From 20ffc77b60439984fc54bb75e05ce1d7ed164568 Mon Sep 17 00:00:00 2001 From: Fernando Diaz Date: Sun, 28 Aug 2016 06:17:05 +0000 Subject: [PATCH] Add Barbican Verification to Install Guide Adds the verification of operation for the Barbican Key Manager Service to the install-guide. Change-Id: Ie4723acdee590fc61a52a352ac57a50cf71534ce --- install-guide/source/index.rst | 4 ++- install-guide/source/verify.rst | 61 +++++++++++++++++++++++++++++---- 2 files changed, 58 insertions(+), 7 deletions(-) diff --git a/install-guide/source/index.rst b/install-guide/source/index.rst index 722e7d1c..b4b74561 100644 --- a/install-guide/source/index.rst +++ b/install-guide/source/index.rst @@ -10,7 +10,9 @@ Key Manager service verify.rst next-steps.rst -The Key Manager service (barbican) provides... +The Key Manager service (barbican) provides secure storage, provisioning and +management of secret data. This includes keying material such as symmetric +keys, asymmetric keys, certificates and raw binary data. This chapter assumes a working setup of OpenStack following the `OpenStack Installation Tutorial `_. diff --git a/install-guide/source/verify.rst b/install-guide/source/verify.rst index 7a8b2df1..a7ed6191 100644 --- a/install-guide/source/verify.rst +++ b/install-guide/source/verify.rst @@ -3,22 +3,71 @@ Verify operation ~~~~~~~~~~~~~~~~ -Verify operation of the Key Manager service. +Verify operation of the Key Manager (barbican) service. .. note:: Perform these commands on the controller node. -#. Source the ``admin`` project credentials to gain access to - admin-only CLI commands: +#. Source the ``admin`` credentials to be able to perform Barbican + API calls: .. code-block:: console $ . admin-openrc -#. List service components to verify successful launch and registration - of each process: +#. Use the OpenStack CLI to store a secret: .. code-block:: console - $ openstack key manager service list + $ openstack secret store --name mysecret --payload j4=]d21 + +---------------+-----------------------------------------------------------------------+ + | Field | Value | + +---------------+-----------------------------------------------------------------------+ + | Secret href | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa | + | Name | mysecret | + | Created | None | + | Status | None | + | Content types | None | + | Algorithm | aes | + | Bit length | 256 | + | Secret type | opaque | + | Mode | cbc | + | Expiration | None | + +---------------+-----------------------------------------------------------------------+ + +#. Confirm that the secret was stored by retrieving it: + + .. code-block:: console + + $ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa + +---------------+-----------------------------------------------------------------------+ + | Field | Value | + +---------------+-----------------------------------------------------------------------+ + | Secret href | http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa | + | Name | mysecret | + | Created | 2016-08-16 16:04:10+00:00 | + | Status | ACTIVE | + | Content types | {u'default': u'application/octet-stream'} | + | Algorithm | aes | + | Bit length | 256 | + | Secret type | opaque | + | Mode | cbc | + | Expiration | None | + +---------------+-----------------------------------------------------------------------+ + + .. note:: + + Some items are populated after the secret has been created and will only + display when retrieving it. + +#. Confirm that the secret payload was stored by retrieving it: + + .. code-block:: console + + $ openstack secret get http://10.0.2.15:9311/v1/secrets/655d7d30-c11a-49d9-a0f1-34cdf53a36fa --payload + +---------+---------+ + | Field | Value | + +---------+---------+ + | Payload | j4=]d21 | + +---------+---------+