Allow multibackend support for Barbican
This patch introduces 2 new variables that are designed to help deployer with barbican configuration. They are designed to support multibackend caonfiguration of the barbican while default behavior should not change. Change-Id: I3369c4254f3b48f12ed9731f18d980044e6d0b43
This commit is contained in:
parent
76b72c0975
commit
50c983e034
|
@ -47,6 +47,20 @@ barbican_keystone_listener_enable: false
|
|||
barbican_worker_enable: false
|
||||
barbican_retry_enable: false
|
||||
|
||||
# Variable defines barbican store backends configuration. It supports multibackend scenario
|
||||
# in case list length > 1. Then additional key global_default should be present, otherwise
|
||||
# first element would be set as global default. For multibackend one backend should be set
|
||||
# as global_default: True
|
||||
barbican_backends_config:
|
||||
software:
|
||||
secret_store_plugin: store_crypto
|
||||
crypto_plugin: simple_crypto
|
||||
|
||||
# Variable defines barbican crypto configuration.
|
||||
barbican_plugins_config:
|
||||
simple_crypto_plugin:
|
||||
kek: "{{ barbican_simple_crypto_key | b64encode }}"
|
||||
|
||||
## Service Name-Group Mapping
|
||||
barbican_services:
|
||||
barbican-api:
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
features:
|
||||
- |
|
||||
Added new variables `barbican_backends_config` and
|
||||
`barbican_plugins_config` along with barbican.conf cleanup to
|
||||
support multibackend scenario and more handy Barbican backends
|
||||
configuration.
|
|
@ -51,15 +51,34 @@ memcache_secret_key = {{ memcached_encryption_key }}
|
|||
|
||||
# ================= Secret Store Plugin ===================
|
||||
[secretstore]
|
||||
enabled_secretstore_plugins = store_crypto
|
||||
{% if barbican_backends_config | length > 1 %}
|
||||
enable_multiple_secret_stores = True
|
||||
stores_lookup_suffix = {{ barbican_backends_config.keys() | join(',') }}
|
||||
|
||||
{% for section, config in barbican_backends_config.items() %}
|
||||
[secretstore:{{ section }}]
|
||||
{% for key, value in config.items() %}
|
||||
{{ key }} = {{ value }}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% for config in barbican_backends_config.values() %}
|
||||
enabled_secretstore_plugins = {{ config['secret_store_plugin'] }}
|
||||
|
||||
{% if 'crypto_plugin' in config %}
|
||||
# ================= Crypto plugin ===================
|
||||
[crypto]
|
||||
enabled_crypto_plugins = simple_crypto
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
[simple_crypto_plugin]
|
||||
# the kek should be a 32-byte value which is base64 encoded
|
||||
kek = '{{ barbican_simple_crypto_key | b64encode }}'
|
||||
{% for section, config in barbican_plugins_config.items() %}
|
||||
[{{ section }}]
|
||||
{% for key, value in config.items() %}
|
||||
{{ key }} = '{{ value }}'
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
|
||||
[certificate]
|
||||
enabled_certificate_plugins = simple_certificate
|
||||
|
|
Loading…
Reference in New Issue