This provides both keystone v2 and v3 setup for testing barbican
manually. It demonstrates how to set up a project/tenant in each v3 and
v2 and the how to store a secret. Then only differences are in the
authentication with Keystone. However, it does demonstrate both
working.
This change also contains the v2 and v3 keystone tests with barbican.
These are pesented as two gate-*-v2 and gate-*-v3 tests which activate
testing with keystone v2 and keystone v3.
Change-Id: Id0310da7a80ee8796eeda52b7af936ae51ed0dd9
Add src/README.md placeholder to prevent inheritence of the
lower layer readme file in the built charm.
Add src/tox.ini and test-requirements for Amulet prep.
Update metadata.yaml for series.
Update tox.ini to minimize and clarify pep8 ignores.
Resolve flake8/pbr test-requirements version range conflict.
Remove legacy lint and test targets from Makefile, ensuring
these tests will execute via tox. Trusty test runners have
no py35 interpreter, and would have failed in running both
py34 and py35 in succession as it was defined.
Update src/layer.yaml repo value to point to official location
and remove unnecessary options.
Change-Id: Ia663fda7761dca6dc08583314f00beedf1db60cc
* Change charm to inherit layer:openstack-api as this is an API charm
This adds the SSL config options to the charms config.yaml
* Barbican now servers the API service through Apache so add code
to manage /etc/apache2/conf-available/barbican-api.conf
* Switch BarbicanConfigurationAdapter to be a child of
APIConfigurationAdapter to inherit methods for configuring haproxy
and apache2.
* Add reactive handle to configure ssl when identity relation is
complete
* Move Juno template dir to mitaka as mitaka is the earliest
supported release.
* Updated host_href in barbican.conf to specify the correct external
url for accessing the service. Without this clients are redirected
to the wrong location.
charms.openstack has been refactered such that OpenStackRelationAdapters has
a new derived class called OpenStackAPIRelationAdapters which contains the
amqp, db and cluster relations. As Barbican needs those, the BarbicanAdapters
needs to be derived from the more specialised class.
The barbican-hsm-plugin interface provides a mechanism for the Barbican
charm to communicate with an HSM plugin. The plugin (from the Barbican
perspective) is provided as a PKCS#11 compliant library (.so) and so is
local to the Barbican installation. Thus, the hsm-plugin charms are
subordinate to the Barbican charm and run on the same unit.
This change also provides two actions (generate-mkek and generate-hmac)
which are 'one-off' operations to initialise the HSM with the global
master keys.
Add a note to the README that the generate-mkek and generate-hmac
actions may only be done once as the HSM may reject overwriting the key.
Add Apache2.0 LICENSE and license headers to files
Removed redundant copyright file
Change the reference for the internal port to 9311 The barbican project
changed the INTERNAL port to the same as the PUBLIC port.
Add in seed_file and seed_length to template. These are needed for a
change in Barbican to support seeding the RNG in the HSM if required.
They are set to /dev/random and 32.
Fetch the barbican sources from a PPA (for bug: 1599550)
Remove the trusty support for Py3 from install hook
This adds in the unit_test framework but there is a name collision
between charm.openstack as a module, and charm.openstack here which the
package loader can't resolve. Therefore, going to change the
charm.openstack package to charms.openstack to avoid the collision.