Allow fixed_key to be configurable in cookbook
The fixed_key attribute should be added in cookbook for volume encryption Change-Id: I83f697fde32bf1ccaaa3187936c664c61b1e7af9 Closes-Bug: 1467797
This commit is contained in:
parent
7386afb7c0
commit
5140ba531d
@ -232,6 +232,10 @@ The following attributes are defined in attributes/default.rb of the common cook
|
||||
* `openstack['block-storage']['backup']['swift']['retry_backoff']` - The backoff time in seconds between Swift retries.
|
||||
* `openstack['block-storage']['backup']['swift']['enable_progress_timer']` - Enable or Disable the timer to send the periodic progress notifications to Ceilometer when backing up the volume to the Swift backend storage.
|
||||
|
||||
### Keymgr configuration attributes ###
|
||||
* `openstack['block-storage']['keymgr']['api_class']` - The key manager api class to use.
|
||||
* `openstack['block-storage']['keymgr']['fixed_key']` - The fixed key returned by key manager, specified in hex (string value).
|
||||
|
||||
If the value of the 'bind_interface' attribute is non-nil, then the block-storage service will be bound to the first IP address on that interface. If the value of the 'bind_interface' attribute is nil, then the block-storage service will be bound to the IP address specified in the host attribute.
|
||||
|
||||
Testing
|
||||
|
@ -334,6 +334,12 @@ default['openstack']['block-storage']['enable_v1_api'] = 'False'
|
||||
# Whether to enable cinder v2 api or not
|
||||
default['openstack']['block-storage']['enable_v2_api'] = 'True'
|
||||
|
||||
# The full class name of the key manager api class
|
||||
default['openstack']['block-storage']['keymgr']['api_class'] = 'cinder.keymgr.conf_key_mgr.ConfKeyManager'
|
||||
|
||||
# Fixed key returned by key manager, specified in hex
|
||||
default['openstack']['block-storage']['keymgr']['fixed_key'] = nil
|
||||
|
||||
case platform_family
|
||||
when 'fedora', 'rhel' # :pragma-foodcritic: ~FC024 - won't fix this
|
||||
# operating system user and group names
|
||||
|
@ -232,6 +232,20 @@ describe 'openstack-block-storage::cinder-common' do
|
||||
expect(chef_run).not_to render_config_file(file.name).with_section_content('DEFAULT', /^host=/)
|
||||
end
|
||||
|
||||
it 'has keymgr api_class attribute default set' do
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('keymgr', /^api_class=cinder.keymgr.conf_key_mgr.ConfKeyManager$/)
|
||||
end
|
||||
|
||||
it 'does not have keymgr attribute fixed_key set by default' do
|
||||
expect(chef_run).not_to render_file(file.name).with_content(/^fixed_key=$/)
|
||||
end
|
||||
|
||||
it 'allow override for keymgr attribute fixed_key' do
|
||||
chef_run.node.set['openstack']['block-storage']['keymgr']['fixed_key'] = '1111111111111111111111111111111111111111111111111111111111111111'
|
||||
expect(chef_run).to render_config_file(file.name)\
|
||||
.with_section_content('keymgr', /^fixed_key=1111111111111111111111111111111111111111111111111111111111111111$/)
|
||||
end
|
||||
|
||||
context 'netapp driver' do
|
||||
# FIXME(galstrom21): this block needs to check all of the default
|
||||
# netapp_* configuration options
|
||||
|
@ -1031,6 +1031,24 @@ connection=<%= @sql_connection %>
|
||||
#### 100=Everything
|
||||
|
||||
|
||||
[keymgr]
|
||||
|
||||
#
|
||||
# Options defined in cinder.keymgr
|
||||
#
|
||||
|
||||
# The full class name of the key manager API class (string value)
|
||||
api_class=<%= node['openstack']['block-storage']['keymgr']['api_class'] %>
|
||||
|
||||
#
|
||||
# Options defined in cinder.keymgr.conf_key_mgr
|
||||
#
|
||||
|
||||
# Fixed key returned by key manager, specified in hex (string value)
|
||||
<% if node["openstack"]["block-storage"]["keymgr"]["fixed_key"] -%>
|
||||
fixed_key=<%= node["openstack"]["block-storage"]["keymgr"]["fixed_key"] %>
|
||||
<% end -%>
|
||||
|
||||
[keystone_authtoken]
|
||||
|
||||
#
|
||||
|
Loading…
Reference in New Issue
Block a user