Add simple testing and debugging configuration

Signed-off-by: Ivan Dolgov <ivan@qvarnlabs.com>

10 files changed, 268 insertions, 90 deletions

diff --git a/README b/README
index 255a6d9..5c624ed 100644
--- a/README
+++ b/README
@@ -7,6 +7,51 @@ server. Originally developed to help development of Qvarn
 credentials** grant. Later on, we hope to develop this into an OpenID
 Connect provider.
 
+
+Configuration for testing
+-----------------------------------------------------------------------------
+
+The `debug.yaml` file contains a sample configuration file for Salami
+for debugging and light testing. Use it with the `start_salami`
+script.
+
+The config defines one API client, client id `test-client`, with a
+client secret of "hunter2".
+
+
+Running Salami for debugging
+-----------------------------------------------------------------------------
+
+At the root of the source tree, run the following:
+
+    ./start_salami debug.yaml
+
+This starts Salami using the Bottle.py built-in debug HTTP server,
+instead of gunicorn. This makes it easier to debug Salami. If you'd
+like to run it with gunicorn instead, add the following line to
+`debug.yaml`:
+
+    gunicorn: yes
+
+Then run this:
+
+    ./start_salami debug.yaml
+
+This runs Salami with gunicorn. Note that that means it is run in the
+background. You will need to kill the process manually.
+
+
+Running Salami for production
+-----------------------------------------------------------------------------
+
+Install Salami and then run:
+
+    start_salami /etc/salamia/salami.yaml
+
+This runs Salami using gunicorn. Better, install the `salami.service`
+systemd unit and start Salami with that.
+
+
 Merging workflow
 -----------------------------------------------------------------------------
 
diff --git a/debug.yaml b/debug.yaml
new file mode 100644
index 0000000..d7ce25d
--- /dev/null
+++ b/debug.yaml
@@ -0,0 +1,71 @@
+gunicorn: no
+clients:
+  test-client:
+    allowed_scopes:
+      - uapi_version_get
+    client_secret:
+        N: 16384
+        hash: dae4b406a05baf89cb1c9db54e960154483b10a7dc8d6234397665a0800292e0ad36fffd2a0c783cd9bd86d386a8aac043005ea117c4a7a6f3fe88fd3e0ebf4d5953c73052f53273754ad76f2b90a0537d23bf749fa97beadfc5237ce02cadde256ee0a231e134d21dc5beebd58adcaa9f2d684121850d0d9986f393ab3836ef
+        key_len: 128
+        p: 1
+        r: 8
+        salt: f5d75e6808847d6f1557fcccd65c5416
+        version: 1
+log: 
+  - filename: debug.log
+token-issuer: http://localhost:12765
+token-lifetime: 3600
+token-public-key: |
+  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdr6DQ6injbCNNhbmmjQawqWtnhxRlEtIp+S2wPaucfrBb898C5+atfYd1cI4mVq4ByIhKGYoVlMsAZyUhayMB/vRakmm/RgZwE9dfT/hFAs+ak3Dnlip8i/DYxm4qpO+ZRUj94taApnOaYStRFC4GufvPNrjcGCqxbXf5dyjqscpnhJ9UmMBoANiT5OQEvjHKW8CfxLrQ5Io9bsajCOg9EVmADWjPCWIVDnTt1xDazq4qLF2mfta0H+TjbHLJeJnTZnthMZqd4tA0yAFm1D9hRHvxkHQpRieOz11LF5AX+nXXfvchQeHnZumFFLXnfqrv4gToU+ruFpwK5J3Mn3GGIidhUxOZ6oCs/SQvd4c823Te04bIE7DjxBO03ae255xhIheDsPhZrRoobAMo+P13lkheecAfPKZLgP4r4svLDtZeWX68BYUH4ubYTRaFe+AyniVdDDBU+tuNqzpTsI0YVy23hnd51Rf4CjH8el6ZM4kAIrLdtwbroQUUgjXMbKerIlabVjfaNrDe9WBSZiGw1SF0o71GfHGbUQek1NhsI4ukeKkPx9dA4hCgoxqALkYaoszceZpVQtHtwmEY5iI1y/trOkTALAixKB2x2QDLmFReGFJMnWlWrzGopymLSem3uC4zDFrTM1nh7KWI88aup5snZbNkPWVlZHxgUJzoiw==
+token-private-key: |
+    -----BEGIN RSA PRIVATE KEY-----
+    MIIJJwIBAAKCAgEA3a+g0Oop42wjTYW5po0GsKlrZ4cUZRLSKfktsD2rnH6wW/Pf
+    AufmrX2HdXCOJlauAciIShmKFZTLAGclIWsjAf70WpJpv0YGcBPXX0/4RQLPmpNw
+    55YqfIvw2MZuKqTvmUVI/eLWgKZzmmErURQuBrn7zza43BgqsW13+Xco6rHKZ4Sf
+    VJjAaADYk+TkBL4xylvAn8S60OSKPW7GowjoPRFZgA1ozwliFQ507dcQ2s6uKixd
+    pn7WtB/k42xyyXiZ02Z7YTGaneLQNMgBZtQ/YUR78ZB0KUYnjs9dSxeQF/p11373
+    IUHh52bphRS1536q7+IE6FPq7hacCuSdzJ9xhiInYVMTmeqArP0kL3eHPNt03tOG
+    yBOw48QTtN2ntuecYSIXg7D4Wa0aKGwDKPj9d5ZIXnnAHzymS4D+K+LLyw7WXll+
+    vAWFB+Lm2E0WhXvgMp4lXQwwVPrbjas6U7CNGFctt4Z3edUX+Aox/HpemTOJACKy
+    3bcG66EFFII1zGynqyJWm1Y32jaw3vVgUmYhsNUhdKO9Rnxxm1EHpNTYbCOLpHip
+    D8fXQOIQoKMagC5GGqLM3HmaVULR7cJhGOYiNcv7azpEwCwIsSgdsdkAy5hUXhhS
+    TJ1pVq8xqKcpi0npt7guMwxa0zNZ4eyliPPGrqebJ2WzZD1lZWR8YFCc6IsCAwEA
+    AQKCAgBZKmMMpKLkjoJElBzwGJkwRXSl13ckkEVoDImL8cIs1+gnlBeHG6906KCr
+    Y/JJCWRD41yuMUeRFp/wMYyFvIoAK4QtSeauwIOmYNSnyYqad175VYR8IbJFFiRx
+    jJ6TGHQmue957ttIM6sb1SmPGwbIPdZCqkgAftftNZKkDIGwpII80OMlK6t4KZ7z
+    HYV5QubT9cOsf3yEuOfBfeT3foWqymetUbduTt/ciEwPvglReQAkhmPErA+/s3Rk
+    5SHmV1PH69iEZ2dBShFkqW2m5of3n4waxXdzgnw2vMFRitCyVFNBshfEkLNEV+hl
+    VsczrYcjpU1EBTzhNsbcusedniQSh6NGgmMBG9WkD5VTY2mJPlE/KxspWtBSdN2u
+    7EkpWEE1yaK1J6kArPW7bZSsENFc1ymlhGU96X9tIB5fy3KlNl1TS4FQjdz7/nNc
+    03D1UWBemMUTcyoIuj/ixAzJAn6kWgevmjo+p4VVUnD0XWNgwov0HM3aWebNEp7z
+    IALrvoR/rM6EaFto2H7wUwjCpzveEELaaxrt6QXWBD0UXqKXkf79NtCerrA+FsUT
+    vN6UWD2gIsX074137MDubdcz7Uy7HoveMQ9JrxTwMNn3JqgL6x0ES0tt6t3Telta
+    kt6gL9ldpnHiteBwU8mhNpmzRftCfpfAokUfFzCyrKWhxFn+AQKCAQEA45PVoq5w
+    KjMv52uTVpZiAxa65AkALFCtY1So38lB9m5QismXK9JH33N8qA7azzomPx4+CyK2
+    dhOwTogsar4uhKZEGokCNptT4rGFOyrTykfLtCWikHKaq+vVLNuoDQbKk05vBzV4
+    2CIALRNbzQ5oTrdWk4tgdWTL+HsPADx21B9epesy0kO/Xo8TaodUolWIehKPeBMh
+    rBIcAPpITHXBu3PdSVP0EPq7Zg6wGXfxw6XAHnQu1EQhvJ8TmgbUBB/3yvVUBXEd
+    wwEd3xT/03rYedMJp/K4wM0mxBueZAqe6ZNgMAzx5MAQdPjF2p/6Zh7l/ACwYNzm
+    4Y2ex8e+I7sboQKCAQEA+V9ua9rVsrfuABvfjze+aSoIT+Lk+xf75uvquEE6bNfY
+    FIqdP/EUTy55stxcGDqtetcuq0RFv4dGv6x2Pp0uv8WRkzZnsblcGJw8jO5UDOhZ
+    Tn+mDDKeX/IAtdjpLdKIQwRnojOzH0M558fHJsAqT15g1Ku7VfpQ0xN7sIgFUxJ0
+    kCvX3HK7yYcZcyP86Qbrjy59jBuk5GGum54tGolzvli8y5hWYS0LDJB7lw2vDyl6
+    mbsKg4RHUIEPAEkoyrG/aNUFIjRp8WUgFltceZrm4/4wYtt8peCmtbjWdTiwGdqt
+    njMI/BDLZ3/AAFtj0zSPUIZZja2IMahJeUY/GMz0qwKCAQApHi/OSdgoN8Fi/bPM
+    RDWHO1cfFmU6nIUHWmd8r39EiB/zQ4MVvtOPku0l7DEqmeYJJ2ysVGRFJz+GoOHt
+    k1kSTHwnkzOcLCpW3h4lV5KWjKxIazhZAuvhPiXxCeruF5kITnaPBeFEo7gGbOX8
+    Qask9ckltVwDOegEiC9oqoQJxXUzYzB2fxkXe6BVcggfoHadH7deSY6e6VK39oCT
+    l/8d4ExOEGYbn0G2qda1c09yOwNgPTuszHaP/unqvWsXJ7N8ryC0LwDil9QO11t1
+    mU99i1zGRHuPEkH70sWma6jUqPULGXunCfCvQbd1zcvPIawKARHdHmx0ukLC89rt
+    18OhAoIBAHgeT8IEFwuPLUVAJ9+EqmNdq8NPN5z7YItK+DTotovXLG44lqZGKdI6
+    QMS3AGVrXkTdgc1dhXtMXffVyt8+N1aIhCa0/h3Ne18fYss/wZy2Ds6RDhqyBzeQ
+    CmeNpEQ+NQSTCphG7vEQIMRUpskzpy2z+FB4qDQx7ty9dccCvg3Vxe/sLn4xheL9
+    AHVF0H0uqCi/7Bmg9zxLESBEgNVXgDkf5VDsgC8u0zOqJN4N6VUUVcnXHqla/j74
+    65DnrI52MAz/Dwn61U1BuMMMHu80fiM0PXpg3xnHrIW8ExFDzQ+nFhot2xYPwOqJ
+    zqJdYyhJGP9gt6JXBFNnDH0uKRZ5IyECggEAPwc1neld0P4CCkDadI9nyeF+rpzS
+    z0klRRsIw3+STjLv0Aq/gFoQ7Jy7EKJ7/u3a6nbQVNkb0fDJs1i5yc8oC4uaMFVG
+    m2R8zLMtQDcnhYZwLqSybJwiIOYOzCtnDtp/3FsDDMONFeDRucIsHaQ2aWMnJ8l4
+    SgOiDHVgHmx0fs0hKvPCYaFWL/UB8nYLc/2D8oXEKQBmQgLXTD4dQMAf5J58rLr6
+    BcD+dX+0Qij+OiYm1gfv05Cqg9M0+vziUQTj9sZv1JucJZ/0tZyxO2lBNY4uw7uM
+    VnejwRb9n/wmj23c8cQdbf2JpEYSRDgp207k/kw3wIMW4nIKRIg0DN1/6A==
+    -----END RSA PRIVATE KEY-----
diff --git a/salami-get-token b/salami-get-token
new file mode 100755
index 0000000..5c984b6
--- /dev/null
+++ b/salami-get-token
@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+
+
+import sys
+
+
+import requests
+
+
+baseurl, user, secret = sys.argv[1:4]
+scopes = sys.argv[4:]
+
+
+url = '{}/token'.format(baseurl)
+auth = (user, secret)
+data = {
+    'grant_type': 'client_credentials',
+    'scope': ' '.join(scopes),
+}
+
+r = requests.post(url, auth=auth, data=data)
+if r.ok:
+    obj = r.json()
+    print(obj['access_token'])
+else:
+    sys.stderr.write(r.text)
+    sys.stderr.write('\n')
+    sys.exit(1)
diff --git a/salami/__init__.py b/salami/__init__.py
index baef7cc..14b0f73 100644
--- a/salami/__init__.py
+++ b/salami/__init__.py
@@ -13,7 +13,6 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-
 from .version import __version__, __version_info__
 from .responses import (
     bad_request_response,
@@ -29,3 +28,4 @@ from .version_router import VersionRouter
 from .token_router import TokenRouter
 
 from .api import SalamiAPI
+from .backend import create_app
diff --git a/salami/backend.py b/salami/backend.py
index 8279000..18b27dc 100644
--- a/salami/backend.py
+++ b/salami/backend.py
@@ -1,5 +1,4 @@
-#!/usr/bin/python3
-# Copyright (C) 2017  Lars Wirzenius
+# Copyright (C) 2017-2018  Lars Wirzenius
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as
@@ -17,10 +16,12 @@
 
 import os
 
+
 import apifw
 import slog
 import yaml
 
+
 import salami
 
 
@@ -53,26 +54,26 @@ def counter():
 default_config = {
     'log': [],
     'token-issuer': None,
-    'token-audience': None,
     'token-public-key': None,
+    'token-private-key': None,
+    'token-lifetime': None,
+    'clients': None,
 }
 
 
-config_filename = os.environ.get('SALAMI_CONFIG', DEFAULT_CONFIG_FILE)
-actual_config = read_config(config_filename)
-config = dict(default_config)
-config.update(actual_config or {})
-check_config(config)
-salami.setup_logging(config)
-salami.log.log('info', msg_text='Salami starting')
+def create_app():
+    config_filename = os.environ.get('SALAMI_CONFIG', DEFAULT_CONFIG_FILE)
+    actual_config = read_config(config_filename)
+    config = dict(default_config)
+    config.update(actual_config or {})
+    if 'token-audience' not in config:
+        config['token-audience'] = config.get('token-issuer')
+    check_config(config)
+    salami.setup_logging(config)
+    salami.log.log('info', msg_text='Salami starting')
 
-api = salami.SalamiAPI(config)
-app = apifw.create_bottle_application(api, counter, dict_logger, config)
+    api = salami.SalamiAPI(config)
+    return apifw.create_bottle_application(api, counter, dict_logger, config)
 
-# If we are running this program directly with Python, and not via
-# gunicorn, we can use the Bottle built-in debug server, which can
-# make some things easier to debug.
 
-if __name__ == '__main__':
-    print('running in debug mode')
-    app.run(host='127.0.0.1', port=12765)
+app = create_app()
diff --git a/start_salami b/start_salami
index 76ced9f..16a09f5 100755
--- a/start_salami
+++ b/start_salami
@@ -15,90 +15,73 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
-# Usage: start_salami prod
-#        start_salami debug FILE
-# The first one is for production use. The second is to run a debug
-# instance, with a generated token signing key, and an access token
-# written to FILE.
-
-
 set -eu
 
 
-start_prod()
+get()
 {
-    env SALAMI_CONFIG="/etc/salami/salami.yaml" \
-        gunicorn3 \
-        --bind 127.0.0.1:12765 \
-        -w1 \
-        --log-file /var/log/salami/gunicorn3.log \
-        --log-level debug \
-        salami.backend:app
+    set -eu
+    python3 -c '
+import yaml, sys
+filename, varname = sys.argv[1:]
+config = yaml.safe_load(open(filename))
+print(config.get(varname, ""))
+' "$@"
 }
 
 
-default_scopes()
+gunicorn_wanted()
 {
-    echo uapi_version_get
+    set -eu
+    case "$(get "$1" gunicorn)" in
+         yes|True)
+             return 0
+             ;;
+    esac
+    return 1
 }
 
 
-cleanup()
+run_bottle()
 {
-    rm -rf "$tmp"
+    set -eu
+    export SALAMI_CONFIG="$1"
+    python3 -c 'import salami; salami.create_app().run(host="127.0.0.1", port=12765)'
 }
 
 
-config()
-{
-    cat <<EOF
-log: 
-  - filename: salami.log
-token-issuer: $1
-token-audience: $2
-token-public-key: $(cat "$3")
-EOF
-}
-
 
-start_debug()
+run_gunicorn()
 {
-    local token="$1"
-    local pid="$2"
-    local port="$3"
-    shift 3
+    set -eu
+    local config="$1"
+    local log_file="$(get "$config" gunicorn-log)"
+    local pid_file="$(get "$config" gunicorn-pid-file)"
+    local port="$(get "$config" gunicorn-port)"
 
-    tmp="$(mktemp -d)"
-    trap cleanup EXIT
-
-    ISS=test
-    AUD=aud
-
-    local dir="$(dirname "$0")"
-    "$dir/generate-rsa-key" "$tmp/key"
-    cp "$tmp/key.pub" key
-    "$dir/create-token" "$tmp/key" "$ISS" "$AUD" "$(default_scopes)" > "$token"
-
-    if [ "${SALAMI_CONFIG:-no}" = no ]
+    if [ "${pid_file:=no}" = no ]
     then
-        export SALAMI_CONFIG="$tmp/salami.yaml"
-        config "$ISS" "$AUD" "$tmp/key.pub" > "$SALAMI_CONFIG"
+        pid_opt=""
+    else
+        pid_opt="-p $pid_file"
     fi
-    gunicorn3 --bind "127.0.0.1:$port" -p "$pid" -w1 --log-file g.log \
-              --log-level debug "$@" \
-              salami.backend:app
+
+    export SALAMI_CONFIG="$config"
+    gunicorn3 \
+        --bind 127.0.0.1:"$port" \
+        -w1 \
+        --log-file "$log_file" \
+        "$pid_opt" \
+        --log-level debug \
+        --daemon \
+        salami.backend:app
 }
 
 
-case "$1" in
-    prod)
-        start_prod
-        ;;
-    debug)
-        shift
-        start_debug "$@"
-        ;;
-    *)
-        echo "wat?" 1>&2
-        exit 1
-esac
+config="$1"
+if gunicorn_wanted "$config"
+then
+        run_gunicorn "$config"
+else
+        run_bottle "$config"
+fi
diff --git a/test-key b/test-key
new file mode 100644
index 0000000..beeac5d
--- /dev/null
+++ b/test-key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEA3a+g0Oop42wjTYW5po0GsKlrZ4cUZRLSKfktsD2rnH6wW/Pf
+AufmrX2HdXCOJlauAciIShmKFZTLAGclIWsjAf70WpJpv0YGcBPXX0/4RQLPmpNw
+55YqfIvw2MZuKqTvmUVI/eLWgKZzmmErURQuBrn7zza43BgqsW13+Xco6rHKZ4Sf
+VJjAaADYk+TkBL4xylvAn8S60OSKPW7GowjoPRFZgA1ozwliFQ507dcQ2s6uKixd
+pn7WtB/k42xyyXiZ02Z7YTGaneLQNMgBZtQ/YUR78ZB0KUYnjs9dSxeQF/p11373
+IUHh52bphRS1536q7+IE6FPq7hacCuSdzJ9xhiInYVMTmeqArP0kL3eHPNt03tOG
+yBOw48QTtN2ntuecYSIXg7D4Wa0aKGwDKPj9d5ZIXnnAHzymS4D+K+LLyw7WXll+
+vAWFB+Lm2E0WhXvgMp4lXQwwVPrbjas6U7CNGFctt4Z3edUX+Aox/HpemTOJACKy
+3bcG66EFFII1zGynqyJWm1Y32jaw3vVgUmYhsNUhdKO9Rnxxm1EHpNTYbCOLpHip
+D8fXQOIQoKMagC5GGqLM3HmaVULR7cJhGOYiNcv7azpEwCwIsSgdsdkAy5hUXhhS
+TJ1pVq8xqKcpi0npt7guMwxa0zNZ4eyliPPGrqebJ2WzZD1lZWR8YFCc6IsCAwEA
+AQKCAgBZKmMMpKLkjoJElBzwGJkwRXSl13ckkEVoDImL8cIs1+gnlBeHG6906KCr
+Y/JJCWRD41yuMUeRFp/wMYyFvIoAK4QtSeauwIOmYNSnyYqad175VYR8IbJFFiRx
+jJ6TGHQmue957ttIM6sb1SmPGwbIPdZCqkgAftftNZKkDIGwpII80OMlK6t4KZ7z
+HYV5QubT9cOsf3yEuOfBfeT3foWqymetUbduTt/ciEwPvglReQAkhmPErA+/s3Rk
+5SHmV1PH69iEZ2dBShFkqW2m5of3n4waxXdzgnw2vMFRitCyVFNBshfEkLNEV+hl
+VsczrYcjpU1EBTzhNsbcusedniQSh6NGgmMBG9WkD5VTY2mJPlE/KxspWtBSdN2u
+7EkpWEE1yaK1J6kArPW7bZSsENFc1ymlhGU96X9tIB5fy3KlNl1TS4FQjdz7/nNc
+03D1UWBemMUTcyoIuj/ixAzJAn6kWgevmjo+p4VVUnD0XWNgwov0HM3aWebNEp7z
+IALrvoR/rM6EaFto2H7wUwjCpzveEELaaxrt6QXWBD0UXqKXkf79NtCerrA+FsUT
+vN6UWD2gIsX074137MDubdcz7Uy7HoveMQ9JrxTwMNn3JqgL6x0ES0tt6t3Telta
+kt6gL9ldpnHiteBwU8mhNpmzRftCfpfAokUfFzCyrKWhxFn+AQKCAQEA45PVoq5w
+KjMv52uTVpZiAxa65AkALFCtY1So38lB9m5QismXK9JH33N8qA7azzomPx4+CyK2
+dhOwTogsar4uhKZEGokCNptT4rGFOyrTykfLtCWikHKaq+vVLNuoDQbKk05vBzV4
+2CIALRNbzQ5oTrdWk4tgdWTL+HsPADx21B9epesy0kO/Xo8TaodUolWIehKPeBMh
+rBIcAPpITHXBu3PdSVP0EPq7Zg6wGXfxw6XAHnQu1EQhvJ8TmgbUBB/3yvVUBXEd
+wwEd3xT/03rYedMJp/K4wM0mxBueZAqe6ZNgMAzx5MAQdPjF2p/6Zh7l/ACwYNzm
+4Y2ex8e+I7sboQKCAQEA+V9ua9rVsrfuABvfjze+aSoIT+Lk+xf75uvquEE6bNfY
+FIqdP/EUTy55stxcGDqtetcuq0RFv4dGv6x2Pp0uv8WRkzZnsblcGJw8jO5UDOhZ
+Tn+mDDKeX/IAtdjpLdKIQwRnojOzH0M558fHJsAqT15g1Ku7VfpQ0xN7sIgFUxJ0
+kCvX3HK7yYcZcyP86Qbrjy59jBuk5GGum54tGolzvli8y5hWYS0LDJB7lw2vDyl6
+mbsKg4RHUIEPAEkoyrG/aNUFIjRp8WUgFltceZrm4/4wYtt8peCmtbjWdTiwGdqt
+njMI/BDLZ3/AAFtj0zSPUIZZja2IMahJeUY/GMz0qwKCAQApHi/OSdgoN8Fi/bPM
+RDWHO1cfFmU6nIUHWmd8r39EiB/zQ4MVvtOPku0l7DEqmeYJJ2ysVGRFJz+GoOHt
+k1kSTHwnkzOcLCpW3h4lV5KWjKxIazhZAuvhPiXxCeruF5kITnaPBeFEo7gGbOX8
+Qask9ckltVwDOegEiC9oqoQJxXUzYzB2fxkXe6BVcggfoHadH7deSY6e6VK39oCT
+l/8d4ExOEGYbn0G2qda1c09yOwNgPTuszHaP/unqvWsXJ7N8ryC0LwDil9QO11t1
+mU99i1zGRHuPEkH70sWma6jUqPULGXunCfCvQbd1zcvPIawKARHdHmx0ukLC89rt
+18OhAoIBAHgeT8IEFwuPLUVAJ9+EqmNdq8NPN5z7YItK+DTotovXLG44lqZGKdI6
+QMS3AGVrXkTdgc1dhXtMXffVyt8+N1aIhCa0/h3Ne18fYss/wZy2Ds6RDhqyBzeQ
+CmeNpEQ+NQSTCphG7vEQIMRUpskzpy2z+FB4qDQx7ty9dccCvg3Vxe/sLn4xheL9
+AHVF0H0uqCi/7Bmg9zxLESBEgNVXgDkf5VDsgC8u0zOqJN4N6VUUVcnXHqla/j74
+65DnrI52MAz/Dwn61U1BuMMMHu80fiM0PXpg3xnHrIW8ExFDzQ+nFhot2xYPwOqJ
+zqJdYyhJGP9gt6JXBFNnDH0uKRZ5IyECggEAPwc1neld0P4CCkDadI9nyeF+rpzS
+z0klRRsIw3+STjLv0Aq/gFoQ7Jy7EKJ7/u3a6nbQVNkb0fDJs1i5yc8oC4uaMFVG
+m2R8zLMtQDcnhYZwLqSybJwiIOYOzCtnDtp/3FsDDMONFeDRucIsHaQ2aWMnJ8l4
+SgOiDHVgHmx0fs0hKvPCYaFWL/UB8nYLc/2D8oXEKQBmQgLXTD4dQMAf5J58rLr6
+BcD+dX+0Qij+OiYm1gfv05Cqg9M0+vziUQTj9sZv1JucJZ/0tZyxO2lBNY4uw7uM
+VnejwRb9n/wmj23c8cQdbf2JpEYSRDgp207k/kw3wIMW4nIKRIg0DN1/6A==
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/test-key.pub b/test-key.pub
new file mode 100644
index 0000000..d33c302
--- /dev/null
+++ b/test-key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdr6DQ6injbCNNhbmmjQawqWtnhxRlEtIp+S2wPaucfrBb898C5+atfYd1cI4mVq4ByIhKGYoVlMsAZyUhayMB/vRakmm/RgZwE9dfT/hFAs+ak3Dnlip8i/DYxm4qpO+ZRUj94taApnOaYStRFC4GufvPNrjcGCqxbXf5dyjqscpnhJ9UmMBoANiT5OQEvjHKW8CfxLrQ5Io9bsajCOg9EVmADWjPCWIVDnTt1xDazq4qLF2mfta0H+TjbHLJeJnTZnthMZqd4tA0yAFm1D9hRHvxkHQpRieOz11LF5AX+nXXfvchQeHnZumFFLXnfqrv4gToU+ruFpwK5J3Mn3GGIidhUxOZ6oCs/SQvd4c823Te04bIE7DjxBO03ae255xhIheDsPhZrRoobAMo+P13lkheecAfPKZLgP4r4svLDtZeWX68BYUH4ubYTRaFe+AyniVdDDBU+tuNqzpTsI0YVy23hnd51Rf4CjH8el6ZM4kAIrLdtwbroQUUgjXMbKerIlabVjfaNrDe9WBSZiGw1SF0o71GfHGbUQek1NhsI4ukeKkPx9dA4hCgoxqALkYaoszceZpVQtHtwmEY5iI1y/trOkTALAixKB2x2QDLmFReGFJMnWlWrzGopymLSem3uC4zDFrTM1nh7KWI88aup5snZbNkPWVlZHxgUJzoiw==
\ No newline at end of file
diff --git a/yarns/900-local.yarn b/yarns/900-local.yarn
index 64ed4c0..09add3c 100644
--- a/yarns/900-local.yarn
+++ b/yarns/900-local.yarn
@@ -62,7 +62,6 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
     IMPLEMENTS GIVEN a running salami instance
     start_salami()
-    print(repr(start_salami))
     assert V['API_URL'] is not None
 
 ## Stop a Salami we started
diff --git a/yarns/lib.py b/yarns/lib.py
index cabd943..b36869d 100644
--- a/yarns/lib.py
+++ b/yarns/lib.py
@@ -185,6 +185,10 @@ def start_salami():
         }
 
     config = {
+        'gunicorn': True,
+        'gunicorn-log': 'gunicorn.log',
+        'gunicorn-pid-file': V['pid-file'],
+        'gunicorn-port': V['port'],
         'log': [
             {
                 'filename': V['api.log'],
@@ -193,7 +197,6 @@ def start_salami():
         'token-private-key': V['privkey'],
         'token-public-key': V['pubkey'],
         'token-issuer': V['iss'],
-        'token-audience': V['aud'],
         'token-lifetime': 3600,
         'clients': clients,
     }
@@ -202,11 +205,7 @@ def start_salami():
     yaml.safe_dump(config, open(env['SALAMI_CONFIG'], 'w'))
     argv = [
         os.path.join(srcdir, 'start_salami'),
-        'debug',
-        'token.jwt',
-        V['pid-file'],
-        str(V['port']),
-        '--daemon',
+        env['SALAMI_CONFIG'],
     ]
     cliapp.runcmd(argv, env=env, stdout=None, stderr=None)
     until = time.time() + 2.0