Barbican: remove oslo-genconfig

This PS removes the modified oslo-genconfig from barbican. Partially implements: blueprint remove-pregenerated-config-templates Change-Id: Ic2b61bcfd1d9f179f25d42c91454cc2d24a1e6a1
2017-09-20 16:08:46 -05:00 · 2017-09-20 16:08:46 -05:00 · 0ee23186f3
commit 0ee23186f3
parent 9e117ce95b
8 changed files with 119 additions and 2499 deletions
--- a/barbican/templates/configmap-etc.yaml
+++ b/barbican/templates/configmap-etc.yaml
@ -17,55 +17,57 @@ limitations under the License.
 {{- if .Values.manifests.configmap_etc }}
 {{- $envAll := . }}

-{{- include "barbican.conf.barbican_values_skeleton" .Values.conf.barbican | trunc 0 -}}
-
-{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.auth_uri -}}
-{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "auth_uri" | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.auth_uri -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken "auth_uri" | quote | trunc 0 -}}
 {{- end -}}

-{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.auth_url -}}
-{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "auth_url" | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.auth_url -}}
+{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.barbican.keystone_authtoken "auth_url" | quote | trunc 0 -}}
 {{- end -}}

 # Set a random string as secret key.
-{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.memcache_secret_key -}}
-{{- randAlphaNum 64 | set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "memcache_secret_key" | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.memcache_secret_key -}}
+{{- randAlphaNum 64 | set .Values.conf.barbican.keystone_authtoken "memcache_secret_key" | quote | trunc 0 -}}
 {{- end -}}

-{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.region_name -}}
-{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.region_name -}}
+{{- set .Values.conf.barbican.keystone_authtoken "region_name" .Values.endpoints.identity.auth.user.region_name | quote | trunc 0 -}}
 {{- end -}}
-{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_name -}}
-{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.project_name -}}
+{{- set .Values.conf.barbican.keystone_authtoken "project_name" .Values.endpoints.identity.auth.user.project_name | quote | trunc 0 -}}
 {{- end -}}
-{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.project_domain_name -}}
-{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.project_domain_name -}}
+{{- set .Values.conf.barbican.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.user.project_domain_name | quote | trunc 0 -}}
 {{- end -}}
-{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.user_domain_name -}}
-{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.user_domain_name -}}
+{{- set .Values.conf.barbican.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.user.user_domain_name | quote | trunc 0 -}}
 {{- end -}}
-{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.username -}}
-{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.username -}}
+{{- set .Values.conf.barbican.keystone_authtoken "username" .Values.endpoints.identity.auth.user.username | quote | trunc 0 -}}
 {{- end -}}
-{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.password -}}
-{{- set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.password -}}
+{{- set .Values.conf.barbican.keystone_authtoken "password" .Values.endpoints.identity.auth.user.password | quote | trunc 0 -}}
 {{- end -}}

-{{- if empty .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token.memcached_servers -}}
-{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken.keystonemiddleware.auth_token "memcached_servers" | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.keystone_authtoken.memcached_servers -}}
+{{- tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.barbican.keystone_authtoken "memcached_servers" | quote | trunc 0 -}}
 {{- end -}}

-{{- if empty .Values.conf.barbican.database.oslo.db.connection -}}
-{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.default.barbican.common.config "sql_connection" | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.DEFAULT.sql_connection -}}
+{{- tuple "oslo_db" "internal" "user" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.barbican.DEFAULT "sql_connection" | quote | trunc 0 -}}
 {{- end -}}

-{{- if empty .Values.conf.barbican.default.oslo.messaging.transport_url -}}
-{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.default.oslo.messaging "transport_url" | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.DEFAULT.transport_url -}}
+{{- tuple "oslo_messaging" "internal" "user" "amqp" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup" | set .Values.conf.barbican.DEFAULT "transport_url" | quote | trunc 0 -}}
 {{- end -}}

 {{- $barbicanPath := index .Values "endpoints" "key_manager" "path" "default" }}
-{{- if empty .Values.conf.barbican.default.barbican.common.config.host_href -}}
-{{- tuple "key_manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix $barbicanPath | set .Values.conf.barbican.default.barbican.common.config "host_href" | quote | trunc 0 -}}
+{{- if empty .Values.conf.barbican.DEFAULT.host_href -}}
+{{- tuple "key_manager" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix $barbicanPath | set .Values.conf.barbican.DEFAULT "host_href" | quote | trunc 0 -}}
+{{- end -}}
+
+{{- if empty .Values.conf.barbican_api.uwsgi.socket -}}
+{{- printf ":%1.f" .Values.conf.barbican.barbican_api.bind_port | set .Values.conf.barbican_api.uwsgi "socket" | quote | trunc 0 -}}
 {{- end -}}

 ---
@ -75,13 +77,13 @@ metadata:
  name: barbican-etc
 data:
  barbican.conf: |+
-{{- tuple .Values.conf.barbican "etc/_barbican.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
+{{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.barbican | indent 4 }}
  barbican-api-paste.ini: |+
-{{- tuple .Values.conf.paste "etc/_barbican-api-paste.ini.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
+{{ include "helm-toolkit.utils.to_ini" .Values.conf.paste | indent 4 }}
  api_audit_map.conf: |+
-{{- tuple .Values.conf.audit_map "etc/_api_audit_map.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
+{{ include "helm-toolkit.utils.to_ini" .Values.conf.audit_map | indent 4 }}
  policy.json: |+
-{{  toJson .Values.conf.policy | indent 4 }}
+{{ toJson .Values.conf.policy | indent 4 }}
  barbican-api.ini: |+
-{{- tuple .Values.conf.barbican_api "etc/_barbican-api.ini.tpl" . | include "helm-toolkit.utils.configmap_templater" }}
+{{ include "helm-toolkit.utils.to_ini" .Values.conf.barbican_api | indent 4 }}
 {{- end }}
--- a/barbican/templates/deployment-api.yaml
+++ b/barbican/templates/deployment-api.yaml
@ -58,10 +58,10 @@ spec:
                  - /tmp/barbican.sh
                  - stop
          ports:
-            - containerPort: {{ .Values.conf.barbican.barbican_api.barbican.config.bind_port }}
+            - containerPort: {{ .Values.conf.barbican.barbican_api.bind_port }}
          readinessProbe:
            tcpSocket:
-              port: {{ .Values.conf.barbican.barbican_api.barbican.config.bind_port }}
+              port: {{ .Values.conf.barbican.barbican_api.bind_port }}
          volumeMounts:
            - name: etcbarbican
              mountPath: /etc/barbican
--- a/barbican/templates/etc/_api_audit_map.conf.tpl
+++ b/barbican/templates/etc/_api_audit_map.conf.tpl
@ -1,26 +0,0 @@
-[DEFAULT]
-# default target endpoint type
-# should match the endpoint type defined in service catalog
-target_endpoint_type = key-manager
-
-# map urls ending with specific text to a unique action
-# Don't need custom mapping for other resource operations
-# Note: action should match action names defined in CADF taxonomy
-[custom_actions]
-acl/get = read
-
-
-# path of api requests for CADF target typeURI
-# Just need to include top resource path to identify class of resources
-[path_keywords]
-secrets=
-containers=
-orders=
-cas=None
-quotas=
-project-quotas=
-
-
-# map endpoint type defined in service catalog to CADF typeURI
-[service_endpoints]
-key-manager = service/security/keymanager
--- a/barbican/templates/etc/_barbican-api-paste.ini.tpl
+++ b/barbican/templates/etc/_barbican-api-paste.ini.tpl
@ -1,63 +0,0 @@
-[composite:main]
-use = egg:Paste#urlmap
-/: barbican_version
-/v1: barbican-api-keystone
-
-# Use this pipeline for Barbican API - versions no authentication
-[pipeline:barbican_version]
-pipeline = cors http_proxy_to_wsgi versionapp
-
-# Use this pipeline for Barbican API - DEFAULT no authentication
-[pipeline:barbican_api]
-pipeline = cors http_proxy_to_wsgi unauthenticated-context apiapp
-
-#Use this pipeline to activate a repoze.profile middleware and HTTP port,
-#  to provide profiling information for the REST API processing.
-[pipeline:barbican-profile]
-pipeline = cors http_proxy_to_wsgi unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp
-
-#Use this pipeline for keystone auth
-[pipeline:barbican-api-keystone]
-pipeline = cors http_proxy_to_wsgi authtoken context apiapp
-
-#Use this pipeline for keystone auth with audit feature
-[pipeline:barbican-api-keystone-audit]
-pipeline = http_proxy_to_wsgi authtoken context audit apiapp
-
-[app:apiapp]
-paste.app_factory = barbican.api.app:create_main_app
-
-[app:versionapp]
-paste.app_factory = barbican.api.app:create_version_app
-
-[filter:simple]
-paste.filter_factory = barbican.api.middleware.simple:SimpleFilter.factory
-
-[filter:unauthenticated-context]
-paste.filter_factory = barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory
-
-[filter:context]
-paste.filter_factory = barbican.api.middleware.context:ContextMiddleware.factory
-
-[filter:audit]
-paste.filter_factory = keystonemiddleware.audit:filter_factory
-audit_map_file = /etc/barbican/api_audit_map.conf
-
-[filter:authtoken]
-paste.filter_factory = keystonemiddleware.auth_token:filter_factory
-
-[filter:profile]
-use = egg:repoze.profile
-log_filename = myapp.profile
-cachegrind_filename = cachegrind.out.myapp
-discard_first_request = true
-path = /__profile__
-flush_at_shutdown = true
-unwind = false
-
-[filter:cors]
-paste.filter_factory = oslo_middleware.cors:filter_factory
-oslo_config_project = barbican
-
-[filter:http_proxy_to_wsgi]
-paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
--- a/barbican/templates/etc/_barbican-api.ini.tpl
+++ b/barbican/templates/etc/_barbican-api.ini.tpl
@ -1,26 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "barbican.conf.barbican_values_skeleton" .Values.conf.barbican | trunc 0 }}
-{{ include "barbican.conf.barbican" .Values.conf.barbican }}
-
-[uwsgi]
-socket = :{{ .Values.conf.barbican.barbican_api.barbican.config.bind_port }}
-protocol = http
-processes = 1
-lazy = true
-vacuum = true
-no-default-app = true
-memory-report = true
-plugins = python
-paste = config:/etc/barbican/barbican-api-paste.ini
-add-header = Connection: close
--- a/barbican/templates/etc/_barbican.conf.tpl
+++ b/barbican/templates/etc/_barbican.conf.tpl
--- a/barbican/templates/service-api.yaml
+++ b/barbican/templates/service-api.yaml
@ -24,7 +24,7 @@ metadata:
 spec:
  ports:
  - name: b-api
-    port: {{ .Values.conf.barbican.barbican_api.barbican.config.bind_port }}
+    port: {{ .Values.conf.barbican.barbican_api.bind_port }}
    {{ if .Values.network.api.node_port.enabled }}
    nodePort: {{ .Values.network.api.node_port.port }}
    {{ end }}
--- a/barbican/values.yaml
+++ b/barbican/values.yaml
@ -172,8 +172,48 @@ dependencies:

 conf:
  paste:
-    override:
-    append:
+    composite:main:
+      use: egg:Paste#urlmap
+      /: barbican_version
+      /v1: barbican-api-keystone
+    pipeline:barbican_version:
+      pipeline: cors http_proxy_to_wsgi versionapp
+    pipeline:barbican_api:
+      pipeline: cors http_proxy_to_wsgi unauthenticated-context apiapp
+    pipeline:barbican-profile:
+      pipeline: cors http_proxy_to_wsgi unauthenticated-context egg:Paste#cgitb egg:Paste#httpexceptions profile apiapp
+    pipeline:barbican-api-keystone:
+      pipeline: cors http_proxy_to_wsgi authtoken context apiapp
+    pipeline:barbican-api-keystone-audit:
+      pipeline: http_proxy_to_wsgi authtoken context audit apiapp
+    app:apiapp:
+      paste.app_factory: barbican.api.app:create_main_app
+    app:versionapp:
+      paste.app_factory: barbican.api.app:create_version_app
+    filter:simple:
+      paste.filter_factory: barbican.api.middleware.simple:SimpleFilter.factory
+    filter:unauthenticated-context:
+      paste.filter_factory: barbican.api.middleware.context:UnauthenticatedContextMiddleware.factory
+    filter:context:
+      paste.filter_factory: barbican.api.middleware.context:ContextMiddleware.factory
+    filter:audit:
+      paste.filter_factory: keystonemiddleware.audit:filter_factory
+      audit_map_file: /etc/barbican/api_audit_map.conf
+    filter:authtoken:
+      paste.filter_factory: keystonemiddleware.auth_token:filter_factory
+    filter:profile:
+      use: egg:repoze.profile
+      log_filename: myapp.profile
+      cachegrind_filename: cachegrind.out.myapp
+      discard_first_request: true
+      path: /__profile__
+      flush_at_shutdown: true
+      unwind: false
+    filter:cors:
+      paste.filter_factory: oslo_middleware.cors:filter_factory
+      oslo_config_project: barbican
+    filter:http_proxy_to_wsgi:
+      paste.filter_factory: oslo_middleware:HTTPProxyToWSGI.factory
  policy:
    admin: role:admin
    observer: role:observer
@ -271,28 +311,50 @@ conf:
    secretstore_preferred:delete: rule:admin
    secretstore:get: rule:admin
  audit_map:
-    override:
-    append:
+    DEFAULT:
+      # default target endpoint type
+      # should match the endpoint type defined in service catalog
+      target_endpoint_type: key-manager
+    custom_actions:
+      # map urls ending with specific text to a unique action
+      # Don't need custom mapping for other resource operations
+      # Note: action should match action names defined in CADF taxonomy
+      acl/get: read
+    path_keywords:
+      # path of api requests for CADF target typeURI
+      # Just need to include top resource path to identify class of resources
+      secrets: null
+      containers: null
+      orders: null
+      cas: "None"
+      quotas: null
+      project-quotas: null
+    service_endpoints:
+      # map endpoint type defined in service catalog to CADF typeURI
+      key-manager: service/security/keymanager
  barbican_api:
-    override:
-    append:
+    uwsgi:
+      socket: null
+      protocol: http
+      processes: 1
+      lazy: true
+      vacuum: true
+      no-default-app: true
+      memory-report: true
+      plugins: python
+      paste: "config:/etc/barbican/barbican-api-paste.ini"
+      add-header: "Connection: close"
  barbican:
-    override:
-    append:
+    DEFAULT:
+      transport_url: null
    keystone_authtoken:
-      keystonemiddleware:
-        auth_token:
-          auth_type: password
-          auth_version: v3
-          memcache_security_strategy: ENCRYPT
+      auth_type: password
+      auth_version: v3
+      memcache_security_strategy: ENCRYPT
    database:
-      oslo:
-        db:
-          max_retries: -1
+      max_retries: -1
    barbican_api:
-      barbican:
-        config:
-          bind_port: 9311
+      bind_port: 9311

 # Names of secrets used by bootstrap and environmental checks
 secrets: