From 7afb60e6591d9d1e6d6374a85cf516182b660815 Mon Sep 17 00:00:00 2001
From: Tyler Smith <tyler.smith@windriver.com>
Date: Mon, 8 Apr 2019 15:40:07 -0400
Subject: [PATCH 1/1] Update-spec-with-tis-additions

---
 SPECS/openstack-keystone.spec | 50 +++++++++++++++++++++++++++++++++++++------
 1 file changed, 43 insertions(+), 7 deletions(-)

diff --git a/SPECS/openstack-keystone.spec b/SPECS/openstack-keystone.spec
index 3d5fcee..97c0586 100644
--- a/SPECS/openstack-keystone.spec
+++ b/SPECS/openstack-keystone.spec
@@ -11,7 +11,8 @@
 %global pyver_build %py%{pyver}_build
 # End of macros for py2/py3 compatibility
 
-%global with_doc 1
+#STX: Turn off doc building
+%global with_doc 0
 %global service keystone
 # guard for package OSP does not support
 %global rhosp 0
@@ -39,6 +40,13 @@ Source3:        openstack-keystone.sysctl
 Source5:        openstack-keystone-sample-data
 Source20:       keystone-dist.conf
 
+#STX
+Source99:       openstack-keystone.service
+Source100:      keystone-all
+Source101:      keystone-fernet-keys-rotate-active
+Source102:      password-rules.conf
+Source103:      public.py
+
 # STX: Include patches here
 Patch1:         0001-Rebasing-Keyring-integration.patch
 
@@ -233,9 +241,9 @@ sed -i 's#/local/bin#/bin#' httpd/wsgi-keystone.conf
 sed -i 's#apache2#httpd#' httpd/wsgi-keystone.conf
 
 %build
-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf
-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml
-PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json
+PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf
+PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format yaml --output-file=%{service}-schema.yaml
+PYTHONPATH=. oslo-config-generator --config-file=config-generator/keystone.conf --format json --output-file=%{service}-schema.json
 # distribution defaults are located in keystone-dist.conf
 
 %{pyver_build}
@@ -250,6 +258,8 @@ PYTHONPATH=. oslo-config-generator-%{pyver} --config-file=config-generator/keyst
 # Instead, ship an empty file that operators can override.
 echo "{}" > policy.json
 
+# STX: default dir for fernet tokens
+install -d -m 750 %{buildroot}%{_sysconfdir}/keystone/credential-keys/
 install -d -m 755 %{buildroot}%{_sysconfdir}/keystone
 install -p -D -m 640 etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
 install -p -D -m 640 policy.json %{buildroot}%{_sysconfdir}/keystone/policy.json
@@ -259,7 +269,8 @@ install -p -D -m 644 %{SOURCE20} %{buildroot}%{_datadir}/keystone/keystone-dist.
 install -p -D -m 640 etc/logging.conf.sample %{buildroot}%{_sysconfdir}/keystone/logging.conf
 install -p -D -m 640 etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/default_catalog.templates
 install -p -D -m 640 etc/sso_callback_template.html %{buildroot}%{_sysconfdir}/keystone/sso_callback_template.html
-install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
+# STX: don't install a separate keystone logrotate file as this is managed by syslog-ng
+#install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-keystone
 install -d -m 755 %{buildroot}%{_prefix}/lib/sysctl.d
 install -p -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/sysctl.d/openstack-keystone.conf
 # Install sample data script.
@@ -268,6 +279,21 @@ install -p -D -m 755 %{SOURCE5} %{buildroot}%{_bindir}/openstack-keystone-sample
 # Install sample HTTPD integration files
 install -p -D -m 644 httpd/wsgi-keystone.conf  %{buildroot}%{_datadir}/keystone/
 
+# STX install keystone cron script
+install -p -D -m 755 %{SOURCE101} %{buildroot}%{_bindir}/keystone-fernet-keys-rotate-active
+
+# STX: install password rules(readable only)
+install -p -D -m 440 %{SOURCE102} %{buildroot}%{_sysconfdir}/keystone/password-rules.conf
+
+# STX: install keystone public gunicorn app
+install -p -D -m 755 %{SOURCE103}  %{buildroot}/%{_datarootdir}/keystone/public.py
+
+# STX: install openstack-keystone service script
+install -p -D -m 644 %{SOURCE99} %{buildroot}%{_unitdir}/openstack-keystone.service
+
+# STX: Install keystone-all bash script
+install -p -D -m 755 %{SOURCE100} %{buildroot}%{_bindir}/keystone-all
+
 install -d -m 755 %{buildroot}%{_sharedstatedir}/keystone
 install -d -m 755 %{buildroot}%{_localstatedir}/log/keystone
 
@@ -325,26 +351,36 @@ chmod 660 %{_localstatedir}/log/keystone/keystone.log
 %{_bindir}/keystone-manage
 %{_bindir}/keystone-status
 %{_bindir}/openstack-keystone-sample-data
+# STX: add keystone-all
+%{_bindir}/keystone-all
+# STX: add Keystone fernet keys cron job
+%{_bindir}/keystone-fernet-keys-rotate-active
 %dir %{_datadir}/keystone
 %attr(0644, root, keystone) %{_datadir}/keystone/keystone-dist.conf
 %attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.yaml
 %attr(0644, root, keystone) %{_datadir}/keystone/%{service}-schema.json
 %attr(0755, root, root) %{_datadir}/keystone/sample_data.sh
 %attr(0644, root, keystone) %{_datadir}/keystone/wsgi-keystone.conf
+# STX: add openstack-keystone sysinit script
+%{_unitdir}/openstack-keystone.service
 %dir %attr(0750, root, keystone) %{_sysconfdir}/keystone
 %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/keystone.conf
 %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/logging.conf
 %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/policy.json
 %config(noreplace) %attr(0640, root, keystone) %{_sysconfdir}/keystone/default_catalog.templates
 %config(noreplace) %attr(0640, keystone, keystone) %{_sysconfdir}/keystone/sso_callback_template.html
-%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
+# STX: log rotate not needed
+#%config(noreplace) %{_sysconfdir}/logrotate.d/openstack-keystone
 %dir %attr(-, keystone, keystone) %{_sharedstatedir}/keystone
 %dir %attr(0750, keystone, keystone) %{_localstatedir}/log/keystone
 %ghost %attr(0660, root, keystone) %{_localstatedir}/log/keystone/keystone.log
 %{_prefix}/lib/sysctl.d/openstack-keystone.conf
-
+# STX: add password rules configuration
+%attr(0440, root, keystone) %{_sysconfdir}/keystone/password-rules.conf
 
 %files -n python%{pyver}-keystone -f %{service}.lang
+# STX: public.py addition
+%{_datarootdir}/keystone/public*.py*
 %defattr(-,root,root,-)
 %license LICENSE
 %{pyver_sitelib}/keystone
-- 
1.8.3.1