
This provides both keystone v2 and v3 setup for testing barbican manually. It demonstrates how to set up a project/tenant in each v3 and v2 and the how to store a secret. Then only differences are in the authentication with Keystone. However, it does demonstrate both working. This change also contains the v2 and v3 keystone tests with barbican. These are pesented as two gate-*-v2 and gate-*-v3 tests which activate testing with keystone v2 and keystone v3. Change-Id: Id0310da7a80ee8796eeda52b7af936ae51ed0dd9
84 lines
2.5 KiB
YAML
84 lines
2.5 KiB
YAML
options:
|
|
openstack-origin:
|
|
default: distro
|
|
type: string
|
|
description: |
|
|
Repository from which to install. May be one of the following:
|
|
distro (default), ppa:somecustom/ppa, a deb url sources entry,
|
|
or a supported Cloud Archive release pocket.
|
|
|
|
Supported Cloud Archive sources include: cloud:precise-folsom,
|
|
cloud:precise-folsom/updates, cloud:precise-folsom/staging,
|
|
cloud:precise-folsom/proposed.
|
|
|
|
Note that updating this setting to a source that is known to
|
|
provide a later version of OpenStack will trigger a software
|
|
upgrade.
|
|
rabbit-user:
|
|
default: barbican
|
|
type: string
|
|
description: Username used to access rabbitmq queue
|
|
rabbit-vhost:
|
|
default: openstack
|
|
type: string
|
|
description: Rabbitmq vhost
|
|
database-user:
|
|
default: barbican
|
|
type: string
|
|
description: Username for Neutron database access (if enabled)
|
|
database:
|
|
default: barbican
|
|
type: string
|
|
description: Database name for Neutron (if enabled)
|
|
debug:
|
|
default: False
|
|
type: boolean
|
|
description: Enable debug logging
|
|
verbose:
|
|
default: False
|
|
type: boolean
|
|
description: Enable verbose logging
|
|
region:
|
|
default: RegionOne
|
|
type: string
|
|
description: OpenStack Region
|
|
keystone-api-version:
|
|
default: "2"
|
|
type: string
|
|
description: none, 2 or 3
|
|
require-hsm-plugin:
|
|
default: False
|
|
type: boolean
|
|
description: |
|
|
If True (the default) then the barbcian-worker process won't be fully
|
|
functional until an HSM is associated with the charm. The charm will
|
|
remain in the blocked state until an HSM is available.
|
|
label-mkek:
|
|
default: primarymkek
|
|
type: string
|
|
description: |
|
|
This is the label for the primary MKEK (Master Key Encryption Key) stored
|
|
in the HSM that is used by Barbican to wrap other encryption keys that
|
|
are provided to projects.
|
|
|
|
Note the assocated action 'generate-mkek' is used to create an MKEK when
|
|
initialising a system.
|
|
mkek-key-length:
|
|
default: 32
|
|
type: int
|
|
description: The length for generating an MKEK
|
|
label-hmac:
|
|
default: primaryhmac
|
|
type: string
|
|
description: |
|
|
This is the label for the primary HMAC (keyed-hash message authentication
|
|
code) stored in the HSM that is used by Barbican to wrap other HMACs that
|
|
are provided to projects.
|
|
|
|
Note the assocated action 'generate-hmac' is used to create an HMAC when
|
|
initialising a system.
|
|
hmac-key-length:
|
|
default: 32
|
|
type: int
|
|
description: The length for generating an HMAC
|