Merge "Add actions to expose OpenStack Barbican APIs"
This commit is contained in:
commit
62e0f8d61c
|
@ -19,7 +19,7 @@ from mistral.actions.openstack.action_generator import base
|
|||
|
||||
SUPPORTED_MODULES = [
|
||||
'Nova', 'Glance', 'Keystone', 'Heat', 'Neutron', 'Cinder', 'Ceilometer',
|
||||
'Trove', 'Ironic', 'Baremetal Introspection', 'Swift', 'Zaqar'
|
||||
'Trove', 'Ironic', 'Baremetal Introspection', 'Swift', 'Zaqar', 'Barbican'
|
||||
]
|
||||
|
||||
|
||||
|
|
|
@ -14,12 +14,14 @@
|
|||
|
||||
import functools
|
||||
|
||||
from barbicanclient import client as barbicanclient
|
||||
from ceilometerclient.v2 import client as ceilometerclient
|
||||
from cinderclient.v2 import client as cinderclient
|
||||
from glanceclient.v2 import client as glanceclient
|
||||
from heatclient.v1 import client as heatclient
|
||||
from ironic_inspector_client import v1 as ironic_inspector_client
|
||||
from ironicclient.v1 import client as ironicclient
|
||||
from keystoneclient.auth import identity
|
||||
from keystoneclient import httpclient
|
||||
from keystoneclient.v3 import client as keystoneclient
|
||||
from neutronclient.v2_0 import client as neutronclient
|
||||
|
@ -425,3 +427,102 @@ class ZaqarAction(base.OpenStackAction):
|
|||
queue = client.queue(queue_name)
|
||||
|
||||
return queue.pop(count)
|
||||
|
||||
|
||||
class BarbicanAction(base.OpenStackAction):
|
||||
_client_class = barbicanclient.Client
|
||||
|
||||
def _get_client(self):
|
||||
ctx = context.ctx()
|
||||
|
||||
LOG.debug("Barbican action security context: %s" % ctx)
|
||||
|
||||
barbican_endpoint = keystone_utils.get_endpoint_for_project('barbican')
|
||||
keystone_endpoint = keystone_utils.get_keystone_endpoint_v2()
|
||||
|
||||
auth = identity.v2.Token(
|
||||
auth_url=keystone_endpoint.url,
|
||||
tenant_name=ctx.user_name,
|
||||
token=ctx.auth_token,
|
||||
tenant_id=ctx.project_id
|
||||
)
|
||||
|
||||
return self._client_class(
|
||||
project_id=ctx.project_id,
|
||||
endpoint=barbican_endpoint.url,
|
||||
auth=auth
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def _get_fake_client(cls):
|
||||
return cls._client_class(
|
||||
project_id="1",
|
||||
endpoint="http://127.0.0.1:9311"
|
||||
)
|
||||
|
||||
@classmethod
|
||||
def _get_client_method(cls, client):
|
||||
if cls.client_method_name != "secrets_store":
|
||||
return super(BarbicanAction, cls)._get_client_method(client)
|
||||
|
||||
method = getattr(cls, cls.client_method_name)
|
||||
|
||||
@functools.wraps(method)
|
||||
def wrap(*args, **kwargs):
|
||||
return method(client, *args, **kwargs)
|
||||
|
||||
args = inspect_utils.get_arg_list_as_str(method)
|
||||
|
||||
# Remove client.
|
||||
wrap.__arguments__ = args.split(', ', 1)[1]
|
||||
|
||||
return wrap
|
||||
|
||||
@staticmethod
|
||||
def secrets_store(client,
|
||||
name=None,
|
||||
payload=None,
|
||||
algorithm=None,
|
||||
bit_length=None,
|
||||
secret_type=None,
|
||||
mode=None, expiration=None):
|
||||
"""Create and Store a secret in Barbican.
|
||||
|
||||
:param name: A friendly name for the Secret
|
||||
:type name: string
|
||||
|
||||
:param payload: The unencrypted secret data
|
||||
:type payload: string
|
||||
|
||||
:param algorithm: The algorithm associated with this secret key
|
||||
:type algorithm: string
|
||||
|
||||
:param bit_length: The bit length of this secret key
|
||||
:type bit_length: int
|
||||
|
||||
:param secret_type: The secret type for this secret key
|
||||
:type secret_type: string
|
||||
|
||||
:param mode: The algorithm mode used with this secret keybit_length:
|
||||
:type mode: string
|
||||
|
||||
:param expiration: The expiration time of the secret in ISO 8601 format
|
||||
:type expiration: string
|
||||
|
||||
:returns: A new Secret object
|
||||
:rtype: class:`barbicanclient.secrets.Secret'
|
||||
"""
|
||||
|
||||
entity = client.secrets.create(
|
||||
name,
|
||||
payload,
|
||||
algorithm,
|
||||
bit_length,
|
||||
secret_type,
|
||||
mode,
|
||||
expiration
|
||||
)
|
||||
|
||||
entity.store()
|
||||
|
||||
return entity._get_formatted_entity()
|
||||
|
|
|
@ -943,5 +943,27 @@
|
|||
"queue_messages": "queue_messages",
|
||||
"queue_post": "queue_post",
|
||||
"queue_pop": "queue_pop"
|
||||
},
|
||||
"barbican": {
|
||||
"_comment": "It uses barbicanclient",
|
||||
"secrets_get": "secrets.get",
|
||||
"secrets_create": "secrets.create",
|
||||
"secrets_delete": "secrets.delete",
|
||||
"secrets_list": "secrets.list",
|
||||
"containers_get": "containers.get",
|
||||
"containers_create": "containers.create",
|
||||
"containers_create_certificate": "containers.create_certificate",
|
||||
"containers_create_rsa": "containers.create_rsa",
|
||||
"containers_delete": "containers.delete",
|
||||
"containers_list": "containers.list",
|
||||
"containers_register_consumer": "containers.register_consumer",
|
||||
"containers_remove_consumer": "containers.remove_consumer",
|
||||
"orders_get": "orders.get",
|
||||
"orders_create": "orders.create",
|
||||
"orders_create_key": "orders.create_key",
|
||||
"orders_create_asymmetric": "orders.create_asymmetric",
|
||||
"orders_delete": "orders.delete",
|
||||
"orders_list": "orders.list",
|
||||
"secrets_store": "secrets_store"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -30,6 +30,7 @@ MODULE_MAPPING = {
|
|||
actions.BaremetalIntrospectionAction],
|
||||
'swift': ['swift.head_account', actions.SwiftAction],
|
||||
'zaqar': ['zaqar.queue_messages', actions.ZaqarAction],
|
||||
'barbican': ['barbican.orders_list', actions.BarbicanAction],
|
||||
}
|
||||
|
||||
EXTRA_MODULES = ['neutron', 'swift', 'zaqar']
|
||||
|
|
|
@ -163,3 +163,15 @@ class OpenStackActionTest(base.BaseTestCase):
|
|||
|
||||
mocked().queue.assert_called_once_with('foo')
|
||||
mocked().queue().messages.assert_called_once_with()
|
||||
|
||||
@mock.patch.object(actions.BarbicanAction, '_get_client')
|
||||
def test_barbican_action(self, mocked):
|
||||
method_name = "orders_list"
|
||||
action_class = actions.BarbicanAction
|
||||
action_class.client_method_name = method_name
|
||||
params = {'limit': 5}
|
||||
action = action_class(**params)
|
||||
action.run()
|
||||
|
||||
self.assertTrue(mocked().orders_list.called)
|
||||
mocked().orders_list.assert_called_once_with(limit=5)
|
||||
|
|
|
@ -21,6 +21,7 @@ oslo.service>=1.0.0 # Apache-2.0
|
|||
paramiko>=1.13.0 # LGPL
|
||||
pbr>=1.6 # Apache-2.0
|
||||
pecan>=1.0.0 # BSD
|
||||
python-barbicanclient>=3.3.0 # Apache-2.0
|
||||
python-ceilometerclient>=2.2.1 # Apache-2.0
|
||||
python-cinderclient>=1.3.1 # Apache-2.0
|
||||
python-glanceclient>=1.2.0 # Apache-2.0
|
||||
|
|
|
@ -18,6 +18,8 @@ import inspect
|
|||
import json
|
||||
import os
|
||||
|
||||
from barbicanclient import base as barbican_base
|
||||
from barbicanclient import client as barbicanclient
|
||||
from ceilometerclient.v2 import client as ceilometerclient
|
||||
from cinderclient import utils as cinder_base
|
||||
from cinderclient.v2 import client as cinderclient
|
||||
|
@ -71,6 +73,7 @@ BASE_KEYSTONE_MANAGER = keystone_base.Manager
|
|||
BASE_CINDER_MANAGER = cinder_base.HookableMixin
|
||||
BASE_TROVE_MANAGER = trove_base.Manager
|
||||
BASE_IRONIC_MANAGER = ironic_base.Manager
|
||||
BASE_BARBICAN_MANAGER = barbican_base.BaseEntityManager
|
||||
|
||||
|
||||
def get_parser():
|
||||
|
@ -154,6 +157,13 @@ def get_ironic_client(**kwargs):
|
|||
return ironicclient.Client("http://127.0.0.1:6385/")
|
||||
|
||||
|
||||
def get_barbican_client(**kwargs):
|
||||
return barbicanclient.Client(
|
||||
project_id="1",
|
||||
endpoint="http://127.0.0.1:9311"
|
||||
)
|
||||
|
||||
|
||||
CLIENTS = {
|
||||
'nova': get_nova_client,
|
||||
'heat': get_heat_client,
|
||||
|
@ -163,6 +173,7 @@ CLIENTS = {
|
|||
'glance': get_glance_client,
|
||||
'trove': get_trove_client,
|
||||
'ironic': get_ironic_client,
|
||||
'barbican': get_barbican_client,
|
||||
# 'neutron': get_nova_client
|
||||
# 'baremetal_introspection': ...
|
||||
# 'swift': ...
|
||||
|
@ -177,6 +188,7 @@ BASE_MANAGERS = {
|
|||
'glance': None,
|
||||
'trove': BASE_TROVE_MANAGER,
|
||||
'ironic': BASE_IRONIC_MANAGER,
|
||||
'barbican': BASE_BARBICAN_MANAGER,
|
||||
# 'neutron': BASE_NOVA_MANAGER
|
||||
# 'baremetal_introspection': ...
|
||||
# 'swift': ...
|
||||
|
|
Loading…
Reference in New Issue