~psivaa/uci-engine/find-missing-mps

UCI-Airline Gatekeeper
======================


Setup
-----

Create a virtualenv and install the system requirements::

  $ virtualenv .venv
  ...
  $ . .venv/bin/activate
  (.venv)$ python setup.py develop
  ...

Then you can run *bin/gatekeeper*::

  (./env)$ ./bin/gatekeeper -h
  Usage: gatekeeper [options] [args]

  Options:
    -v, --verbose
    -p PORT, --port=PORT  Port to serve the REST application
    -A AUTH_URL, --auth-url=AUTH_URL
    -U USERNAME, --username=USERNAME
    -K PASSWORD, --key=PASSWORD
    -T TENANT, --tenant=TENANT
    -R REGION, --region=REGION
    -V API_VERSION, --api-version=API_VERSION
    --hp-tenant-id=TENANT_ID
    --hp-access-key-id=ACCESS_KEY_ID
    --hp-secret-key=SECRET_KEY
    -h, --help            show this help message and exit

Or run a local REST wsgi server::

  (.venv)$ ./bin/gatekeeper serve
  Running server on port 8080...
  ...

and use its API::

  $ curl http://localhost:8080/api/v1/
  CI-Airline gatekeeper.


Testing
-------

Inside the vitualenv, tests can be run with::

  (.venv)$ python -munittest discover
  ...

or::

  (.venv)$ ./setup.py test
  ...

for a more verbose output.


REST API Usage
--------------

Server greeting message::

  $ curl http://localhost:8080/api/v1/
  CI-Airline gatekeeper.

Creating a sandbox (note the 'Location' header)::

  $ curl -i -X POST http://localhost:8080/api/v1/sandbox/
  HTTP/1.0 201 Created
  ...
  Content-Type: text/plain
  Location: /api/v1/2aca8376-cb6f-11e3-a385-001c4229f9ac
  Content-Length: 44

  /api/v1/2aca8376-cb6f-11e3-a385-001c4229f9ac

Uploading objects to the sandbox::

  $ curl -X PUT http://localhost:8080/api/v1/sandbox/\
  2aca8376-cb6f-11e3-a385-001c4229f9ac/README.md | xargs curl -X PUT \
  --header "Content-Type: application/octet-stream" \
  --data-binary "@README.md"
  ...

Listing sandbox objects::

  $ curl http://localhost:8080/api/v1/sandbox/\
  2aca8376-cb6f-11e3-a385-001c4229f9ac
  README.md (5661 bytes, application/octet-stream)

Downloading sandbox objects::

  $ curl -X GET http://localhost:8080/api/v1/sandbox/\
  2aca8376-cb6f-11e3-a385-001c4229f9ac/README.md | xargs curl
  ...

Finally dropping the sandbox and its contents::

  $ curl -X DELETE http://localhost:8080/api/v1/sandbox/\
  2aca8376-cb6f-11e3-a385-001c4229f9ac


Script Usage
------------

Using environment canonistack variables (OS_*)::

  (.venv)$ . ~/.canonistack/novarc

Create a new sandbox in cannonistask::

  (.venv)$ ./bin/gatekeeper create

  Sandbox created: 5bf928ba-cb12-11e3-bfe4-001c4229f9ac

Listing existing sandboxes in canonistack::

  (.venv)$ ./bin/gatekeeper list

  All Sandboxes:
          5bf928ba-cb12-11e3-bfe4-001c4229f9ac (0 bytes, 0 objects)

Listing existing sandboxes on the local swift instance::

  (.venv)$ ./bin/gatekeeper -A http://10.0.3.64:8080/auth/v1.0 \
  -U testproj:testuser -K testpwd -V1 list

  All Sandboxes:
          02c5fc18-ca73-11e3-88d9-001c4229f9ac (1912 bytes, 1 objects)
	  b6316856-ca5e-11e3-889c-001c4229f9ac (7871 bytes, 2 objects)

Listing sandbox contents on the local swift::

  (.venv)$ ./bin/gatekeeper -A http://10.0.3.64:8080/auth/v1.0 \
  -U testproj:testuser -K testpwd -V1 \
  list 02c5fc18-ca73-11e3-88d9-001c4229f9ac

  02c5fc18-ca73-11e3-88d9-001c4229f9ac (1912 bytes, 1 objects)
          setup-swift.sh (1912 bytes, text/x-sh)

Downloading objects using tempurl::

  (.venv)$ ./bin/gatekeeper -A http://10.0.3.64:8080/auth/v1.0 \
  -U testproj:testuser -K testpwd -V1 \
  download 02c5fc18-ca73-11e3-88d9-001c4229f9ac setup-swift.sh

  Downloading from http://10.0.3.64:8080/v1/AUTH_testproj/\
  sandbox-02c5fc18-ca73-11e3-88d9-001c4229f9ac/setup-swift.sh?\
  temp_url_sig=a67bb00622365b1f7455e1bc3c0fc1729bb3eef4&\
  temp_url_expires=1398276831

Uploading objects using tempurl::

  (.venv)$ ./bin/gatekeeper -A http://10.0.3.64:8080/auth/v1.0 \
  -U testproj:testuser -K testpwd -V1 \
  upload 02c5fc18-ca73-11e3-88d9-001c4229f9ac setup-swift.sh

  Uploading to http://10.0.3.64:8080/v1/AUTH_testproj/\
  sandbox-02c5fc18-ca73-11e3-88d9-001c4229f9ac/setup-swift.sh?\
  temp_url_sig=115e4e68a75f0845e42d1f68d4e0f4ec97a269d0&\
  temp_url_expires=1398276895

Drop an existing sandbox::

  (.venv)$ ./bin/gatekeeper -A http://10.0.3.64:8080/auth/v1.0 \
  -U testproj:testuser -K testpwd -V1 \
  drop e2175b00-cb13-11e3-b370-001c4229f9ac

  Sandbox dropped: e2175b00-cb13-11e3-b370-001c4229f9ac

HP cloud uses a slightly different signature `schema
<http://docs.hpcloud.com/api/object-storage#temp_url-jumplink-span>`.
The main issue, when compared to usual openstack deployments, is that
it prepends 'tenant_id' and 'access_key_id' to the SHA1 signature and
also uses the account global secret_key, instead of user-created one,
to create tempurls signatures.

Once you find out all this HP-specific parameters (check Horizon accounts
UI), they can be passed to script via the '--hp-*' options::

  (.venv)$ ./bin/gatekeeper \
  -A https://region-a.geo-1.identity.hpcloudsvc.com:35357/v2.0/ \
  -U cprov@canonical.com -K '<PASS>' -T celso_project -R 'region-a.geo-1' \
  --hp-tenant-id 11922491647292 \
  --hp-access-key-id YZXTZCND7S8B2527GJJ4 \
  --hp-secret-key <SECRET> \
  list
  All Sandboxes:
          4bfdd05e-cb13-11e3-9db0-001c4229f9ac (0 bytes, 0 objects)


Local Swift Setup
-----------------

We can use a script to setup an LXC container with basic (read totally
insecure) authentication and tempurl module enabled for tests::

  $ sudo apt-get install lxc
  $ sudo lxc-create -n swift -t ubuntu -- -r trusty
  $ sudo lxc-start -d -n swift

Find out the LXC IP address::

  $ sudo lxc-ls --fancy
  [sudo] password for cprov:
  NAME   STATE    IPV4       IPV6  AUTOSTART
  ------------------------------------------
  swift  RUNNING  10.0.3.64  -     NO

Log in the LXC (pass: ubuntu)::

  $ scp setup-swift.sh ubuntu@10.0.3.64:
  ...
  $ ssh ubuntu@10.0.3.64
  ...
  ubuntu@swift:~$ sudo ./setup-swift.sh
  ...

Back on the host machine, use the swift client::

  (env)$ swift -A http://10.0.3.134:8080/auth/v1.0 -U testproj:testuser \
  -K testpwd stat