summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-05-18 14:51:08 +0000
committerPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-05-22 23:22:09 +0000
commit58291109d6cb6ad903bf790a60acd6c6281dde39 (patch)
tree60267a3e5cbbe8aa2fc0b137d9afc058c45dbb41
parent619ea284e3d87d36da2efc74b37b2def272f5bf6 (diff)
downloaddefinitions-58291109d6cb6ad903bf790a60acd6c6281dde39.tar.gz
OpenStack: Install default configuration for keystone
-rw-r--r--openstack/manifest3
-rw-r--r--openstack/usr/share/openstack/keystone/keystone-paste.ini121
-rw-r--r--openstack/usr/share/openstack/keystone/logging.conf65
-rw-r--r--openstack/usr/share/openstack/keystone/policy.json171
-rw-r--r--strata/openstack-services.morph1
-rw-r--r--strata/openstack-services/keystone.morph9
6 files changed, 10 insertions, 360 deletions
diff --git a/openstack/manifest b/openstack/manifest
index aa4d5430..8193309c 100644
--- a/openstack/manifest
+++ b/openstack/manifest
@@ -38,10 +38,7 @@ template 0100644 0 0 /etc/tempest/tempest.conf
0100644 0 0 /usr/share/openstack/iscsi.yml
0100644 0 0 /usr/share/openstack/keystone.yml
0040755 0 0 /usr/share/openstack/keystone
-0100644 0 0 /usr/share/openstack/keystone/logging.conf
0100644 0 0 /usr/share/openstack/keystone/keystone.conf
-0100644 0 0 /usr/share/openstack/keystone/policy.json
-0100644 0 0 /usr/share/openstack/keystone/keystone-paste.ini
0100644 0 0 /usr/share/openstack/network.yml
0040755 0 0 /usr/share/openstack/neutron
0100644 0 0 /usr/share/openstack/neutron-config.yml
diff --git a/openstack/usr/share/openstack/keystone/keystone-paste.ini b/openstack/usr/share/openstack/keystone/keystone-paste.ini
deleted file mode 100644
index 46f994c3..00000000
--- a/openstack/usr/share/openstack/keystone/keystone-paste.ini
+++ /dev/null
@@ -1,121 +0,0 @@
-# Keystone PasteDeploy configuration file.
-
-[filter:debug]
-paste.filter_factory = keystone.common.wsgi:Debug.factory
-
-[filter:build_auth_context]
-paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory
-
-[filter:token_auth]
-paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory
-
-[filter:admin_token_auth]
-paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory
-
-[filter:xml_body]
-paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory
-
-[filter:xml_body_v2]
-paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV2.factory
-
-[filter:xml_body_v3]
-paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV3.factory
-
-[filter:json_body]
-paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory
-
-[filter:user_crud_extension]
-paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
-
-[filter:crud_extension]
-paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory
-
-[filter:ec2_extension]
-paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory
-
-[filter:ec2_extension_v3]
-paste.filter_factory = keystone.contrib.ec2:Ec2ExtensionV3.factory
-
-[filter:federation_extension]
-paste.filter_factory = keystone.contrib.federation.routers:FederationExtension.factory
-
-[filter:oauth1_extension]
-paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory
-
-[filter:s3_extension]
-paste.filter_factory = keystone.contrib.s3:S3Extension.factory
-
-[filter:endpoint_filter_extension]
-paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory
-
-[filter:endpoint_policy_extension]
-paste.filter_factory = keystone.contrib.endpoint_policy.routers:EndpointPolicyExtension.factory
-
-[filter:simple_cert_extension]
-paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory
-
-[filter:revoke_extension]
-paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory
-
-[filter:url_normalize]
-paste.filter_factory = keystone.middleware:NormalizingFilter.factory
-
-[filter:sizelimit]
-paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory
-
-[filter:stats_monitoring]
-paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory
-
-[filter:stats_reporting]
-paste.filter_factory = keystone.contrib.stats:StatsExtension.factory
-
-[filter:access_log]
-paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory
-
-[app:public_service]
-paste.app_factory = keystone.service:public_app_factory
-
-[app:service_v3]
-paste.app_factory = keystone.service:v3_app_factory
-
-[app:admin_service]
-paste.app_factory = keystone.service:admin_app_factory
-
-[pipeline:public_api]
-# The last item in this pipeline must be public_service or an equivalent
-# application. It cannot be a filter.
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service
-
-[pipeline:admin_api]
-# The last item in this pipeline must be admin_service or an equivalent
-# application. It cannot be a filter.
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension s3_extension crud_extension admin_service
-
-[pipeline:api_v3]
-# The last item in this pipeline must be service_v3 or an equivalent
-# application. It cannot be a filter.
-pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension service_v3
-
-[app:public_version_service]
-paste.app_factory = keystone.service:public_version_app_factory
-
-[app:admin_version_service]
-paste.app_factory = keystone.service:admin_version_app_factory
-
-[pipeline:public_version_api]
-pipeline = sizelimit url_normalize xml_body public_version_service
-
-[pipeline:admin_version_api]
-pipeline = sizelimit url_normalize xml_body admin_version_service
-
-[composite:main]
-use = egg:Paste#urlmap
-/v2.0 = public_api
-/v3 = api_v3
-/ = public_version_api
-
-[composite:admin]
-use = egg:Paste#urlmap
-/v2.0 = admin_api
-/v3 = api_v3
-/ = admin_version_api
diff --git a/openstack/usr/share/openstack/keystone/logging.conf b/openstack/usr/share/openstack/keystone/logging.conf
deleted file mode 100644
index 6cb8c425..00000000
--- a/openstack/usr/share/openstack/keystone/logging.conf
+++ /dev/null
@@ -1,65 +0,0 @@
-[loggers]
-keys=root,access
-
-[handlers]
-keys=production,file,access_file,devel
-
-[formatters]
-keys=minimal,normal,debug
-
-
-###########
-# Loggers #
-###########
-
-[logger_root]
-level=WARNING
-handlers=file
-
-[logger_access]
-level=INFO
-qualname=access
-handlers=access_file
-
-
-################
-# Log Handlers #
-################
-
-[handler_production]
-class=handlers.SysLogHandler
-level=ERROR
-formatter=normal
-args=(('localhost', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)
-
-[handler_file]
-class=handlers.WatchedFileHandler
-level=WARNING
-formatter=normal
-args=('error.log',)
-
-[handler_access_file]
-class=handlers.WatchedFileHandler
-level=INFO
-formatter=minimal
-args=('access.log',)
-
-[handler_devel]
-class=StreamHandler
-level=NOTSET
-formatter=debug
-args=(sys.stdout,)
-
-
-##################
-# Log Formatters #
-##################
-
-[formatter_minimal]
-format=%(message)s
-
-[formatter_normal]
-format=(%(name)s): %(asctime)s %(levelname)s %(message)s
-
-[formatter_debug]
-format=(%(name)s): %(asctime)s %(levelname)s %(module)s %(funcName)s %(message)s
diff --git a/openstack/usr/share/openstack/keystone/policy.json b/openstack/usr/share/openstack/keystone/policy.json
deleted file mode 100644
index af65205e..00000000
--- a/openstack/usr/share/openstack/keystone/policy.json
+++ /dev/null
@@ -1,171 +0,0 @@
-{
- "admin_required": "role:admin or is_admin:1",
- "service_role": "role:service",
- "service_or_admin": "rule:admin_required or rule:service_role",
- "owner" : "user_id:%(user_id)s",
- "admin_or_owner": "rule:admin_required or rule:owner",
-
- "default": "rule:admin_required",
-
- "identity:get_region": "",
- "identity:list_regions": "",
- "identity:create_region": "rule:admin_required",
- "identity:update_region": "rule:admin_required",
- "identity:delete_region": "rule:admin_required",
-
- "identity:get_service": "rule:admin_required",
- "identity:list_services": "rule:admin_required",
- "identity:create_service": "rule:admin_required",
- "identity:update_service": "rule:admin_required",
- "identity:delete_service": "rule:admin_required",
-
- "identity:get_endpoint": "rule:admin_required",
- "identity:list_endpoints": "rule:admin_required",
- "identity:create_endpoint": "rule:admin_required",
- "identity:update_endpoint": "rule:admin_required",
- "identity:delete_endpoint": "rule:admin_required",
-
- "identity:get_domain": "rule:admin_required",
- "identity:list_domains": "rule:admin_required",
- "identity:create_domain": "rule:admin_required",
- "identity:update_domain": "rule:admin_required",
- "identity:delete_domain": "rule:admin_required",
-
- "identity:get_project": "rule:admin_required",
- "identity:list_projects": "rule:admin_required",
- "identity:list_user_projects": "rule:admin_or_owner",
- "identity:create_project": "rule:admin_required",
- "identity:update_project": "rule:admin_required",
- "identity:delete_project": "rule:admin_required",
-
- "identity:get_user": "rule:admin_required",
- "identity:list_users": "rule:admin_required",
- "identity:create_user": "rule:admin_required",
- "identity:update_user": "rule:admin_required",
- "identity:delete_user": "rule:admin_required",
- "identity:change_password": "rule:admin_or_owner",
-
- "identity:get_group": "rule:admin_required",
- "identity:list_groups": "rule:admin_required",
- "identity:list_groups_for_user": "rule:admin_or_owner",
- "identity:create_group": "rule:admin_required",
- "identity:update_group": "rule:admin_required",
- "identity:delete_group": "rule:admin_required",
- "identity:list_users_in_group": "rule:admin_required",
- "identity:remove_user_from_group": "rule:admin_required",
- "identity:check_user_in_group": "rule:admin_required",
- "identity:add_user_to_group": "rule:admin_required",
-
- "identity:get_credential": "rule:admin_required",
- "identity:list_credentials": "rule:admin_required",
- "identity:create_credential": "rule:admin_required",
- "identity:update_credential": "rule:admin_required",
- "identity:delete_credential": "rule:admin_required",
-
- "identity:ec2_get_credential": "rule:admin_or_owner",
- "identity:ec2_list_credentials": "rule:admin_or_owner",
- "identity:ec2_create_credential": "rule:admin_or_owner",
- "identity:ec2_delete_credential": "rule:admin_required or (rule:owner and user_id:%(target.credential.user_id)s)",
-
- "identity:get_role": "rule:admin_required",
- "identity:list_roles": "rule:admin_required",
- "identity:create_role": "rule:admin_required",
- "identity:update_role": "rule:admin_required",
- "identity:delete_role": "rule:admin_required",
-
- "identity:check_grant": "rule:admin_required",
- "identity:list_grants": "rule:admin_required",
- "identity:create_grant": "rule:admin_required",
- "identity:revoke_grant": "rule:admin_required",
-
- "identity:list_role_assignments": "rule:admin_required",
-
- "identity:get_policy": "rule:admin_required",
- "identity:list_policies": "rule:admin_required",
- "identity:create_policy": "rule:admin_required",
- "identity:update_policy": "rule:admin_required",
- "identity:delete_policy": "rule:admin_required",
-
- "identity:check_token": "rule:admin_required",
- "identity:validate_token": "rule:service_or_admin",
- "identity:validate_token_head": "rule:service_or_admin",
- "identity:revocation_list": "rule:service_or_admin",
- "identity:revoke_token": "rule:admin_or_owner",
-
- "identity:create_trust": "user_id:%(trust.trustor_user_id)s",
- "identity:get_trust": "rule:admin_or_owner",
- "identity:list_trusts": "",
- "identity:list_roles_for_trust": "",
- "identity:check_role_for_trust": "",
- "identity:get_role_for_trust": "",
- "identity:delete_trust": "",
-
- "identity:create_consumer": "rule:admin_required",
- "identity:get_consumer": "rule:admin_required",
- "identity:list_consumers": "rule:admin_required",
- "identity:delete_consumer": "rule:admin_required",
- "identity:update_consumer": "rule:admin_required",
-
- "identity:authorize_request_token": "rule:admin_required",
- "identity:list_access_token_roles": "rule:admin_required",
- "identity:get_access_token_role": "rule:admin_required",
- "identity:list_access_tokens": "rule:admin_required",
- "identity:get_access_token": "rule:admin_required",
- "identity:delete_access_token": "rule:admin_required",
-
- "identity:list_projects_for_endpoint": "rule:admin_required",
- "identity:add_endpoint_to_project": "rule:admin_required",
- "identity:check_endpoint_in_project": "rule:admin_required",
- "identity:list_endpoints_for_project": "rule:admin_required",
- "identity:remove_endpoint_from_project": "rule:admin_required",
-
- "identity:create_endpoint_group": "rule:admin_required",
- "identity:list_endpoint_groups": "rule:admin_required",
- "identity:get_endpoint_group": "rule:admin_required",
- "identity:update_endpoint_group": "rule:admin_required",
- "identity:delete_endpoint_group": "rule:admin_required",
- "identity:list_projects_associated_with_endpoint_group": "rule:admin_required",
- "identity:list_endpoints_associated_with_endpoint_group": "rule:admin_required",
- "identity:list_endpoint_groups_for_project": "rule:admin_required",
- "identity:add_endpoint_group_to_project": "rule:admin_required",
- "identity:remove_endpoint_group_from_project": "rule:admin_required",
-
- "identity:create_identity_provider": "rule:admin_required",
- "identity:list_identity_providers": "rule:admin_required",
- "identity:get_identity_providers": "rule:admin_required",
- "identity:update_identity_provider": "rule:admin_required",
- "identity:delete_identity_provider": "rule:admin_required",
-
- "identity:create_protocol": "rule:admin_required",
- "identity:update_protocol": "rule:admin_required",
- "identity:get_protocol": "rule:admin_required",
- "identity:list_protocols": "rule:admin_required",
- "identity:delete_protocol": "rule:admin_required",
-
- "identity:create_mapping": "rule:admin_required",
- "identity:get_mapping": "rule:admin_required",
- "identity:list_mappings": "rule:admin_required",
- "identity:delete_mapping": "rule:admin_required",
- "identity:update_mapping": "rule:admin_required",
-
- "identity:get_auth_catalog": "",
- "identity:get_auth_projects": "",
- "identity:get_auth_domains": "",
-
- "identity:list_projects_for_groups": "",
- "identity:list_domains_for_groups": "",
-
- "identity:list_revoke_events": "",
-
- "identity:create_policy_association_for_endpoint": "rule:admin_required",
- "identity:check_policy_association_for_endpoint": "rule:admin_required",
- "identity:delete_policy_association_for_endpoint": "rule:admin_required",
- "identity:create_policy_association_for_service": "rule:admin_required",
- "identity:check_policy_association_for_service": "rule:admin_required",
- "identity:delete_policy_association_for_service": "rule:admin_required",
- "identity:create_policy_association_for_region_and_service": "rule:admin_required",
- "identity:check_policy_association_for_region_and_service": "rule:admin_required",
- "identity:delete_policy_association_for_region_and_service": "rule:admin_required",
- "identity:get_policy_for_endpoint": "rule:admin_required",
- "identity:list_endpoints_for_policy": "rule:admin_required"
-}
diff --git a/strata/openstack-services.morph b/strata/openstack-services.morph
index d0fac3b8..98bc2bd5 100644
--- a/strata/openstack-services.morph
+++ b/strata/openstack-services.morph
@@ -435,6 +435,7 @@ chunks:
ref: 13ff5e8899300c9b359fa1bdfdb3d412be0d7356
unpetrify-ref: 2.4.0
- name: keystone
+ morph: strata/openstack-services/keystone.morph
repo: upstream:openstack/keystone
ref: 5d3b31f9c3d34599ff8a83eeb7530fc6e0b1b67b
unpetrify-ref: 2015.1.0
diff --git a/strata/openstack-services/keystone.morph b/strata/openstack-services/keystone.morph
new file mode 100644
index 00000000..836b5d47
--- /dev/null
+++ b/strata/openstack-services/keystone.morph
@@ -0,0 +1,9 @@
+name: keystone
+kind: chunk
+build-system: python-distutils
+post-install-commands:
+# Install some default configuration files
+- mkdir -p "$DESTDIR"/etc/keystone
+- install -m 644 etc/keystone-paste.ini "$DESTDIR"/etc/keystone/
+- install -m 644 etc/policy.json "$DESTDIR"/etc/keystone/
+- install -m 644 etc/logging.conf.sample "$DESTDIR"/etc/keystone/logging.conf