From 673455bd957f47c51cdb7bbdc0e8fc15e35c62c2 Mon Sep 17 00:00:00 2001
From: Jeremy Liu <liujiong@gohighsec.com>
Date: Fri, 23 Dec 2016 11:37:25 +0800
Subject: [PATCH] Fix kmip plugin

Add missing kmip configuration to barbican.conf. Also, type of `port`
should be int, this will not cause error, but better following the API.
See [1]

[1] https://github.com/OpenKMIP/PyKMIP/blob/master/kmip/pie/client.py#L60

Change-Id: Ib16fbdda38016aab13683eae24aa6dcd1af5805a
---
 barbican/plugin/kmip_secret_store.py | 6 +++---
 etc/barbican/barbican.conf           | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/barbican/plugin/kmip_secret_store.py b/barbican/plugin/kmip_secret_store.py
index e72dc3ea7..9162f23b7 100644
--- a/barbican/plugin/kmip_secret_store.py
+++ b/barbican/plugin/kmip_secret_store.py
@@ -56,12 +56,12 @@ kmip_opts = [
                default='localhost',
                help=u._('Address of the KMIP server')
                ),
-    cfg.StrOpt('port',
-               default='5696',
+    cfg.IntOpt('port',
+               default=5696,
                help=u._('Port for the KMIP server'),
                ),
     cfg.StrOpt('ssl_version',
-               default='PROTOCOL_TLSv1',
+               default='PROTOCOL_TLSv1_2',
                help=u._('SSL version, maps to the module ssl\'s constants'),
                ),
     cfg.StrOpt('ca_certs',
diff --git a/etc/barbican/barbican.conf b/etc/barbican/barbican.conf
index a4dfdae9a..8a3a3163d 100644
--- a/etc/barbican/barbican.conf
+++ b/etc/barbican/barbican.conf
@@ -316,9 +316,9 @@ port = 5696
 keyfile = '/path/to/certs/cert.key'
 certfile = '/path/to/certs/cert.crt'
 ca_certs = '/path/to/certs/LocalCA.crt'
-
-# User friendly plugin name
-# plugin_name = 'KMIP HSM'
+ssl_version = 'PROTOCOL_TLSv1_2'
+pkcs1_only = False
+plugin_name = 'KMIP HSM'
 
 
 # ================= Certificate plugin ===================