Adding "region and endpoint_type" parameters to barbican_acl.py
When requesting for a barbican client, this change lets you filter based on region and endpoint_type. Conflicts: etc/octavia.conf Change-Id: Ib4b9b75027443177c039f60f99822b9b3d021b8a
This commit is contained in:
parent
25bcbc1cc1
commit
c887461f61
|
@ -81,6 +81,12 @@
|
|||
# cert_manager = barbican_cert_manager
|
||||
# For Barbican authentication (if using any Barbican based cert class)
|
||||
# barbican_auth = barbican_acl_auth
|
||||
#
|
||||
# Region in Identity service catalog to use for communication with the Barbican service.
|
||||
# region_name =
|
||||
#
|
||||
# Endpoint type to use for communication with the Barbican service.
|
||||
# endpoint_type = publicURL
|
||||
|
||||
|
||||
[anchor]
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
Barbican ACL auth class for Barbican certificate handling
|
||||
"""
|
||||
from barbicanclient import client as barbican_client
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log as logging
|
||||
from oslo_utils import excutils
|
||||
|
||||
|
@ -27,6 +28,9 @@ from octavia.i18n import _LE
|
|||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.import_group('certificates', 'octavia.common.config')
|
||||
|
||||
|
||||
class BarbicanACLAuth(barbican_common.BarbicanAuth):
|
||||
_barbican_client = None
|
||||
|
@ -36,7 +40,9 @@ class BarbicanACLAuth(barbican_common.BarbicanAuth):
|
|||
if not cls._barbican_client:
|
||||
try:
|
||||
cls._barbican_client = barbican_client.Client(
|
||||
session=keystone.get_session()
|
||||
session=keystone.get_session(),
|
||||
region_name=CONF.certificates.region_name,
|
||||
interface=CONF.certificates.endpoint_type
|
||||
)
|
||||
except Exception:
|
||||
with excutils.save_and_reraise_exception():
|
||||
|
|
|
@ -284,7 +284,13 @@ certificate_opts = [
|
|||
help='Name of the cert generator to use'),
|
||||
cfg.StrOpt('barbican_auth',
|
||||
default='barbican_acl_auth',
|
||||
help='Name of the Barbican authentication method to use')
|
||||
help='Name of the Barbican authentication method to use'),
|
||||
cfg.StrOpt('region_name',
|
||||
help='Region in Identity service catalog to use for '
|
||||
'communication with the barbican service.'),
|
||||
cfg.StrOpt('endpoint_type',
|
||||
default='publicURL',
|
||||
help='The endpoint_type to be used for barbican service.')
|
||||
]
|
||||
|
||||
house_keeping_opts = [
|
||||
|
|
|
@ -14,19 +14,26 @@
|
|||
|
||||
from barbicanclient import client as barbican_client
|
||||
import mock
|
||||
from oslo_config import cfg
|
||||
|
||||
import octavia.certificates.common.auth.barbican_acl as barbican_acl
|
||||
import octavia.certificates.manager.barbican as barbican_cert_mgr
|
||||
from octavia.common import keystone
|
||||
import octavia.tests.unit.base as base
|
||||
|
||||
CONF = cfg.CONF
|
||||
CONF.import_group('certificates', 'octavia.common.config')
|
||||
|
||||
|
||||
class TestBarbicanACLAuth(base.TestCase):
|
||||
|
||||
def setUp(self):
|
||||
# Reset the client
|
||||
keystone._SESSION = None
|
||||
|
||||
CONF.set_override(name='region_name', override=None,
|
||||
group='certificates')
|
||||
CONF.set_override(name='endpoint_type', override='publicURL',
|
||||
group='certificates')
|
||||
super(TestBarbicanACLAuth, self).setUp()
|
||||
|
||||
def test_get_barbican_client(self):
|
||||
|
@ -51,4 +58,4 @@ class TestBarbicanACLAuth(base.TestCase):
|
|||
|
||||
def test_load_auth_driver(self):
|
||||
bcm = barbican_cert_mgr.BarbicanCertManager()
|
||||
self.assertTrue(isinstance(bcm.auth, barbican_acl.BarbicanACLAuth))
|
||||
self.assertIsInstance(bcm.auth, barbican_acl.BarbicanACLAuth)
|
||||
|
|
Loading…
Reference in New Issue