Add support for pluggable secrets backend
Secrets configuration will be provided from a subordinate charm utilizing the barbican-secrets interface. Switch to .stestr.conf Depends-On: I9d52243ab0ccc60eade6c8023d9c5831a1637338 Change-Id: Ibac7465f30c9a6d3e838d38b80df4092b737251b
This commit is contained in:
parent
3082897e9e
commit
fea4e7e77a
3
.stestr.conf
Normal file
3
.stestr.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
[DEFAULT]
|
||||||
|
test_path=./unit_tests
|
||||||
|
top_dir=./
|
@ -1,8 +0,0 @@
|
|||||||
[DEFAULT]
|
|
||||||
test_command=OS_STDOUT_CAPTURE=${OS_STDOUT_CAPTURE:-1} \
|
|
||||||
OS_STDERR_CAPTURE=${OS_STDERR_CAPTURE:-1} \
|
|
||||||
OS_TEST_TIMEOUT=${OS_TEST_TIMEOUT:-60} \
|
|
||||||
${PYTHON:-python} -m subunit.run discover -t ./ ./unit_tests $LISTOPT $IDOPTION
|
|
||||||
|
|
||||||
test_id_option=--load-list $IDFILE
|
|
||||||
test_list_option=--list
|
|
@ -4,6 +4,7 @@ includes:
|
|||||||
- interface:rabbitmq
|
- interface:rabbitmq
|
||||||
- interface:keystone
|
- interface:keystone
|
||||||
- interface:barbican-hsm
|
- interface:barbican-hsm
|
||||||
|
- interface:barbican-secrets
|
||||||
repo: https://github.com/openstack/charm-barbican
|
repo: https://github.com/openstack/charm-barbican
|
||||||
options:
|
options:
|
||||||
basic:
|
basic:
|
||||||
|
@ -78,6 +78,18 @@ def slot_id(hsm):
|
|||||||
return ''
|
return ''
|
||||||
|
|
||||||
|
|
||||||
|
@charms_openstack.adapters.adapter_property('secrets')
|
||||||
|
def plugins(secrets):
|
||||||
|
"""Provide a plugins property to the template if it exists"""
|
||||||
|
return secrets.relation.plugins
|
||||||
|
|
||||||
|
|
||||||
|
@charms_openstack.adapters.adapter_property('secrets')
|
||||||
|
def plugins_string(secrets):
|
||||||
|
"""Provide a plugins_string property to the template if it exists"""
|
||||||
|
return secrets.relation.plugins_string
|
||||||
|
|
||||||
|
|
||||||
class BarbicanCharm(charms_openstack.charm.HAOpenStackCharm):
|
class BarbicanCharm(charms_openstack.charm.HAOpenStackCharm):
|
||||||
"""BarbicanCharm provides the specialisation of the OpenStackCharm
|
"""BarbicanCharm provides the specialisation of the OpenStackCharm
|
||||||
functionality to manage a barbican unit.
|
functionality to manage a barbican unit.
|
||||||
|
@ -24,3 +24,6 @@ requires:
|
|||||||
hsm:
|
hsm:
|
||||||
interface: barbican-hsm
|
interface: barbican-hsm
|
||||||
optional: true
|
optional: true
|
||||||
|
secrets:
|
||||||
|
interface: barbican-secrets
|
||||||
|
optional: true
|
||||||
|
@ -53,5 +53,16 @@ def render_stuff(*args):
|
|||||||
hookenv.log("about to call the render_configs with {}".format(args))
|
hookenv.log("about to call the render_configs with {}".format(args))
|
||||||
with charm.provide_charm_instance() as barbican_charm:
|
with charm.provide_charm_instance() as barbican_charm:
|
||||||
barbican_charm.render_with_interfaces(
|
barbican_charm.render_with_interfaces(
|
||||||
charm.optional_interfaces(args, 'hsm.available'))
|
charm.optional_interfaces(args,
|
||||||
|
'hsm.available',
|
||||||
|
'secrets.available'))
|
||||||
barbican_charm.assess_status()
|
barbican_charm.assess_status()
|
||||||
|
|
||||||
|
|
||||||
|
@reactive.when('secrets.new-plugin')
|
||||||
|
def secrets_plugin_configure():
|
||||||
|
hookenv.log('Received information about secrets plugin',
|
||||||
|
level=hookenv.INFO)
|
||||||
|
reactive.clear_flag('secrets.new-plugin')
|
||||||
|
reactive.set_flag('secrets.available')
|
||||||
|
reactive.set_flag('config.changed')
|
||||||
|
@ -15,7 +15,20 @@ host_href = {{ options.external_endpoints.barbican_worker.url }}
|
|||||||
|
|
||||||
[secretstore]
|
[secretstore]
|
||||||
namespace = barbican.secretstore.plugin
|
namespace = barbican.secretstore.plugin
|
||||||
|
{% if secrets and secrets.plugins_string -%}
|
||||||
|
enabled_secretstore_plugins = {{ secrets.plugins_string }}
|
||||||
|
{% else %}
|
||||||
enabled_secretstore_plugins = store_crypto
|
enabled_secretstore_plugins = store_crypto
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
|
{% if secrets -%}
|
||||||
|
{% for plugin in secrets.plugins -%}
|
||||||
|
[{{ plugin.name }}_plugin]
|
||||||
|
{% for key, value in plugin.data.items() -%}
|
||||||
|
{{ key }} = {{ value }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
[crypto]
|
[crypto]
|
||||||
namespace = barbican.crypto.plugin
|
namespace = barbican.crypto.plugin
|
||||||
|
2
tox.ini
2
tox.ini
@ -48,7 +48,7 @@ deps = -r{toxinidir}/test-requirements.txt
|
|||||||
commands = ostestr {posargs}
|
commands = ostestr {posargs}
|
||||||
|
|
||||||
[testenv:pep8]
|
[testenv:pep8]
|
||||||
basepython = python3.5
|
basepython = python3
|
||||||
deps = -r{toxinidir}/test-requirements.txt
|
deps = -r{toxinidir}/test-requirements.txt
|
||||||
commands = flake8 {posargs} src unit_tests
|
commands = flake8 {posargs} src unit_tests
|
||||||
|
|
||||||
|
@ -38,6 +38,7 @@ class TestRegisteredHooks(test_utils.TestRegisteredHooks):
|
|||||||
'render_stuff': ('shared-db.available',
|
'render_stuff': ('shared-db.available',
|
||||||
'identity-service.available',
|
'identity-service.available',
|
||||||
'amqp.available',),
|
'amqp.available',),
|
||||||
|
'secrets_plugin_configure': ('secrets.new-plugin',),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# test that the hooks were registered via the
|
# test that the hooks were registered via the
|
||||||
@ -45,7 +46,7 @@ class TestRegisteredHooks(test_utils.TestRegisteredHooks):
|
|||||||
self.registered_hooks_test_helper(handlers, hook_set, defaults)
|
self.registered_hooks_test_helper(handlers, hook_set, defaults)
|
||||||
|
|
||||||
|
|
||||||
class TestRenderStuff(test_utils.PatchHelper):
|
class TestBarbicanHandlers(test_utils.PatchHelper):
|
||||||
|
|
||||||
def test_render_stuff(self):
|
def test_render_stuff(self):
|
||||||
barbican_charm = mock.MagicMock()
|
barbican_charm = mock.MagicMock()
|
||||||
@ -56,7 +57,8 @@ class TestRenderStuff(test_utils.PatchHelper):
|
|||||||
self.patch_object(handlers.charm, 'optional_interfaces')
|
self.patch_object(handlers.charm, 'optional_interfaces')
|
||||||
|
|
||||||
def _optional_interfaces(args, *interfaces):
|
def _optional_interfaces(args, *interfaces):
|
||||||
self.assertEqual(interfaces, ('hsm.available', ))
|
self.assertEqual(interfaces, ('hsm.available',
|
||||||
|
'secrets.available', ))
|
||||||
return args + ('hsm', )
|
return args + ('hsm', )
|
||||||
|
|
||||||
self.optional_interfaces.side_effect = _optional_interfaces
|
self.optional_interfaces.side_effect = _optional_interfaces
|
||||||
@ -65,3 +67,13 @@ class TestRenderStuff(test_utils.PatchHelper):
|
|||||||
barbican_charm.render_with_interfaces.assert_called_once_with(
|
barbican_charm.render_with_interfaces.assert_called_once_with(
|
||||||
('arg1', 'arg2', 'hsm'))
|
('arg1', 'arg2', 'hsm'))
|
||||||
barbican_charm.assess_status.assert_called_once_with()
|
barbican_charm.assess_status.assert_called_once_with()
|
||||||
|
|
||||||
|
def test_secrets_plugin_configure(self):
|
||||||
|
self.patch_object(handlers.reactive, 'clear_flag')
|
||||||
|
self.patch_object(handlers.reactive, 'set_flag')
|
||||||
|
handlers.secrets_plugin_configure()
|
||||||
|
self.clear_flag.assert_called_once_with('secrets.new-plugin')
|
||||||
|
self.set_flag.assert_has_calls([
|
||||||
|
mock.call('secrets.available'),
|
||||||
|
mock.call('config.changed'),
|
||||||
|
])
|
||||||
|
@ -61,6 +61,21 @@ class TestHSMProperties(Helper):
|
|||||||
self.assertEqual(barbican.slot_id(hsm), 'a-slot_id')
|
self.assertEqual(barbican.slot_id(hsm), 'a-slot_id')
|
||||||
|
|
||||||
|
|
||||||
|
class TestSecretsProperties(Helper):
|
||||||
|
|
||||||
|
def test_plugins(self):
|
||||||
|
secrets = mock.MagicMock()
|
||||||
|
plugins = {'name': 'a-name'}
|
||||||
|
secrets.relation.plugins = plugins
|
||||||
|
self.assertEqual(barbican.plugins(secrets), plugins)
|
||||||
|
|
||||||
|
def test_plugins_string(self):
|
||||||
|
secrets = mock.MagicMock()
|
||||||
|
plugins_string = 'a-name_plugin'
|
||||||
|
secrets.relation.plugins_string = plugins_string
|
||||||
|
self.assertEqual(barbican.plugins_string(secrets), plugins_string)
|
||||||
|
|
||||||
|
|
||||||
class TestBarbicanCharm(Helper):
|
class TestBarbicanCharm(Helper):
|
||||||
|
|
||||||
def test_action_generate_mkek(self):
|
def test_action_generate_mkek(self):
|
||||||
|
Loading…
x
Reference in New Issue
Block a user