Merge "Add actions to expose OpenStack Barbican APIs"

2016-02-10 00:30:41 +00:00 · 2016-02-10 00:30:41 +00:00 · 62e0f8d61c
parent 3795d26e76 6a0557f570
commit 62e0f8d61c
7 changed files with 150 additions and 1 deletions
--- a/mistral/actions/generator_factory.py
+++ b/mistral/actions/generator_factory.py
@ -19,7 +19,7 @@ from mistral.actions.openstack.action_generator import base

 SUPPORTED_MODULES = [
    'Nova', 'Glance', 'Keystone', 'Heat', 'Neutron', 'Cinder', 'Ceilometer',
-    'Trove', 'Ironic', 'Baremetal Introspection', 'Swift', 'Zaqar'
+    'Trove', 'Ironic', 'Baremetal Introspection', 'Swift', 'Zaqar', 'Barbican'
 ]


--- a/mistral/actions/openstack/actions.py
+++ b/mistral/actions/openstack/actions.py
@ -14,12 +14,14 @@

 import functools

+from barbicanclient import client as barbicanclient
 from ceilometerclient.v2 import client as ceilometerclient
 from cinderclient.v2 import client as cinderclient
 from glanceclient.v2 import client as glanceclient
 from heatclient.v1 import client as heatclient
 from ironic_inspector_client import v1 as ironic_inspector_client
 from ironicclient.v1 import client as ironicclient
+from keystoneclient.auth import identity
 from keystoneclient import httpclient
 from keystoneclient.v3 import client as keystoneclient
 from neutronclient.v2_0 import client as neutronclient
@ -425,3 +427,102 @@ class ZaqarAction(base.OpenStackAction):
        queue = client.queue(queue_name)

        return queue.pop(count)
+
+
+class BarbicanAction(base.OpenStackAction):
+    _client_class = barbicanclient.Client
+
+    def _get_client(self):
+        ctx = context.ctx()
+
+        LOG.debug("Barbican action security context: %s" % ctx)
+
+        barbican_endpoint = keystone_utils.get_endpoint_for_project('barbican')
+        keystone_endpoint = keystone_utils.get_keystone_endpoint_v2()
+
+        auth = identity.v2.Token(
+            auth_url=keystone_endpoint.url,
+            tenant_name=ctx.user_name,
+            token=ctx.auth_token,
+            tenant_id=ctx.project_id
+        )
+
+        return self._client_class(
+            project_id=ctx.project_id,
+            endpoint=barbican_endpoint.url,
+            auth=auth
+        )
+
+    @classmethod
+    def _get_fake_client(cls):
+        return cls._client_class(
+            project_id="1",
+            endpoint="http://127.0.0.1:9311"
+        )
+
+    @classmethod
+    def _get_client_method(cls, client):
+        if cls.client_method_name != "secrets_store":
+            return super(BarbicanAction, cls)._get_client_method(client)
+
+        method = getattr(cls, cls.client_method_name)
+
+        @functools.wraps(method)
+        def wrap(*args, **kwargs):
+            return method(client, *args, **kwargs)
+
+        args = inspect_utils.get_arg_list_as_str(method)
+
+        # Remove client.
+        wrap.__arguments__ = args.split(', ', 1)[1]
+
+        return wrap
+
+    @staticmethod
+    def secrets_store(client,
+                      name=None,
+                      payload=None,
+                      algorithm=None,
+                      bit_length=None,
+                      secret_type=None,
+                      mode=None, expiration=None):
+        """Create and Store a secret in Barbican.
+
+        :param name: A friendly name for the Secret
+        :type name: string
+
+        :param payload: The unencrypted secret data
+        :type payload: string
+
+        :param algorithm: The algorithm associated with this secret key
+        :type algorithm: string
+
+        :param bit_length: The bit length of this secret key
+        :type bit_length: int
+
+        :param secret_type: The secret type for this secret key
+        :type secret_type: string
+
+         :param mode: The algorithm mode used with this secret keybit_length:
+        :type mode: string
+
+        :param expiration: The expiration time of the secret in ISO 8601 format
+        :type expiration: string
+
+        :returns: A new Secret object
+        :rtype: class:`barbicanclient.secrets.Secret'
+        """
+
+        entity = client.secrets.create(
+            name,
+            payload,
+            algorithm,
+            bit_length,
+            secret_type,
+            mode,
+            expiration
+        )
+
+        entity.store()
+
+        return entity._get_formatted_entity()
--- a/mistral/actions/openstack/mapping.json
+++ b/mistral/actions/openstack/mapping.json
@ -943,5 +943,27 @@
        "queue_messages": "queue_messages",
        "queue_post": "queue_post",
        "queue_pop": "queue_pop"
+    },
+    "barbican": {
+        "_comment": "It uses barbicanclient",
+        "secrets_get": "secrets.get",
+        "secrets_create": "secrets.create",
+        "secrets_delete": "secrets.delete",
+        "secrets_list": "secrets.list",
+        "containers_get": "containers.get",
+        "containers_create": "containers.create",
+        "containers_create_certificate": "containers.create_certificate",
+        "containers_create_rsa": "containers.create_rsa",
+        "containers_delete": "containers.delete",
+        "containers_list": "containers.list",
+        "containers_register_consumer": "containers.register_consumer",
+        "containers_remove_consumer": "containers.remove_consumer",
+        "orders_get": "orders.get",
+        "orders_create": "orders.create",
+        "orders_create_key": "orders.create_key",
+        "orders_create_asymmetric": "orders.create_asymmetric",
+        "orders_delete": "orders.delete",
+        "orders_list": "orders.list",
+        "secrets_store": "secrets_store"
    }
 }
--- a/mistral/tests/unit/actions/openstack/test_generator.py
+++ b/mistral/tests/unit/actions/openstack/test_generator.py
@ -30,6 +30,7 @@ MODULE_MAPPING = {
                                actions.BaremetalIntrospectionAction],
    'swift': ['swift.head_account', actions.SwiftAction],
    'zaqar': ['zaqar.queue_messages', actions.ZaqarAction],
+    'barbican': ['barbican.orders_list', actions.BarbicanAction],
 }

 EXTRA_MODULES = ['neutron', 'swift', 'zaqar']
--- a/mistral/tests/unit/actions/openstack/test_openstack_actions.py
+++ b/mistral/tests/unit/actions/openstack/test_openstack_actions.py
@ -163,3 +163,15 @@ class OpenStackActionTest(base.BaseTestCase):

        mocked().queue.assert_called_once_with('foo')
        mocked().queue().messages.assert_called_once_with()
+
+    @mock.patch.object(actions.BarbicanAction, '_get_client')
+    def test_barbican_action(self, mocked):
+        method_name = "orders_list"
+        action_class = actions.BarbicanAction
+        action_class.client_method_name = method_name
+        params = {'limit': 5}
+        action = action_class(**params)
+        action.run()
+
+        self.assertTrue(mocked().orders_list.called)
+        mocked().orders_list.assert_called_once_with(limit=5)
--- a/requirements.txt
+++ b/requirements.txt
@ -21,6 +21,7 @@ oslo.service>=1.0.0 # Apache-2.0
 paramiko>=1.13.0 # LGPL
 pbr>=1.6 # Apache-2.0
 pecan>=1.0.0 # BSD
+python-barbicanclient>=3.3.0  # Apache-2.0
 python-ceilometerclient>=2.2.1 # Apache-2.0
 python-cinderclient>=1.3.1 # Apache-2.0
 python-glanceclient>=1.2.0 # Apache-2.0
--- a/tools/get_action_list.py
+++ b/tools/get_action_list.py
@ -18,6 +18,8 @@ import inspect
 import json
 import os

+from barbicanclient import base as barbican_base
+from barbicanclient import client as barbicanclient
 from ceilometerclient.v2 import client as ceilometerclient
 from cinderclient import utils as cinder_base
 from cinderclient.v2 import client as cinderclient
@ -71,6 +73,7 @@ BASE_KEYSTONE_MANAGER = keystone_base.Manager
 BASE_CINDER_MANAGER = cinder_base.HookableMixin
 BASE_TROVE_MANAGER = trove_base.Manager
 BASE_IRONIC_MANAGER = ironic_base.Manager
+BASE_BARBICAN_MANAGER = barbican_base.BaseEntityManager


 def get_parser():
@ -154,6 +157,13 @@ def get_ironic_client(**kwargs):
    return ironicclient.Client("http://127.0.0.1:6385/")


+def get_barbican_client(**kwargs):
+    return barbicanclient.Client(
+        project_id="1",
+        endpoint="http://127.0.0.1:9311"
+    )
+
+
 CLIENTS = {
    'nova': get_nova_client,
    'heat': get_heat_client,
@ -163,6 +173,7 @@ CLIENTS = {
    'glance': get_glance_client,
    'trove': get_trove_client,
    'ironic': get_ironic_client,
+    'barbican': get_barbican_client,
    # 'neutron': get_nova_client
    # 'baremetal_introspection': ...
    # 'swift': ...
@ -177,6 +188,7 @@ BASE_MANAGERS = {
    'glance': None,
    'trove': BASE_TROVE_MANAGER,
    'ironic': BASE_IRONIC_MANAGER,
+    'barbican': BASE_BARBICAN_MANAGER,
    # 'neutron': BASE_NOVA_MANAGER
    # 'baremetal_introspection': ...
    # 'swift': ...