File openstack-barbican.spec of Package openstack-barbican

#
# spec file for package openstack-barbican
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%global with_doc 1
%if 0%{?rhel} || 0%{?fedora}
%global rdo 1
%endif
Name:           openstack-barbican
Version:        11.1.0~dev4
Release:        0
Summary:        OpenStack key and secrets management (Barbican)
License:        Apache-2.0
Group:          Development/Languages/Python
URL:            https://docs.openstack.org/barbican/latest/
Source0:        barbican-master.tar.gz
Source1:        openstack-barbican.logrotate
Source2:        openstack-barbican.tmpfiles
Source3:        openstack-barbican.defaultconf
Source4:        openstack-barbican.README.config
Source5:        barbican-wsgi.conf
# systemd service files
Source10:       openstack-barbican-worker.service
Source11:       openstack-barbican-keystone-listener.service
Source12:       openstack-barbican-retry.service
BuildRequires:  openstack-macros
BuildRequires:  python3-Babel
BuildRequires:  python3-Paste
BuildRequires:  python3-PasteDeploy
BuildRequires:  python3-PyKMIP
BuildRequires:  python3-SQLAlchemy
BuildRequires:  python3-WebOb
BuildRequires:  python3-castellan
BuildRequires:  python3-ddt
BuildRequires:  python3-eventlet
BuildRequires:  python3-fixtures
BuildRequires:  python3-jsonschema
BuildRequires:  python3-ldap3
BuildRequires:  python3-mock
BuildRequires:  python3-neutronclient
BuildRequires:  python3-oslo.concurrency
BuildRequires:  python3-oslo.config
BuildRequires:  python3-oslo.db
BuildRequires:  python3-oslo.i18n
BuildRequires:  python3-oslo.log
BuildRequires:  python3-oslo.messaging
BuildRequires:  python3-oslo.policy
BuildRequires:  python3-oslo.utils
BuildRequires:  python3-oslo.versionedobjects
BuildRequires:  python3-oslotest
BuildRequires:  python3-pbr
BuildRequires:  python3-pecan
BuildRequires:  python3-pyOpenSSL
BuildRequires:  python3-six
BuildRequires:  python3-stestr
BuildRequires:  python3-stevedore
BuildRequires:  python3-testtools
Requires:       logrotate
Requires:       python3-barbican = %{version}-%{release}
BuildArch:      noarch
%if 0%{?suse_version}
BuildRequires:  systemd-rpm-macros
Requires(pre):  pwdutils
%{?systemd_requires}
%else
BuildRequires:  systemd
Requires(post): systemd
Requires(postun): systemd
Requires(pre):  shadow-utils
Requires(preun): systemd
%endif

%description
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.

%package -n python3-barbican
Summary:        OpenStack key and secrets management (Barbican) - Python module
Group:          Development/Languages/Python
Requires:       python3-Babel
Requires:       python3-Paste
Requires:       python3-PasteDeploy
Requires:       python3-PyKMIP
Requires:       python3-Pygments
Requires:       python3-SQLAlchemy
Requires:       python3-WebOb
Requires:       python3-alembic
Requires:       python3-castellan
Requires:       python3-cffi
Requires:       python3-cryptography
Requires:       python3-eventlet
Requires:       python3-jsonschema
Requires:       python3-keystoneclient
Requires:       python3-keystonemiddleware
Requires:       python3-ldap3
Requires:       python3-oslo.config
Requires:       python3-oslo.context
Requires:       python3-oslo.db
Requires:       python3-oslo.i18n
Requires:       python3-oslo.log
Requires:       python3-oslo.messaging
Requires:       python3-oslo.middleware
Requires:       python3-oslo.policy
Requires:       python3-oslo.serialization
Requires:       python3-oslo.service
Requires:       python3-oslo.upgradecheck
Requires:       python3-oslo.utils
Requires:       python3-oslo.versionedobjects
Requires:       python3-pbr
Requires:       python3-pecan
Requires:       python3-pyOpenSSL
Requires:       python3-requests
Requires:       python3-six
Requires:       python3-stevedore

%description -n python3-barbican
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.

This package contains the core Python module of OpenStack Barbican.

%package api
Summary:        OpenStack key and secret management (Barbican) - API
Group:          Development/Languages/Python
Requires:       %{name} = %{version}-%{release}

%description api
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican API (WSGI only).

%package worker
Summary:        OpenStack key and secret management (Barbican) - Worker
Group:          Development/Languages/Python
Requires:       %{name} = %{version}-%{release}

%description worker
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican Worker service.

%package keystone-listener
Summary:        OpenStack key and secret management (Barbican) - keystone listener
Group:          Development/Languages/Python
Requires:       %{name} = %{version}-%{release}

%description keystone-listener
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican Keystone Listener service.

%package retry
Summary:        OpenStack key and secret management (Barbican) - Retry Scheduler
Group:          Development/Languages/Python
Requires:       %{name} = %{version}-%{release}

%description retry
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican Retry Scheduler service.

%if 0%{?with_doc}
%package doc
Summary:        OpenStack key and secret management (Barbican) - Documentation
Group:          Documentation/HTML
BuildRequires:  python3-Sphinx
BuildRequires:  python3-openstackdocstheme
BuildRequires:  python3-sphinxcontrib-svg2pdfconverter

%description doc
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.

This package contains documentation.
%endif

%prep
%autosetup -p1 -n barbican-11.1.0.dev4
%py_req_cleanup

%build
%{py3_build}
# doc
%if 0%{?with_doc}
PYTHONPATH=. PBR_VERSION=11.1.0.dev4 %sphinx_build -b html doc/source doc/build/html
PYTHONPATH=. PBR_VERSION=11.1.0.dev4 %sphinx_build -b man doc/source doc/build/man
# remove the Sphinx-build leftovers
rm -rf doc/build/html/.{doctrees,buildinfo}
rm -rf doc/build/man/.{doctrees,buildinfo}
%endif

### configuration file generation
PYTHONPATH=. oslo-config-generator --config-file etc/oslo-config-generator/barbican.conf --output-file etc/barbican.conf.sample
PYTHONPATH=. oslopolicy-sample-generator --config-file=etc/oslo-config-generator/policy.conf

%install
%{py3_install}

### directories
install -d -m 750 %{buildroot}%{_localstatedir}/{lib,log}/barbican
install -d -m 750 %{buildroot}%{_localstatedir}/cache/barbican
install -D -m 644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir}/barbican.conf
install -d -m 755 %{buildroot}%{_sysconfdir}/barbican
install -d -m 755 %{buildroot}%{_datadir}/barbican
install -d -m 755 %{buildroot}%{_sysconfdir}/barbican/barbican.conf.d/
install -p -D -m 640 %{SOURCE4} %{buildroot}%{_sysconfdir}/barbican/README.config

### configuration files
install -p -D -m 644 etc/barbican.conf.sample %{buildroot}%{_sysconfdir}/barbican/barbican.conf
install -p -D -m 640 etc/barbican/policy.yaml.sample %{buildroot}%{_sysconfdir}/barbican/policy.yaml
install -p -D -m 644  etc/barbican/{barbican-functional.conf,api_audit_map.conf} %{buildroot}%{_sysconfdir}/barbican/
mv %{buildroot}/%{_prefix}/%{_sysconfdir}/barbican/barbican-api-paste.ini %{buildroot}%{_sysconfdir}/barbican/

### default configuration
install -D -m 640 %{SOURCE3} %{buildroot}/%{_sysconfdir}/barbican/barbican.conf.d/010-barbican.conf

# bash-completion/logrotate/etc.
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/barbican

# Install systemd unit services
mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_unitdir}
install -p -D -m 444 %{SOURCE10} %{buildroot}%{_unitdir}/%{name}-worker.service
install -p -D -m 444 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}-keystone-listener.service
install -p -D -m 444 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}-retry.service
%if 0%{?suse_version}
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-worker
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-keystone-listener
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-retry
%endif

# Install apache configuration files
install -p -D -m 644 %{SOURCE5}  %{buildroot}%{_datadir}/barbican/

# man pages
%if 0%{?with_doc}
mkdir -p %{buildroot}%{_mandir}/man1
install -p -D -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1/
%endif

%check
# don't want to depend on hacking for package building
rm barbican/tests/test_hacking.py

%if 0%{?suse_version}
PYTHON=python3 stestr run
%endif
%if 0%{?rdo}
stestr-3 run
%endif

%pre
%openstack_pre_user_group_create barbican barbican /sbin/nologin
exit 0

%post
%tmpfiles_create %{_tmpfilesdir}/barbican.conf

%post worker
%systemd_post %{name}-worker.service

%preun worker
%systemd_preun %{name}-worker.service

%postun worker
%systemd_postun %{name}-worker.service

%post keystone-listener
%systemd_post %{name}-keystone-listener.service

%preun keystone-listener
%systemd_preun %{name}-keystone-listener.service

%postun keystone-listener
%systemd_postun %{name}-keystone-listener.service

%post retry
%systemd_post %{name}-retry.service

%preun retry
%systemd_preun %{name}-retry.service

%postun retry
%systemd_postun %{name}-retry.service

%files
%license LICENSE
%dir %attr(0750, barbican, barbican) %{_localstatedir}/lib/barbican
%dir %attr(0750, barbican, barbican) %{_localstatedir}/cache/barbican
%dir %attr(0750, barbican, barbican) %{_localstatedir}/log/barbican
%_tmpfilesdir/barbican.conf
%dir %{_datadir}/barbican
%dir %{_sysconfdir}/barbican
%dir %{_sysconfdir}/barbican/barbican.conf.d/
%{_sysconfdir}/barbican/README.config
%config(noreplace) %{_sysconfdir}/logrotate.d/barbican
%config %attr(0644, root, barbican) %{_sysconfdir}/barbican/barbican-functional.conf
%config(noreplace) %attr(0640, root, barbican) %{_sysconfdir}/barbican/barbican.conf
%config(noreplace) %attr(0640, root, barbican) %{_sysconfdir}/barbican/barbican.conf.d/010-barbican.conf
%config %attr(0640, root, barbican) %{_sysconfdir}/barbican/policy.yaml
%attr(0644, root, barbican) %{_datadir}/barbican/barbican-wsgi.conf
%{_bindir}/barbican-manage
%{_bindir}/barbican-status
%{_bindir}/barbican-db-manage
%{_bindir}/pkcs11-kek-rewrap
%{_bindir}/pkcs11-key-generation
%if 0%{?with_doc}
%{_mandir}/man1/barbican.1.gz
%endif

%files -n python3-barbican
%license LICENSE
%{python3_sitelib}/barbican/
%{python3_sitelib}/barbican-*.egg-info

%files api
%defattr(-,root,root,-)
%license LICENSE
%{_bindir}/barbican-wsgi-api
%config %attr(0644, root, barbican) %{_sysconfdir}/barbican/api_audit_map.conf
%config %attr(0640, root, barbican) %{_sysconfdir}/barbican/barbican-api-paste.ini

%files worker
%defattr(-,root,root,-)
%license LICENSE
%{_unitdir}/%{name}-worker.service
%{_bindir}/barbican-worker
%if 0%{?suse_version}
%{_sbindir}/rc%{name}-worker
%endif

%files keystone-listener
%license LICENSE
%{_unitdir}/%{name}-keystone-listener.service
%{_bindir}/barbican-keystone-listener
%if 0%{?suse_version}
%{_sbindir}/rc%{name}-keystone-listener
%endif

%files retry
%license LICENSE
%{_unitdir}/%{name}-retry.service
%{_bindir}/barbican-retry
%if 0%{?suse_version}
%{_sbindir}/rc%{name}-retry
%endif

%if 0%{?with_doc}
%files doc
%license LICENSE
%doc doc/build/html
%endif

%changelog