new file mode 100644 index 0000000..9f3dc29 --- /dev/null +++ b/files/tatu.conf @@ -0,0 +1,12 @@ +[DEFAULT] + +[tatu] +use_barbican_key_manager = True + +[key_manager] +auth_url = http://147.75.72.229/identity +auth_type = keystone_password +username = admin +password = pinot +project_id = 2e6c998ad16f4045821304470a57d160 +user_domain_name = default diff --git a/requirements.txt b/requirements.txt index d52b2ec..4d55ef5 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,7 +18,6 @@ pyramid>=1.9.1 # BSD-derived (http://www.repoze.org/LICENSE.txt) Paste # MIT dogpile.cache python-memcached -oslo_concurrency eventlet vine python-designateclient diff --git a/tatu/api/app.py b/tatu/api/app.py index 6e9bb45..deacdf4 100644 --- a/tatu/api/app.py +++ b/tatu/api/app.py @@ -13,13 +13,15 @@ import falcon import os.path from oslo_config import cfg - +from oslo_log import log as logging import models from tatu import config # sets up all required config from tatu.db.persistence import SQLAlchemySessionManager +LOG = logging.getLogger(__name__) def create_app(sa): + LOG.info("Creating falcon API instance.") api = falcon.API(middleware=[models.Logger(), sa]) api.add_route('/authorities', models.Authorities()) api.add_route('/authorities/{auth_id}', models.Authority()) diff --git a/tatu/castellano.py b/tatu/castellano.py index 9857056..21ad494 100644 --- a/tatu/castellano.py +++ b/tatu/castellano.py @@ -14,7 +14,6 @@ from castellan.common.objects.passphrase import Passphrase from castellan.common.utils import credential_factory from castellan.key_manager import API from castellan.key_manager.key_manager import KeyManager -from castellan.options import set_defaults as set_castellan_defaults from oslo_config import cfg from oslo_log import log as logging @@ -24,18 +23,10 @@ _context = None _api = None -def validate_config(): - if CONF.tatu.use_barbican_key_manager: - set_castellan_defaults(CONF) - else: - set_castellan_defaults(CONF, - api_class='tatu.castellano.TatuKeyManager') - - def context(): global _context - if _context is None and CONF.tatu.use_barbican_key_manager: - _context = credential_factory(conf=CONF) + if _context is None and cfg.CONF.tatu.use_barbican_key_manager: + _context = credential_factory(conf=cfg.CONF) return _context diff --git a/tatu/config.py b/tatu/config.py index 1187890..c904465 100644 --- a/tatu/config.py +++ b/tatu/config.py @@ -12,8 +12,11 @@ from oslo_config import cfg from oslo_log import log as logging +from castellan.options import set_defaults as set_castellan_defaults from tatu import castellano +import sys +LOG = logging.getLogger(__name__) # 3 steps: register options; read the config file; use the options opts = [ @@ -32,7 +35,17 @@ log_levels = logging.get_default_log_levels() + \ logging.set_defaults(default_log_levels=log_levels) #CONF(default_config_files=cfg.find_config_files(project='tatu', prog='tatu')) -CONF(default_config_files=['tatu.conf']) - +try: + CONF(args=[], default_config_files=['files/tatu.conf']) +except Exception as e: + LOG.error("Failed to load configuration file: {}".format(e)) + logging.setup(CONF, DOMAIN) -castellano.validate_config() \ No newline at end of file +if CONF.tatu.use_barbican_key_manager: + LOG.debug("Using Barbican as key manager.") + set_castellan_defaults(CONF) +else: + LOG.debug("Using Tatu as key manager.") + set_castellan_defaults(CONF, + api_class='tatu.castellano.TatuKeyManager') +