Castellan based secret store

This will provide a Castellan based secret store, which will allow secret stores which have a castellan backend to be used behind barbican. The initial example of this is the Vault backend. Unit tests have been added. In local tests, most of the functional tests do in fact pass with a local Vault backend, though this will need to be demonstrated with a later review which establishes a Vault based gate. Change-Id: Ib30fb79304014592bfc37938839d60a4c10c244d
2017-10-17 11:15:51 -04:00
parent 163f5525c9
commit 89cb777941
8 changed files with 484 additions and 0 deletions
--- a/setup.cfg
+++ b/setup.cfg
@@ -53,6 +53,7 @@ barbican.secretstore.plugin =
    store_crypto = barbican.plugin.store_crypto:StoreCryptoAdapterPlugin
    dogtag_crypto = barbican.plugin.dogtag:DogtagKRAPlugin
    kmip_plugin = barbican.plugin.kmip_secret_store:KMIPSecretStore
+    vault_plugin = barbican.plugin.vault_secret_store:VaultSecretStore
 barbican.crypto.plugin =
    p11_crypto = barbican.plugin.crypto.p11_crypto:P11CryptoPlugin
    simple_crypto = barbican.plugin.crypto.simple_crypto:SimpleCryptoPlugin
@@ -73,6 +74,7 @@ oslo.config.opts =
    barbican.plugin.dogtag = barbican.plugin.dogtag_config_opts:list_opts
    barbican.plugin.crypto.p11 = barbican.plugin.crypto.p11_crypto:list_opts
    barbican.plugin.secret_store.kmip = barbican.plugin.kmip_secret_store:list_opts
+    barbican.plugin.secret_store.vault = barbican.plugin.vault_secret_store:list_opts
    barbican.certificate.plugin = barbican.plugin.interface.certificate_manager:list_opts
    barbican.certificate.plugin.snakeoil = barbican.plugin.snakeoil_ca:list_opts
 oslo.config.opts.defaults =