This provides both keystone v2 and v3 setup for testing barbican
manually. It demonstrates how to set up a project/tenant in each v3 and
v2 and the how to store a secret. Then only differences are in the
authentication with Keystone. However, it does demonstrate both
This change also contains the v2 and v3 keystone tests with barbican.
These are pesented as two gate-*-v2 and gate-*-v3 tests which activate
testing with keystone v2 and keystone v3.
The barbican-hsm-plugin interface provides a mechanism for the Barbican
charm to communicate with an HSM plugin. The plugin (from the Barbican
perspective) is provided as a PKCS#11 compliant library (.so) and so is
local to the Barbican installation. Thus, the hsm-plugin charms are
subordinate to the Barbican charm and run on the same unit.
This change also provides two actions (generate-mkek and generate-hmac)
which are 'one-off' operations to initialise the HSM with the global
Add a note to the README that the generate-mkek and generate-hmac
actions may only be done once as the HSM may reject overwriting the key.
Add Apache2.0 LICENSE and license headers to files
Removed redundant copyright file
Change the reference for the internal port to 9311 The barbican project
changed the INTERNAL port to the same as the PUBLIC port.
Add in seed_file and seed_length to template. These are needed for a
change in Barbican to support seeding the RNG in the HSM if required.
They are set to /dev/random and 32.
Fetch the barbican sources from a PPA (for bug: 1599550)
Remove the trusty support for Py3 from install hook