File openstack-barbican.spec of Package openstack-barbican-doc

#
# spec file for package openstack-barbican
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


%define component barbican
%define groupname %{component}
%define username %{component}

%define version_unconverted 7.0.1.dev18

Name:           openstack-%{component}
Version:        7.0.1~dev18
Release:        0
Summary:        OpenStack key and secret management (Barbican)
License:        Apache-2.0
Group:          System/Management
Url:            https://launchpad.net/barbican
Source0:        http://tarballs.openstack.org/barbican/barbican-stable-rocky.tar.gz
Source1:        %{name}.logrotate
Source2:        %{component}-api.conf.sample
Source3:        %{name}-rpmlintrc
Source5:        %name.conf
# systemd service files
Source10:       %{name}-worker.service
Source11:       %{name}-keystone-listener.service
Source12:       %{name}-retry.service
Source50:       README.config
# PATCH-FIX-OPENSUSE fix-barbican-api.patch
Patch1:         fix-barbican-api.patch
# PATCH-FIX-UPSTREAM 0001-Fix-duplicate-paths-in-secret-hrefs.patch -- https://review.openstack.org/#/c/544557/
Patch5:         0001-Fix-duplicate-paths-in-secret-hrefs.patch
BuildRequires:  apache2
BuildRequires:  fdupes
BuildRequires:  openstack-suse-macros
BuildRequires:  python-base
BuildRequires:  python-oslo.concurrency
BuildRequires:  python-oslo.config
BuildRequires:  python-oslo.db
BuildRequires:  python-pecan
BuildRequires:  python-pyOpenSSL
BuildRequires:  python-setuptools
BuildRequires:  python-six
# Documentation build requirements:
BuildRequires:  crudini
BuildRequires:  python-Babel
BuildRequires:  python-Paste
BuildRequires:  python-PasteDeploy
BuildRequires:  python-PyKMIP
BuildRequires:  python-Sphinx
BuildRequires:  python-WebOb
BuildRequires:  python-argparse
BuildRequires:  python-eventlet
BuildRequires:  python-fixtures
BuildRequires:  python-mock
BuildRequires:  python-neutronclient
BuildRequires:  python-openstackdocstheme
BuildRequires:  python-oslo.i18n
BuildRequires:  python-oslo.log
BuildRequires:  python-oslo.messaging
BuildRequires:  python-oslo.policy
BuildRequires:  python-oslo.utils
BuildRequires:  python-pbr
BuildRequires:  python-sqlalchemy
BuildRequires:  python-stevedore
BuildRequires:  python-testtools
BuildRequires:  systemd-rpm-macros
%{?systemd_requires}
Requires:       logrotate
Requires:       python >= 2.7
Requires:       python-barbican = %{version}
Requires(pre):  pwdutils
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildArch:      noarch

%description
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.

%package -n python-barbican
Summary:        OpenStack key and secret management (Barbican) - Python module
Group:          Development/Languages/Python
Requires:       python >= 2.7
Requires:       python-Babel >= 2.3.4
Requires:       python-Paste >= 2.0.2
Requires:       python-PasteDeploy >= 1.5.0
Requires:       python-PyKMIP >= 0.7.0
Requires:       python-SQLAlchemy >= 1.0.10
Requires:       python-WebOb >= 1.7.1
Requires:       python-alembic >= 0.8.10
Requires:       python-cffi >= 1.7.0
Requires:       python-cryptography >= 2.1
Requires:       python-eventlet >= 0.18.2
Requires:       python-jsonschema >= 2.6.0
Requires:       python-keystoneclient >= 3.8.0
Requires:       python-keystonemiddleware >= 4.17.0
Requires:       python-ldap3 >= 1.0.2
Requires:       python-oslo.config >= 5.2.0
Requires:       python-oslo.context >= 2.19.2
Requires:       python-oslo.db >= 4.27.0
Requires:       python-oslo.i18n >= 3.15.3
Requires:       python-oslo.log >= 3.36.0
Requires:       python-oslo.messaging >= 5.29.0
Requires:       python-oslo.middleware >= 3.31.0
Requires:       python-oslo.policy >= 1.30.0
Requires:       python-oslo.serialization >= 2.18.0
Requires:       python-oslo.service >= 1.24.0
Requires:       python-oslo.utils >= 3.33.0
Requires:       python-pbr >= 2.0.0
Requires:       python-pecan >= 1.0.0
Requires:       python-pyOpenSSL >= 17.1.0
Requires:       python-pycrypto >= 2.6
Requires:       python-requests >= 2.14.2
Requires:       python-six >= 1.10.0
Requires:       python-stevedore >= 1.20.0

%description -n python-barbican
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the core Python module of OpenStack Barbican.

%package api
Summary:        OpenStack key and secret management (Barbican) - API
Group:          Development/Languages/Python
Requires:       %{name} = %{version}
Requires:       apache2
Requires:       apache2-mod_wsgi

%description api
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican API (WSGI only).

%package worker
Summary:        OpenStack key and secret management (Barbican) - Worker
Group:          Development/Languages/Python
Requires:       %{name} = %{version}

%description worker
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican Worker service.

%package keystone-listener
Summary:        OpenStack key and secret management (Barbican) - keystone listener
Group:          Development/Languages/Python
Requires:       %{name} = %{version}

%description keystone-listener
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican Keystone Listener service.

# TODO(aplanas): This package will be droped from master
%package retry
Summary:        OpenStack key and secret management (Barbican) - Retry Scheduler
Group:          Development/Languages/Python
Requires:       %{name} = %{version}

%description retry
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican Retry Scheduler service.

%package test
Summary:        OpenStack key and secret management (Barbican) - Testsuite
Group:          Development/Languages/Python
Requires:       %{name} = %{version}
Requires:       git-core
Requires:       python-WebTest >= 2.0.27
Requires:       python-ddt >= 1.0.1
Requires:       python-fixtures >= 3.0.0
Requires:       python-mock >= 2.0.0
Requires:       python-os-testr >= 0.4.1
Requires:       python-oslotest >= 3.2.0
Requires:       python-pbr >= 2.0.0
Requires:       python-python-subunit >= 0.0.18
Requires:       python-testrepository >= 0.0.18
Requires:       python-testtools >= 2.2.0

%description test
Barbican is a REST API designed for the secure storage, provisioning and
management of secrets. It is aimed at being useful for all environments,
including large ephemeral Clouds.
This package contains the OpenStack Barbican testsuite.

%prep
%setup -q -n %{component}-%{version_unconverted}
%openstack_cleanup_prep
%patch1 -p1
%patch5 -p1

%build
python setup.py build
PBR_VERSION=%version sphinx-build -b man doc/source doc/build/man

### configuration files
PYTHONPATH=. oslo-config-generator --config-file etc/oslo-config-generator/barbican.conf --output-file etc/barbican.conf.sample
PYTHONPATH=. oslopolicy-sample-generator --config-file=etc/oslo-config-generator/policy.conf

%install
python setup.py install --skip-build --prefix=%{_prefix} --root=%{buildroot}

### directories
install -d -m 750 %{buildroot}%{_localstatedir}/{lib,log}/%{component}
install -d -m 750 %{buildroot}%{_localstatedir}/cache/%{component}
install -d -m 700 %{buildroot}%{_localstatedir}/run/%{component}
install -D -m 644 %{SOURCE5} %{buildroot}/%_tmpfilesdir/%name.conf
install -d -m 755 %{buildroot}%{_sysconfdir}/%{component}
install -d -m 755 %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf.d/
install -p -D -m 640 %{SOURCE50} %{buildroot}%{_sysconfdir}/%{component}/README.config
install -d -m 755 %{buildroot}/srv/www/%{component}-api

### Copy the Barbican WSGI app to DocumentRoot
install -p -D -m 644 %{buildroot}/%{_bindir}/barbican-wsgi-api %{buildroot}/srv/www/%{component}-api/app.wsgi

### configuration files
install -p -D -m 644 etc/%{component}.conf.sample %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf
install -p -D -m 640 etc/%{component}/policy.yaml.sample %{buildroot}%{_sysconfdir}/%{component}/policy.yaml
install -p -D -m 644  etc/barbican/{barbican-functional.conf,api_audit_map.conf} %{buildroot}%{_sysconfdir}/%{component}/
mv %{buildroot}/usr/etc/barbican/barbican-api-paste.ini %{buildroot}%{_sysconfdir}/%{component}/
install -d %{buildroot}%{_sysconfdir}/apache2/vhosts.d

# bash-completion/logrotate/etc.
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}

# Install systemd unit services
mkdir -p %{buildroot}%{_sbindir} %{buildroot}%{_unitdir}
install -p -D -m 444 %{SOURCE10} %{buildroot}%{_unitdir}/%{name}-worker.service
install -p -D -m 444 %{SOURCE11} %{buildroot}%{_unitdir}/%{name}-keystone-listener.service
install -p -D -m 444 %{SOURCE12} %{buildroot}%{_unitdir}/%{name}-retry.service
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-worker
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-keystone-listener
ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}-retry

### documentation
install -d %{buildroot}%{_mandir}/man1
install -m 644 doc/build/man/*.1 %{buildroot}%{_mandir}/man1

### test subpackage
%openstack_test_package_install
%fdupes %{buildroot}%{_localstatedir}/lib/%{name}-test

### misc
%fdupes %{buildroot}%{python_sitelib}/%{component}

### set default configuration
%define barbican_conf %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf.d/010-%{component}.conf
crudini --set %{barbican_conf} DEFAULT log_dir /var/log/barbican
crudini --set %{barbican_conf} DEFAULT state_path /var/lib/barbican
crudini --set %{barbican_conf} keystone_authtoken signing_dir /var/cache/%component/keystone-signing
crudini --set %{barbican_conf} oslo_concurrency lock_path /var/run/barbican

# adjust the default config file
sed -i 's/enabled_certificate_plugins = snakeoil_ca/#enabled_certificate_plugins = snakeoil_ca/' %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf

install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/apache2/vhosts.d/

%pre
%openstack_pre_user_group_create %{username} %{groupname}

%post
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf

%pre worker
%service_add_pre %{name}-worker.service

%post worker
%service_add_post %{name}-worker.service

%preun worker
%service_del_preun %{name}-worker.service

%postun worker
%restart_on_update %{name}-worker.service
%service_del_postun %{name}-worker.service

%pre keystone-listener
%service_add_pre %{name}-keystone-listener.service

%post keystone-listener
%service_add_post %{name}-keystone-listener.service

%preun keystone-listener
%service_del_preun %{name}-keystone-listener.service

%postun keystone-listener
%restart_on_update %{name}-keystone-listener.service
%service_del_postun %{name}-keystone-listener.service

%pre retry
%service_add_pre %{name}-retry.service

%post retry
%service_add_post %{name}-retry.service

%preun retry
%service_del_preun %{name}-retry.service

%postun retry
%restart_on_update %{name}-retry.service
%service_del_postun %{name}-retry.service

%files
%defattr(-,root,root)
%license LICENSE
%doc README.md
%doc %{_mandir}/man1/%{component}.1.gz
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/lib/%{component}
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/cache/%{component}
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/log/%{component}
%_tmpfilesdir/%name.conf
%dir %{_sysconfdir}/%{component}
%dir %{_sysconfdir}/%{component}/%{component}.conf.d/
%{_sysconfdir}/%{component}/README.config
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config %attr(0644, root, %{groupname}) %{_sysconfdir}/%{component}/barbican-functional.conf
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf.d/010-%{component}.conf
%config %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/policy.yaml
%{_bindir}/%{component}-manage
%{_bindir}/%{component}-db-manage
%{_bindir}/pkcs11-kek-rewrap
%{_bindir}/pkcs11-key-generation

%files -n python-%{component}
%defattr(-,root,root,-)
%license LICENSE
%{python_sitelib}/%{component}/
%{python_sitelib}/%{component}-*.egg-info
%exclude %{python_sitelib}/%{component}/test*

%files api
%defattr(-,root,root,-)
%license LICENSE
%{_bindir}/barbican-wsgi-api
%config %attr(0644, root, %{groupname}) %{_sysconfdir}/%{component}/api_audit_map.conf
%config %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/barbican-api-paste.ini
%config %{_sysconfdir}/apache2/vhosts.d/
/srv/www/%{component}-api/
/srv/www/%{component}-api/app.wsgi
%{_sysconfdir}/apache2/vhosts.d/
%{_sysconfdir}/apache2/vhosts.d/%{component}-api.conf.sample

%files worker
%defattr(-,root,root,-)
%license LICENSE
%{_unitdir}/%{name}-worker.service
%{_sbindir}/rc%{name}-worker
%{_bindir}/%{component}-worker

%files keystone-listener
%defattr(-,root,root,-)
%license LICENSE
%{_unitdir}/%{name}-keystone-listener.service
%{_sbindir}/rc%{name}-keystone-listener
%{_bindir}/%{component}-keystone-listener

%files retry
%defattr(-,root,root,-)
%license LICENSE
%{_unitdir}/%{name}-retry.service
%{_sbindir}/rc%{name}-retry
%{_bindir}/%{component}-retry

%files test
%defattr(-,root,root)
%{_localstatedir}/lib/%{name}-test/
%{python_sitelib}/%{component}/test*

%changelog