def create_main_app(global_config, **local_conf):
"""uWSGI factory method for the Barbican-API application"""
config.parse_args()
log.setup('barbican')
# Crypto Plugin Manager
crypto_mgr = CryptoExtensionManager(
'barbican.crypto.extension',
['simple_crypto'] # TODO: grab this list from cfg
)
# Resources
VERSIONS = VersionResource()
SECRETS = SecretsResource(crypto_mgr)
SECRET = SecretResource(crypto_mgr)
ORDERS = OrdersResource()
ORDER = OrderResource()
wsgi_app = api = falcon.API()
api.add_route('/', VERSIONS)
api.add_route('/v1/{tenant_id}/secrets', SECRETS)
api.add_route('/v1/{tenant_id}/secrets/{secret_id}', SECRET)
api.add_route('/v1/{tenant_id}/orders', ORDERS)
api.add_route('/v1/{tenant_id}/orders/{order_id}', ORDER)
return wsgi_app
def create_main_app(global_config, **local_conf):
"""uWSGI factory method for the Barbican-API application"""
# Configure oslo logging and configuration services.
config.parse_args()
log.setup('barbican')
# Crypto Plugin Manager
crypto_mgr = ext.CryptoExtensionManager()
# Resources
versions = res.VersionResource()
secrets = res.SecretsResource(crypto_mgr)
secret = res.SecretResource(crypto_mgr)
orders = res.OrdersResource()
order = res.OrderResource()
wsgi_app = api = falcon.API()
api.add_route('/', versions)
api.add_route('/v1/{keystone_id}/secrets', secrets)
api.add_route('/v1/{keystone_id}/secrets/{secret_id}', secret)
api.add_route('/v1/{keystone_id}/orders', orders)
api.add_route('/v1/{keystone_id}/orders/{order_id}', order)
return wsgi_app
def create_main_app(global_config, **local_conf):
"""uWSGI factory method for the Barbican-API application"""
# Configure oslo logging and configuration services.
config.parse_args()
log.setup('barbican')
# Crypto Plugin Manager
crypto_mgr = ext.CryptoExtensionManager()
# Resources
versions = res.VersionResource()
secrets = res.SecretsResource(crypto_mgr)
secret = res.SecretResource(crypto_mgr)
orders = res.OrdersResource()
order = res.OrderResource()
wsgi_app = api = falcon.API()
api.add_route('/', versions)
api.add_route('/v1/{keystone_id}/secrets', secrets)
api.add_route('/v1/{keystone_id}/secrets/{secret_id}', secret)
api.add_route('/v1/{keystone_id}/orders', orders)
api.add_route('/v1/{keystone_id}/orders/{order_id}', order)
return wsgi_app
def create_main_app(global_config, **local_conf):
"""uWSGI factory method for the Barbican-API application"""
# Configure oslo logging and configuration services.
config.parse_args()
log.setup("barbican")
# Crypto Plugin Manager
crypto_mgr = ext.CryptoExtensionManager()
# Resources
versions = res.VersionResource()
secrets = res.SecretsResource(crypto_mgr)
secret = res.SecretResource(crypto_mgr)
orders = res.OrdersResource()
order = res.OrderResource()
# For performance testing only
performance = res.PerformanceResource()
performance_uri = "mu-1a90dfd0-7e7abba4-4e459908-fc097d60"
wsgi_app = api = falcon.API()
api.add_route("/", versions)
api.add_route("/v1/{keystone_id}/secrets", secrets)
api.add_route("/v1/{keystone_id}/secrets/{secret_id}", secret)
api.add_route("/v1/{keystone_id}/orders", orders)
api.add_route("/v1/{keystone_id}/orders/{order_id}", order)
# For performance testing only
api.add_route("/{0}".format(performance_uri), performance)
return wsgi_app
def create_version_app(global_config, **local_conf):
config.parse_args()
versions = res.VersionResource()
wsgi_app = api = falcon.API()
api.add_route('/', versions)
return wsgi_app
def create_admin_app(global_config, **local_conf):
config.parse_args()
versions = res.VersionResource()
wsgi_app = api = falcon.API()
api.add_route('/', versions)
return wsgi_app
def create_main_app(global_config, **local_conf):
"""uWSGI factory method for the Barbican-API application"""
# Configure oslo logging and configuration services.
config.parse_args()
log.setup('barbican')
# Crypto Plugin Manager
crypto_mgr = ext.CryptoExtensionManager()
# Queuing initialization
CONF = cfg.CONF
queue.init(CONF)
# Resources
versions = res.VersionResource()
secrets = res.SecretsResource(crypto_mgr)
secret = res.SecretResource(crypto_mgr)
orders = res.OrdersResource()
order = res.OrderResource()
verifications = res.VerificationsResource()
verification = res.VerificationResource()
containers = res.ContainersResource()
container = res.ContainerResource()
# For performance testing only
performance = res.PerformanceResource()
performance_uri = 'mu-1a90dfd0-7e7abba4-4e459908-fc097d60'
wsgi_app = api = falcon.API()
if newrelic_loaded:
wsgi_app = newrelic.agent.WSGIApplicationWrapper(wsgi_app)
api.add_route('/', versions)
api.add_route('/v1/{keystone_id}/secrets', secrets)
api.add_route('/v1/{keystone_id}/secrets/{secret_id}', secret)
api.add_route('/v1/{keystone_id}/orders', orders)
api.add_route('/v1/{keystone_id}/orders/{order_id}', order)
api.add_route('/v1/{keystone_id}/verifications', verifications)
api.add_route('/v1/{keystone_id}/verifications/{verification_id}',
verification)
api.add_route('/v1/{keystone_id}/containers/', containers)
api.add_route('/v1/{keystone_id}/containers/{container_id}', container)
# For performance testing only
api.add_route('/{0}'.format(performance_uri), performance)
return wsgi_app
def create_main_app(global_config, **local_conf):
"""uWSGI factory method for the Barbican-API application"""
config.parse_args()
log.setup('barbican')
# Resources
VERSIONS = VersionResource()
SECRETS = SecretsResource()
SECRET = SecretResource()
ORDERS = OrdersResource()
ORDER = OrderResource()
wsgi_app = api = falcon.API()
api.add_route('/', VERSIONS)
api.add_route('/v1/{tenant_id}/secrets', SECRETS)
api.add_route('/v1/{tenant_id}/secrets/{secret_id}', SECRET)
api.add_route('/v1/{tenant_id}/orders', ORDERS)
api.add_route('/v1/{tenant_id}/orders/{order_id}', ORDER)
return wsgi_app
def create_main_app(global_config, **local_conf):
"""uWSGI factory method for the Barbican-API application."""
# Configure oslo logging and configuration services.
config.parse_args()
log.setup('barbican')
config.setup_remote_pydev_debug()
# Queuing initialization
CONF = cfg.CONF
queue.init(CONF)
class RootController(object):
secrets = secrets.SecretsController()
orders = orders.OrdersController()
containers = containers.ContainersController()
transport_keys = transportkeys.TransportKeysController()
wsgi_app = PecanAPI(RootController(), force_canonical=False)
if newrelic_loaded:
wsgi_app = newrelic.agent.WSGIApplicationWrapper(wsgi_app)
return wsgi_app
def create_main_app(global_config, **local_conf):
"""uWSGI factory method for the Barbican-API application."""
# Configure oslo logging and configuration services.
config.parse_args()
log.setup('barbican')
config.setup_remote_pydev_debug()
# Queuing initialization
CONF = cfg.CONF
queue.init(CONF, is_server_side=False)
class RootController(object):
secrets = secrets.SecretsController()
orders = orders.OrdersController()
containers = containers.ContainersController()
transport_keys = transportkeys.TransportKeysController()
wsgi_app = PecanAPI(
RootController(), is_transactional=True, force_canonical=False)
if newrelic_loaded:
wsgi_app = newrelic.agent.WSGIApplicationWrapper(wsgi_app)
return wsgi_app
def create_main_app(global_config, **local_conf):
"""uWSGI factory method for the Barbican-API application."""
# Queuing initialization
CONF = cfg.CONF
queue.init(CONF, is_server_side=False)
# Configure oslo logging and configuration services.
config.parse_args()
log.setup(CONF, 'barbican')
config.setup_remote_pydev_debug()
# Initializing the database engine and session factory before the app
# starts ensures we don't lose requests due to lazy initialiation of db
# connections.
repositories.setup_database_engine_and_factory()
# Setup app with transactional hook enabled
wsgi_app = build_wsgi_app(transactional=True)
if newrelic_loaded:
wsgi_app = newrelic.agent.WSGIApplicationWrapper(wsgi_app)
return wsgi_app
cfg.StrOpt('ca_cert_path',
help=u._('Path to CA certicate file')),
cfg.StrOpt('ca_cert_key_path',
help=u._('Path to CA certificate key file')),
cfg.StrOpt('ca_cert_chain_path',
help=u._('Path to CA certicate chain file')),
cfg.StrOpt('ca_cert_pkcs7_path',
help=u._('Path to CA chain pkcs7 file')),
cfg.StrOpt('subca_cert_key_directory',
default='/etc/barbican/snakeoil-cas',
help=u._('Directory in which to store certs/keys for subcas')),
]
CONF.register_group(snakeoil_ca_plugin_group)
CONF.register_opts(snakeoil_ca_plugin_opts, group=snakeoil_ca_plugin_group)
config.parse_args(CONF)
def set_subject_X509Name(target, dn):
"""Set target X509Name object with parsed dn.
This is very basic and should certainly be replaced by something using
cryptography for instance, but will do for a basic test CA
"""
# TODO(alee) Figure out why C (country) is not working
fields = dn.split(',')
for field in fields:
m = re.search(r"(\w+)\s*=\s*(.+)", field.strip())
name = m.group(1)
value = m.group(2)
CONF = config.new_config()
LOG = utils.getLogger(__name__)
p11_crypto_plugin_group = cfg.OptGroup(name='p11_crypto_plugin',
title="PKCS11 Crypto Plugin Options")
p11_crypto_plugin_opts = [
cfg.StrOpt('library_path', help=u._('Path to vendor PKCS11 library')),
cfg.StrOpt('login', help=u._('Password to login to PKCS11 session')),
cfg.StrOpt('mkek_label', help=u._('Master KEK label (used in the HSM)')),
cfg.IntOpt('mkek_length', help=u._('Master KEK length in bytes.')),
cfg.StrOpt('hmac_label', help=u._('HMAC label (used in the HSM)')),
cfg.IntOpt('slot_id', help=u._('HSM Slot ID'), default=1),
]
CONF.register_group(p11_crypto_plugin_group)
CONF.register_opts(p11_crypto_plugin_opts, group=p11_crypto_plugin_group)
config.parse_args(CONF)
class P11CryptoPlugin(plugin.CryptoPluginBase):
"""PKCS11 supporting implementation of the crypto plugin.
Generates a single master key and a single HMAC key that remain in the
HSM, then generates a key per project in the HSM, wraps the key, computes
an HMAC, and stores it in the DB. The project key is never unencrypted
outside the HSM.
"""
def __init__(self, conf=CONF, ffi=None):
self.conf = conf
if conf.p11_crypto_plugin.library_path is None:
raise ValueError(u._("library_path is required"))
self.pkcs11 = pkcs11.PKCS11(
from barbican.openstack.common import service
from barbican import queue
from barbican.queue import retry_scheduler
from oslo_config import cfg
from oslo_log import log
def fail(returncode, e):
sys.stderr.write("ERROR: {0}\n".format(e))
sys.exit(returncode)
if __name__ == '__main__':
try:
config.parse_args()
CONF = cfg.CONF
# Import and configure logging.
log.setup(CONF, 'barbican-retry-scheduler')
LOG = log.getLogger(__name__)
LOG.debug("Booting up Barbican worker retry/scheduler node...")
# Queuing initialization (as a client only).
queue.init(CONF, is_server_side=False)
service.launch(
retry_scheduler.PeriodicServer()
).wait()
except RuntimeError as e:
fail(1, e)
def create_admin_app(global_config, **local_conf):
config.parse_args()
wsgi_app = pecan.make_app(versions.VersionController())
return wsgi_app
from barbican.common import config
from barbican.openstack.common import log
from barbican.openstack.common import service
from barbican import queue
from barbican.queue import keystone_listener
from oslo_config import cfg
def fail(returncode, e):
sys.stderr.write("ERROR: {0}\n".format(e))
sys.exit(returncode)
if __name__ == '__main__':
try:
config.parse_args()
config.setup_remote_pydev_debug()
# Import and configure logging.
log.setup('barbican')
LOG = log.getLogger(__name__)
LOG.info("Booting up Barbican Keystone listener node...")
# Queuing initialization
CONF = cfg.CONF
queue.init(CONF)
if getattr(getattr(CONF, queue.KS_NOTIFICATIONS_GRP_NAME), 'enable'):
service.launch(
keystone_listener.MessageServer(CONF)
).wait()
def create_admin_app(global_config, **local_conf):
config.parse_args()
wsgi_app = pecan.make_app(versions.VersionController())
return wsgi_app
