def create_main_app(global_config, **local_conf): """uWSGI factory method for the Barbican-API application""" config.parse_args() log.setup('barbican') # Crypto Plugin Manager crypto_mgr = CryptoExtensionManager( 'barbican.crypto.extension', ['simple_crypto'] # TODO: grab this list from cfg ) # Resources VERSIONS = VersionResource() SECRETS = SecretsResource(crypto_mgr) SECRET = SecretResource(crypto_mgr) ORDERS = OrdersResource() ORDER = OrderResource() wsgi_app = api = falcon.API() api.add_route('/', VERSIONS) api.add_route('/v1/{tenant_id}/secrets', SECRETS) api.add_route('/v1/{tenant_id}/secrets/{secret_id}', SECRET) api.add_route('/v1/{tenant_id}/orders', ORDERS) api.add_route('/v1/{tenant_id}/orders/{order_id}', ORDER) return wsgi_app
def create_main_app(global_config, **local_conf): """uWSGI factory method for the Barbican-API application""" # Configure oslo logging and configuration services. config.parse_args() log.setup('barbican') # Crypto Plugin Manager crypto_mgr = ext.CryptoExtensionManager() # Resources versions = res.VersionResource() secrets = res.SecretsResource(crypto_mgr) secret = res.SecretResource(crypto_mgr) orders = res.OrdersResource() order = res.OrderResource() wsgi_app = api = falcon.API() api.add_route('/', versions) api.add_route('/v1/{keystone_id}/secrets', secrets) api.add_route('/v1/{keystone_id}/secrets/{secret_id}', secret) api.add_route('/v1/{keystone_id}/orders', orders) api.add_route('/v1/{keystone_id}/orders/{order_id}', order) return wsgi_app
def create_main_app(global_config, **local_conf): """uWSGI factory method for the Barbican-API application""" # Configure oslo logging and configuration services. config.parse_args() log.setup("barbican") # Crypto Plugin Manager crypto_mgr = ext.CryptoExtensionManager() # Resources versions = res.VersionResource() secrets = res.SecretsResource(crypto_mgr) secret = res.SecretResource(crypto_mgr) orders = res.OrdersResource() order = res.OrderResource() # For performance testing only performance = res.PerformanceResource() performance_uri = "mu-1a90dfd0-7e7abba4-4e459908-fc097d60" wsgi_app = api = falcon.API() api.add_route("/", versions) api.add_route("/v1/{keystone_id}/secrets", secrets) api.add_route("/v1/{keystone_id}/secrets/{secret_id}", secret) api.add_route("/v1/{keystone_id}/orders", orders) api.add_route("/v1/{keystone_id}/orders/{order_id}", order) # For performance testing only api.add_route("/{0}".format(performance_uri), performance) return wsgi_app
def create_version_app(global_config, **local_conf): config.parse_args() versions = res.VersionResource() wsgi_app = api = falcon.API() api.add_route('/', versions) return wsgi_app
def create_admin_app(global_config, **local_conf): config.parse_args() versions = res.VersionResource() wsgi_app = api = falcon.API() api.add_route('/', versions) return wsgi_app
def create_main_app(global_config, **local_conf): """uWSGI factory method for the Barbican-API application""" # Configure oslo logging and configuration services. config.parse_args() log.setup('barbican') # Crypto Plugin Manager crypto_mgr = ext.CryptoExtensionManager() # Queuing initialization CONF = cfg.CONF queue.init(CONF) # Resources versions = res.VersionResource() secrets = res.SecretsResource(crypto_mgr) secret = res.SecretResource(crypto_mgr) orders = res.OrdersResource() order = res.OrderResource() verifications = res.VerificationsResource() verification = res.VerificationResource() containers = res.ContainersResource() container = res.ContainerResource() # For performance testing only performance = res.PerformanceResource() performance_uri = 'mu-1a90dfd0-7e7abba4-4e459908-fc097d60' wsgi_app = api = falcon.API() if newrelic_loaded: wsgi_app = newrelic.agent.WSGIApplicationWrapper(wsgi_app) api.add_route('/', versions) api.add_route('/v1/{keystone_id}/secrets', secrets) api.add_route('/v1/{keystone_id}/secrets/{secret_id}', secret) api.add_route('/v1/{keystone_id}/orders', orders) api.add_route('/v1/{keystone_id}/orders/{order_id}', order) api.add_route('/v1/{keystone_id}/verifications', verifications) api.add_route('/v1/{keystone_id}/verifications/{verification_id}', verification) api.add_route('/v1/{keystone_id}/containers/', containers) api.add_route('/v1/{keystone_id}/containers/{container_id}', container) # For performance testing only api.add_route('/{0}'.format(performance_uri), performance) return wsgi_app
def create_main_app(global_config, **local_conf): """uWSGI factory method for the Barbican-API application""" config.parse_args() log.setup('barbican') # Resources VERSIONS = VersionResource() SECRETS = SecretsResource() SECRET = SecretResource() ORDERS = OrdersResource() ORDER = OrderResource() wsgi_app = api = falcon.API() api.add_route('/', VERSIONS) api.add_route('/v1/{tenant_id}/secrets', SECRETS) api.add_route('/v1/{tenant_id}/secrets/{secret_id}', SECRET) api.add_route('/v1/{tenant_id}/orders', ORDERS) api.add_route('/v1/{tenant_id}/orders/{order_id}', ORDER) return wsgi_app
def create_main_app(global_config, **local_conf): """uWSGI factory method for the Barbican-API application.""" # Configure oslo logging and configuration services. config.parse_args() log.setup('barbican') config.setup_remote_pydev_debug() # Queuing initialization CONF = cfg.CONF queue.init(CONF) class RootController(object): secrets = secrets.SecretsController() orders = orders.OrdersController() containers = containers.ContainersController() transport_keys = transportkeys.TransportKeysController() wsgi_app = PecanAPI(RootController(), force_canonical=False) if newrelic_loaded: wsgi_app = newrelic.agent.WSGIApplicationWrapper(wsgi_app) return wsgi_app
def create_main_app(global_config, **local_conf): """uWSGI factory method for the Barbican-API application.""" # Configure oslo logging and configuration services. config.parse_args() log.setup('barbican') config.setup_remote_pydev_debug() # Queuing initialization CONF = cfg.CONF queue.init(CONF, is_server_side=False) class RootController(object): secrets = secrets.SecretsController() orders = orders.OrdersController() containers = containers.ContainersController() transport_keys = transportkeys.TransportKeysController() wsgi_app = PecanAPI( RootController(), is_transactional=True, force_canonical=False) if newrelic_loaded: wsgi_app = newrelic.agent.WSGIApplicationWrapper(wsgi_app) return wsgi_app
def create_main_app(global_config, **local_conf): """uWSGI factory method for the Barbican-API application.""" # Queuing initialization CONF = cfg.CONF queue.init(CONF, is_server_side=False) # Configure oslo logging and configuration services. config.parse_args() log.setup(CONF, 'barbican') config.setup_remote_pydev_debug() # Initializing the database engine and session factory before the app # starts ensures we don't lose requests due to lazy initialiation of db # connections. repositories.setup_database_engine_and_factory() # Setup app with transactional hook enabled wsgi_app = build_wsgi_app(transactional=True) if newrelic_loaded: wsgi_app = newrelic.agent.WSGIApplicationWrapper(wsgi_app) return wsgi_app
cfg.StrOpt('ca_cert_path', help=u._('Path to CA certicate file')), cfg.StrOpt('ca_cert_key_path', help=u._('Path to CA certificate key file')), cfg.StrOpt('ca_cert_chain_path', help=u._('Path to CA certicate chain file')), cfg.StrOpt('ca_cert_pkcs7_path', help=u._('Path to CA chain pkcs7 file')), cfg.StrOpt('subca_cert_key_directory', default='/etc/barbican/snakeoil-cas', help=u._('Directory in which to store certs/keys for subcas')), ] CONF.register_group(snakeoil_ca_plugin_group) CONF.register_opts(snakeoil_ca_plugin_opts, group=snakeoil_ca_plugin_group) config.parse_args(CONF) def set_subject_X509Name(target, dn): """Set target X509Name object with parsed dn. This is very basic and should certainly be replaced by something using cryptography for instance, but will do for a basic test CA """ # TODO(alee) Figure out why C (country) is not working fields = dn.split(',') for field in fields: m = re.search(r"(\w+)\s*=\s*(.+)", field.strip()) name = m.group(1) value = m.group(2)
CONF = config.new_config() LOG = utils.getLogger(__name__) p11_crypto_plugin_group = cfg.OptGroup(name='p11_crypto_plugin', title="PKCS11 Crypto Plugin Options") p11_crypto_plugin_opts = [ cfg.StrOpt('library_path', help=u._('Path to vendor PKCS11 library')), cfg.StrOpt('login', help=u._('Password to login to PKCS11 session')), cfg.StrOpt('mkek_label', help=u._('Master KEK label (used in the HSM)')), cfg.IntOpt('mkek_length', help=u._('Master KEK length in bytes.')), cfg.StrOpt('hmac_label', help=u._('HMAC label (used in the HSM)')), cfg.IntOpt('slot_id', help=u._('HSM Slot ID'), default=1), ] CONF.register_group(p11_crypto_plugin_group) CONF.register_opts(p11_crypto_plugin_opts, group=p11_crypto_plugin_group) config.parse_args(CONF) class P11CryptoPlugin(plugin.CryptoPluginBase): """PKCS11 supporting implementation of the crypto plugin. Generates a single master key and a single HMAC key that remain in the HSM, then generates a key per project in the HSM, wraps the key, computes an HMAC, and stores it in the DB. The project key is never unencrypted outside the HSM. """ def __init__(self, conf=CONF, ffi=None): self.conf = conf if conf.p11_crypto_plugin.library_path is None: raise ValueError(u._("library_path is required")) self.pkcs11 = pkcs11.PKCS11(
from barbican.openstack.common import service from barbican import queue from barbican.queue import retry_scheduler from oslo_config import cfg from oslo_log import log def fail(returncode, e): sys.stderr.write("ERROR: {0}\n".format(e)) sys.exit(returncode) if __name__ == '__main__': try: config.parse_args() CONF = cfg.CONF # Import and configure logging. log.setup(CONF, 'barbican-retry-scheduler') LOG = log.getLogger(__name__) LOG.debug("Booting up Barbican worker retry/scheduler node...") # Queuing initialization (as a client only). queue.init(CONF, is_server_side=False) service.launch( retry_scheduler.PeriodicServer() ).wait() except RuntimeError as e: fail(1, e)
def create_admin_app(global_config, **local_conf): config.parse_args() wsgi_app = pecan.make_app(versions.VersionController()) return wsgi_app
from barbican.common import config from barbican.openstack.common import log from barbican.openstack.common import service from barbican import queue from barbican.queue import keystone_listener from oslo_config import cfg def fail(returncode, e): sys.stderr.write("ERROR: {0}\n".format(e)) sys.exit(returncode) if __name__ == '__main__': try: config.parse_args() config.setup_remote_pydev_debug() # Import and configure logging. log.setup('barbican') LOG = log.getLogger(__name__) LOG.info("Booting up Barbican Keystone listener node...") # Queuing initialization CONF = cfg.CONF queue.init(CONF) if getattr(getattr(CONF, queue.KS_NOTIFICATIONS_GRP_NAME), 'enable'): service.launch( keystone_listener.MessageServer(CONF) ).wait()