File openstack-keystone.spec of Package openstack-keystone-doc
#
# spec file for package openstack-keystone
#
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define component keystone
%define groupname %{component}
%define username %{component}
%define version_unconverted 10.0.3.dev9
Name: openstack-%{component}
Version: 10.0.3~dev9
Release: 0
Summary: OpenStack Identity Service (Keystone)
License: Apache-2.0
Group: Development/Languages/Python
Url: https://github.com/openstack/keystone
Source: http://tarballs.openstack.org/keystone/keystone-stable-newton.tar.gz
Source2: logging.conf
Source7: %{name}.logrotate
Source10: %name.conf
Source50: README.config
# PATCH-FIX-UPSTREAM 0001-Stop-reading-local-config-dirs-for-domain-specific-f.patch -- 0001-Stop-reading-local-config-dirs-for-domain-specific-f.patch
Patch1: 0001-Stop-reading-local-config-dirs-for-domain-specific-f.patch
Patch2: remove-admin-token-auth.patch
# PATCH-FEATURE-UPSTREAM 0001-Set-connection-timeout-for-LDAP-configuration.patch bsc#1064704
Patch3: 0001-Set-connection-timeout-for-LDAP-configuration.patch
Patch4: 0001-Reduce-duplication-in-federated-auth-APIs.patch
# PATCH-FIX-UPSTREAM 0001-Handle-disk-write-failure-when-doing-Fernet-key-rota.patch
Patch5: 0001-Handle-disk-write-failure-when-doing-Fernet-key-rota.patch
Patch6: 0001-Allow-domain-admin-to-list-projest-assignments.patch
BuildRequires: crudini
BuildRequires: openstack-suse-macros
BuildRequires: python-Paste
BuildRequires: python-PasteDeploy
BuildRequires: python-WebTest
BuildRequires: python-base
BuildRequires: python-fixtures
BuildRequires: python-jsonschema
BuildRequires: python-keystoneclient
BuildRequires: python-ldappool
BuildRequires: python-lxml
BuildRequires: python-mock
BuildRequires: python-mox
BuildRequires: python-oauthlib
BuildRequires: python-oslo.cache
BuildRequires: python-oslo.config
BuildRequires: python-oslo.db
BuildRequires: python-oslo.log
BuildRequires: python-oslo.messaging
BuildRequires: python-pbr
BuildRequires: python-pycadf
BuildRequires: python-pyldap
BuildRequires: python-pysaml2
BuildRequires: python-testtools
# Needed for %%post section keystone-manage invocation:
BuildRequires: python-WebOb
BuildRequires: python-passlib
# Documentation build requirements:
BuildRequires: python-Sphinx
BuildRequires: python-oslosphinx
BuildRequires: systemd-rpm-macros
%{?systemd_requires}
Requires: logrotate
Requires: python-keystone = %{version}
Requires: python-oslo.db >= 4.10.0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# keystone dependencies
# To generate a self-signed certificate to be used in demo setups:
Requires(post): coreutils
Requires(post): crudini
Requires(post): python-keystone
Requires(post): python-dogpile.cache >= 0.6.2
Requires(post): python-iso8601 >= 0.1.9
Requires(post): python-oslo.db >= 4.10.0
Requires(post): python-oslo.i18n >= 2.1.0
Requires(post): python-oslo.log >= 1.14.0
Requires(post): python-oslo.serialization >= 1.10.0
Requires(post): python-oslo.utils >= 3.16.0
Requires(post): python-osprofiler >= 1.4.0
Requires(post): python-sqlalchemy-migrate >= 0.9.6
Requires(post): python-Routes >= 1.12.3
Requires(post): python-cryptography >= 1.0
Requires(post): openssl
%if 0%{?suse_version}
Requires(post): sysconfig
Requires(pre): pwdutils
%else
Requires(pre): /usr/bin/getent /usr/sbin/useradd /usr/sbin/userdel /usr/sbin/groupadd /usr/sbin/groupdel
%endif
BuildArch: noarch
%description
Keystone is an OpenStack project that provides Identity, Token, Catalog
and Policy services for use specifically by projects in the OpenStack
family.
%package -n python-keystone
Summary: OpenStack Identity Service (Keystone) - Python module
Group: Development/Languages/Python
Requires: python >= 2.6.8
Requires: python-Paste
Requires: python-PasteDeploy >= 1.5.0
Requires: python-Routes >= 1.12.3
Requires: python-SQLAlchemy >= 1.0.10
Requires: python-WebOb >= 1.2.3
Requires: python-cryptography >= 1.0
Requires: python-dogpile.cache >= 0.6.2
Requires: python-eventlet >= 0.18.2
Requires: python-greenlet >= 0.3.2
Requires: python-jsonschema >= 2.0.0
Requires: python-keystoneclient >= 2.0.0
Requires: python-keystonemiddleware >= 4.0.0
Requires: python-ldappool >= 2.0.0
Requires: python-lxml >= 2.3
Requires: python-msgpack-python >= 0.4.0
Requires: python-oauthlib >= 0.6
Requires: python-oslo.cache >= 1.5.0
Requires: python-oslo.concurrency >= 3.8.0
Requires: python-oslo.context >= 2.9.0
Requires: python-oslo.db >= 4.10.0
Requires: python-oslo.i18n >= 2.1.0
Requires: python-oslo.log >= 1.14.0
Requires: python-oslo.messaging >= 5.2.0
Requires: python-oslo.middleware >= 3.0.0
Requires: python-oslo.policy >= 1.9.0
Requires: python-oslo.serialization >= 1.10.0
Requires: python-oslo.service >= 1.0.0
Requires: python-oslo.utils >= 3.16.0
Requires: python-osprofiler >= 1.4.0
Requires: python-passlib >= 1.6
Requires: python-pbr >= 1.6
Requires: python-pycadf >= 1.1.0
Requires: python-pyldap >= 2.4
Requires: python-pymongo >= 3.0.2
Requires: python-pysaml2 >= 2.4.0
Requires: python-six >= 1.9.0
Requires: python-sqlalchemy-migrate >= 0.9.6
Requires: python-stevedore >= 1.16.0
Requires: python-tempest-lib >= 0.14.0
%description -n python-keystone
Keystone is an OpenStack project that provides Identity, Token, Catalog
and Policy services for use specifically by projects in the OpenStack
family.
This package contains the core Python module of OpenStack Keystone.
%package test
Summary: Testsuite for the OpenStack Keystone
Group: Development/Languages/Python
Requires: %{name} = %{version}
Requires: python-WebTest >= 2.0
Requires: python-fixtures >= 3.0.0
Requires: python-keystoneclient >= 2.0.0
Requires: python-mock >= 2.0
Requires: python-os-testr >= 0.7.0
Requires: python-oslotest >= 1.10.0
Requires: python-python-memcached >= 1.56
Requires: python-python-subunit >= 0.0.18
Requires: python-requests >= 2.10.0
Requires: python-swift
Requires: python-testrepository >= 0.0.18
Requires: python-testtools >= 1.4.0
# checkout_vendor in ./keystone/test.py
Requires: git-core
%description test
The OpenStack Keystone testsuite. It is used to verify the
functionality of OpenStack Keystone.
%prep
%setup -q -n %{component}-%{version_unconverted}
%patch1 -p1
%patch2 -p0
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%openstack_cleanup_prep
%build
python setup.py build
sphinx-build -b man doc/source doc/build/man
%install
python setup.py install --prefix=%{_prefix} --root=%{buildroot}
### directories
install -d -m 755 %{buildroot}%{_localstatedir}/{lib,log}/%{component}
install -d -m 750 %{buildroot}%{_localstatedir}/cache/%{component}
install -d -m 700 %{buildroot}%{_rundir}/%{component}
install -D -m 644 %{SOURCE10} %{buildroot}/%_tmpfilesdir/%name.conf
### configuration files
install -d -m 0755 %{buildroot}%{_sysconfdir}/keystone
install -d -m 755 %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf.d/
# default dir for fernet tokens
install -d -m 750 %{buildroot}%{_sysconfdir}/keystone/credential-keys/
cp %{SOURCE50} %{buildroot}%{_sysconfdir}/keystone/
cp %{SOURCE2} %{buildroot}%{_sysconfdir}/keystone/
cp etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
cp etc/keystone-paste.ini %{buildroot}%{_sysconfdir}/keystone/
cp etc/policy.json %{buildroot}%{_sysconfdir}/keystone/
install -p -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
# Cron jobs
mkdir -p %{buildroot}%{_sysconfdir}/cron.hourly/
cat - > %{buildroot}%{_sysconfdir}/cron.hourly/%name <<EOF
#!/bin/bash
su %{username} -s /bin/bash -c "/usr/bin/keystone-manage --config-file /etc/keystone/keystone.conf token_flush" || :
EOF
### documentation
install -d %{buildroot}%{_mandir}/man1
install -m 644 doc/build/man/keystone-manage.1 %{buildroot}%{_mandir}/man1
### test subpackage
%openstack_test_package_install
# upstream does not distribute this directory, but it is required for
# the tests and we want to keep it out of /usr/lib/
# https://review.openstack.org/#q,I9b02a5273dd27db963e9a26085b7456f4c5f6a41,n,z
mkdir -p %{buildroot}%{_localstatedir}/lib/%{name}-test/tmp
ln -s %{_localstatedir}/lib/%{name}-test/tmp %{buildroot}%{python_sitelib}/%{component}/tests/tmp
sed -i -e "s/TMPDIR = .*/TMPDIR = os.path.join(ROOTDIR, 'tmp')/" %{buildroot}%{python_sitelib}/%{component}/tests/unit/core.py
### create keystone ssl dirs
install -d %{buildroot}%{_sysconfdir}/keystone/ssl/private
touch %{buildroot}%{_sysconfdir}/keystone/ssl/private/signing_key.pem
install -d %{buildroot}%{_sysconfdir}/keystone/ssl/certs
touch %{buildroot}%{_sysconfdir}/keystone/ssl/certs/signing_cert.pem
### set default configuration
%define keystone_conf %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf.d/010-%{component}.conf
crudini --set %{keystone_conf} DEFAULT log_dir /var/log/keystone
%pre
%openstack_pre_user_group_create %{username} %{groupname}
%post
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
if [ $1 -eq 1 ] ; then
%define keystone_conf %{_sysconfdir}/%{component}/%{component}.conf.d/010-%{component}.conf
crudini --set %{keystone_conf} signing cert_subject /C=US/ST=Unset/L=Unset/O=Unset/CN=$(hostname -f || hostname) || :
fi
# create an example.com certificate if not available already
if ! [ -r /etc/keystone/ssl/certs/signing_cert.pem ]; then
if [ -r /etc/keystone/ssl/certs/index.txt ]; then
# recreate index.txt if it is only about the example.com config
if [ 0$(wc -l </etc/keystone/ssl/certs/index.txt) -le 1 ] && grep -q CN=www.example.com /etc/keystone/ssl/certs/index.txt; then
rm /etc/keystone/ssl/certs/index.txt
fi
fi
/usr/bin/keystone-manage pki_setup --keystone-user %{username} --keystone-group %{groupname}
# keystone-manage will create a keystone.log file owned by root; fix that
test -f %{_localstatedir}/log/keystone/keystone-manage.log && {
chown %{username}:%{groupname} %{_localstatedir}/log/keystone/keystone-manage.log
}
fi
%files
%defattr(-,root,root)
%dir %attr(0755, %{username}, %{groupname}) %{_localstatedir}/lib/%{component}
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/log/%{component}
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/cache/%{component}
%_tmpfilesdir/%name.conf
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf.d/
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}/credential-keys
%dir %attr(0755, root, %{groupname}) %{_sysconfdir}/%{component}/ssl
%dir %attr(0755, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/certs
%ghost %attr(0644, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/certs/signing_cert.pem
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/private
%ghost %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/private/signing_key.pem
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf.d/010-%{component}.conf
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/logging.conf
%config %{_sysconfdir}/%{component}/keystone-paste.ini
%config %{_sysconfdir}/%{component}/policy.json
%{_sysconfdir}/%{component}/README.config
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_bindir}/keystone-manage
%{_bindir}/keystone-wsgi-admin
%{_bindir}/keystone-wsgi-public
%{_mandir}/man1/keystone*
%attr(0755, root, %{groupname}) %{_sysconfdir}/cron.hourly/%name
%doc tools/sample_data.sh
%files -n python-keystone
%defattr(-,root,root,-)
%doc LICENSE
%exclude %{python_sitelib}/%{component}/tests/tmp
%{python_sitelib}
%files test
%defattr(-,root,root)
%{_localstatedir}/lib/openstack-%{component}-test
%{python_sitelib}/%{component}/tests/tmp
%changelog
