File openstack-keystone.spec of Package openstack-keystone
#
# spec file for package openstack-keystone
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define component keystone
%define groupname %{component}
%define username %{component}
%define version_unconverted 14.2.1.dev9
Name: openstack-%{component}
Version: 14.2.1~dev9
Release: 0
Summary: OpenStack Identity Service (Keystone)
License: Apache-2.0
Group: Development/Languages/Python
URL: https://github.com/openstack/keystone
Source: http://tarballs.openstack.org/keystone/keystone-stable-rocky.tar.gz
Source2: logging.conf
Source7: %{name}.logrotate
Source10: %name.conf
Source50: README.config
Patch1: 0001-Hide-AccountLocked-exception-from-end-users.patch
BuildRequires: crudini
BuildRequires: openstack-suse-macros
BuildRequires: python-WebTest
BuildRequires: python-base
BuildRequires: python-fixtures
BuildRequires: python-jsonschema
BuildRequires: python-keystoneclient
BuildRequires: python-ldap
BuildRequires: python-ldappool
BuildRequires: python-lxml
BuildRequires: python-mock
BuildRequires: python-oauthlib
BuildRequires: python-openstackdocstheme
BuildRequires: python-oslo.config
BuildRequires: python-oslo.db
BuildRequires: python-oslo.log
BuildRequires: python-oslo.messaging
BuildRequires: python-oslo.policy
BuildRequires: python-pbr
BuildRequires: python-pycadf
BuildRequires: python-pysaml2
BuildRequires: python-scrypt
BuildRequires: python-sphinxcontrib-apidoc
BuildRequires: python-testtools
BuildRequires: python2-oslo.cache
# Needed for %%post section keystone-manage invocation:
BuildRequires: python-WebOb
BuildRequires: python-passlib
# Documentation build requirements:
BuildRequires: python-Sphinx
BuildRequires: systemd-rpm-macros
%{?systemd_requires}
Requires: logrotate
Requires: python-keystone = %{version}
Requires: python-oslo.db >= 4.27.0
BuildRoot: %{_tmppath}/%{name}-%{version}-build
# keystone dependencies
# To generate a self-signed certificate to be used in demo setups:
Requires(post): coreutils
Requires(post): crudini
Requires(post): python-keystone
Requires(post): python-dogpile.cache >= 0.6.2
Requires(post): python-oslo.db >= 4.27.0
Requires(post): python-oslo.i18n >= 3.15.3
Requires(post): python-oslo.log >= 3.38.0
Requires(post): python-oslo.serialization >= 2.18.0
Requires(post): python-oslo.utils >= 3.33.0
Requires(post): python-osprofiler >= 1.4.0
Requires(post): python-sqlalchemy-migrate >= 0.11.0
Requires(post): python-Routes >= 2.3.1
Requires(post): python-cryptography >= 2.1
Requires(post): openssl
%if 0%{?suse_version}
Requires(post): sysconfig
Requires(pre): pwdutils
%else
Requires(pre): /usr/bin/getent /usr/sbin/useradd /usr/sbin/userdel /usr/sbin/groupadd /usr/sbin/groupdel
%endif
BuildArch: noarch
%description
Keystone is an OpenStack project that provides Identity, Token, Catalog
and Policy services for use specifically by projects in the OpenStack
family.
%package -n python-keystone
Summary: OpenStack Identity Service (Keystone) - Python module
Group: Development/Languages/Python
Requires: python >= 2.6.8
Requires: python-Babel >= 2.3.4
Requires: python-Flask >= 1.0.2
Requires: python-Flask-RESTful >= 0.3.5
Requires: python-Routes >= 2.3.1
Requires: python-SQLAlchemy >= 1.0.10
Requires: python-WebOb >= 1.7.1
Requires: python-bcrypt >= 3.1.3
Requires: python-cryptography >= 2.1
Requires: python-dogpile.cache >= 0.6.2
Requires: python-jsonschema >= 2.6.0
Requires: python-keystoneclient >= 3.8.0
Requires: python-keystonemiddleware >= 4.17.0
Requires: python-ldap >= 3.0.0
Requires: python-ldappool >= 2.3.1
Requires: python-lxml >= 3.4.1
Requires: python-oauthlib >= 0.6.2
Requires: python-oslo.cache >= 1.26.0
Requires: python-oslo.concurrency >= 3.26.0
Requires: python-oslo.context >= 2.21.0
Requires: python-oslo.db >= 4.27.0
Requires: python-oslo.i18n >= 3.15.3
Requires: python-oslo.log >= 3.38.0
Requires: python-oslo.messaging >= 5.29.0
Requires: python-oslo.middleware >= 3.31.0
Requires: python-oslo.policy >= 1.30.0
Requires: python-oslo.serialization >= 2.18.0
Requires: python-oslo.utils >= 3.33.0
Requires: python-osprofiler >= 1.4.0
Requires: python-passlib >= 1.7.0
Requires: python-pbr >= 2.0.0
Requires: python-pycadf >= 1.1.0
Requires: python-pymongo >= 3.0.2
Requires: python-pysaml2 >= 4.5.0
Requires: python-pytz >= 2013.6
Requires: python-scrypt >= 0.8.0
Requires: python-six >= 1.10.0
Requires: python-sqlalchemy-migrate >= 0.11.0
Requires: python-stevedore >= 1.20.0
%description -n python-keystone
Keystone is an OpenStack project that provides Identity, Token, Catalog
and Policy services for use specifically by projects in the OpenStack
family.
This package contains the core Python module of OpenStack Keystone.
%package test
Summary: Testsuite for the OpenStack Keystone
Group: Development/Languages/Python
Requires: %{name} = %{version}
Requires: python-WebTest >= 2.0.27
Requires: python-fixtures >= 3.0.0
Requires: python-freezegun >= 0.3.6
Requires: python-keystoneclient >= 3.8.0
Requires: python-mock >= 2.0.0
Requires: python-os-testr >= 1.0.0
Requires: python-oslotest >= 3.2.0
Requires: python-python-memcached >= 1.57
Requires: python-python-subunit >= 0.0.18
Requires: python-requests >= 2.14.2
Requires: python-testtools >= 2.2.0
# checkout_vendor in ./keystone/test.py
Requires: git-core
%description test
The OpenStack Keystone testsuite. It is used to verify the
functionality of OpenStack Keystone.
%prep
%setup -q -n %{component}-%{version_unconverted}
%patch1 -p1
%openstack_cleanup_prep
%build
python setup.py build
# man pages
PBR_VERSION=%{version_unconverted} sphinx-build -b man doc/source doc/build/man
# config file generation
PYTHONPATH=. oslo-config-generator --config-file config-generator/keystone.conf --output-file etc/keystone.conf.sample
# policy file generation
PYTHONPATH=. oslopolicy-sample-generator --config-file config-generator/keystone-policy-generator.conf --output-file etc/keystone.policy.yaml
%install
python setup.py install --prefix=%{_prefix} --root=%{buildroot}
### directories
install -d -m 750 %{buildroot}%{_localstatedir}/{lib,log}/%{component}
install -d -m 750 %{buildroot}%{_localstatedir}/cache/%{component}
install -d -m 700 %{buildroot}%{_rundir}/%{component}
install -D -m 644 %{SOURCE10} %{buildroot}/%_tmpfilesdir/%name.conf
install -d -m 750 %{buildroot}%{_datadir}/%{component}
### configuration files
install -d -m 0755 %{buildroot}%{_sysconfdir}/keystone
install -d -m 755 %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf.d/
# default dir for fernet tokens
install -d -m 750 %{buildroot}%{_sysconfdir}/keystone/credential-keys/
cp %{SOURCE50} %{buildroot}%{_sysconfdir}/keystone/
cp %{SOURCE2} %{buildroot}%{_sysconfdir}/keystone/
cp etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
cp etc/keystone-paste.ini %{buildroot}%{_sysconfdir}/keystone/
cp etc/sso_callback_template.html %{buildroot}%{_datadir}/%{component}/
mv %{buildroot}/usr/etc/keystone/keystone-paste.ini %{buildroot}%{_sysconfdir}/keystone/
mv %{buildroot}/usr/etc/keystone/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/
install -p -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
### documentation
install -d %{buildroot}%{_mandir}/man1
install -m 644 doc/build/man/keystone-manage.1 %{buildroot}%{_mandir}/man1
### test subpackage
%openstack_test_package_install
# upstream does not distribute this directory, but it is required for
# the tests and we want to keep it out of /usr/lib/
# https://review.openstack.org/#q,I9b02a5273dd27db963e9a26085b7456f4c5f6a41,n,z
mkdir -p %{buildroot}%{_localstatedir}/lib/%{name}-test/tmp
ln -s %{_localstatedir}/lib/%{name}-test/tmp %{buildroot}%{python_sitelib}/%{component}/tests/tmp
sed -i -e "s/TMPDIR = .*/TMPDIR = os.path.join(ROOTDIR, 'tmp')/" %{buildroot}%{python_sitelib}/%{component}/tests/unit/core.py
### create keystone ssl dirs
install -d %{buildroot}%{_sysconfdir}/keystone/ssl/private
install -d %{buildroot}%{_sysconfdir}/keystone/ssl/certs
### set default configuration
%define keystone_conf %{buildroot}%{_sysconfdir}/%{component}/%{component}.conf.d/010-%{component}.conf
crudini --set %{keystone_conf} DEFAULT log_dir /var/log/keystone
%pre
%openstack_pre_user_group_create %{username} %{groupname}
%post
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%files
%defattr(-,root,root)
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/lib/%{component}
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/log/%{component}
%dir %attr(0750, %{username}, %{groupname}) %{_localstatedir}/cache/%{component}
%dir %attr(0750, %{username}, %{groupname}) %{_datadir}/%{component}
%{_datadir}/%{component}/sso_callback_template.html
%_tmpfilesdir/%name.conf
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf.d/
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}/credential-keys
%dir %attr(0755, root, %{groupname}) %{_sysconfdir}/%{component}/ssl
%dir %attr(0755, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/certs
%dir %attr(0750, root, %{groupname}) %{_sysconfdir}/%{component}/ssl/private
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/%{component}.conf.d/010-%{component}.conf
%config(noreplace) %attr(0640, root, %{groupname}) %{_sysconfdir}/%{component}/logging.conf
%config %{_sysconfdir}/%{component}/keystone-paste.ini
%config %{_sysconfdir}/%{component}/sso_callback_template.html
%{_sysconfdir}/%{component}/README.config
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_bindir}/keystone-manage
%{_bindir}/keystone-wsgi-admin
%{_bindir}/keystone-wsgi-public
%{_mandir}/man1/keystone*
%doc tools/sample_data.sh
%files -n python-keystone
%defattr(-,root,root,-)
%license LICENSE
%exclude %{python_sitelib}/%{component}/tests/tmp
%{python_sitelib}
%files test
%defattr(-,root,root)
%{_localstatedir}/lib/openstack-%{component}-test
%{python_sitelib}/%{component}/tests/tmp
%changelog
