diff --git a/etc/octavia.conf b/etc/octavia.conf index 3b31ad43dd..d03f795d63 100644 --- a/etc/octavia.conf +++ b/etc/octavia.conf @@ -77,6 +77,12 @@ # cert_manager = barbican_cert_manager # For Barbican authentication (if using any Barbican based cert class) # barbican_auth = barbican_acl_auth +# +# Region in Identity service catalog to use for communication with the Barbican service. +# region_name = +# +# Endpoint type to use for communication with the Barbican service. +# endpoint_type = publicURL [anchor] diff --git a/octavia/certificates/common/auth/barbican_acl.py b/octavia/certificates/common/auth/barbican_acl.py index 295672f918..06fc877110 100644 --- a/octavia/certificates/common/auth/barbican_acl.py +++ b/octavia/certificates/common/auth/barbican_acl.py @@ -17,6 +17,7 @@ Barbican ACL auth class for Barbican certificate handling """ from barbicanclient import client as barbican_client +from oslo_config import cfg from oslo_log import log as logging from oslo_utils import excutils @@ -27,6 +28,9 @@ from octavia.i18n import _LE LOG = logging.getLogger(__name__) +CONF = cfg.CONF +CONF.import_group('certificates', 'octavia.common.config') + class BarbicanACLAuth(barbican_common.BarbicanAuth): _barbican_client = None @@ -36,7 +40,9 @@ class BarbicanACLAuth(barbican_common.BarbicanAuth): if not cls._barbican_client: try: cls._barbican_client = barbican_client.Client( - session=keystone.get_session() + session=keystone.get_session(), + region_name=CONF.certificates.region_name, + interface=CONF.certificates.endpoint_type ) except Exception: with excutils.save_and_reraise_exception(): diff --git a/octavia/common/config.py b/octavia/common/config.py index 6bc44acdc1..025b27c974 100644 --- a/octavia/common/config.py +++ b/octavia/common/config.py @@ -263,7 +263,13 @@ certificate_opts = [ help='Name of the cert generator to use'), cfg.StrOpt('barbican_auth', default='barbican_acl_auth', - help='Name of the Barbican authentication method to use') + help='Name of the Barbican authentication method to use'), + cfg.StrOpt('region_name', + help='Region in Identity service catalog to use for ' + 'communication with the barbican service.'), + cfg.StrOpt('endpoint_type', + default='publicURL', + help='The endpoint_type to be used for barbican service.') ] house_keeping_opts = [ diff --git a/octavia/tests/unit/certificates/common/auth/test_barbican_acl.py b/octavia/tests/unit/certificates/common/auth/test_barbican_acl.py index 2063170009..6c29df797b 100644 --- a/octavia/tests/unit/certificates/common/auth/test_barbican_acl.py +++ b/octavia/tests/unit/certificates/common/auth/test_barbican_acl.py @@ -14,19 +14,26 @@ from barbicanclient import client as barbican_client import mock +from oslo_config import cfg import octavia.certificates.common.auth.barbican_acl as barbican_acl import octavia.certificates.manager.barbican as barbican_cert_mgr from octavia.common import keystone import octavia.tests.unit.base as base +CONF = cfg.CONF +CONF.import_group('certificates', 'octavia.common.config') + class TestBarbicanACLAuth(base.TestCase): def setUp(self): # Reset the client keystone._SESSION = None - + CONF.set_override(name='region_name', override=None, + group='certificates') + CONF.set_override(name='endpoint_type', override='publicURL', + group='certificates') super(TestBarbicanACLAuth, self).setUp() def test_get_barbican_client(self): @@ -51,4 +58,4 @@ class TestBarbicanACLAuth(base.TestCase): def test_load_auth_driver(self): bcm = barbican_cert_mgr.BarbicanCertManager() - self.assertTrue(isinstance(bcm.auth, barbican_acl.BarbicanACLAuth)) \ No newline at end of file + self.assertIsInstance(bcm.auth, barbican_acl.BarbicanACLAuth)