openstack
/
puppet-barbican
Code Issues Proposed changes

Replace legacy facts and use fact hash 

... because the latest lint no longer allows usage of legacy facts and
top scope fact.

Change-Id: I6e76d095bb0f78ef4962f1150da94e4d4153a374
This commit is contained in:
Takashi Kajinami 2023-03-01 13:36:48 +09:00
parent 626681f04d
commit 729f5d286c
35 changed files with 340 additions and 388 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
manifests/api.pp
View File

@ -24,47 +24,47 @@
#
# [*max_allowed_secret_in_bytes*]
# (optional) Maximum allowed secret size to be stored.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*max_allowed_request_size_in_bytes*]
# (optional) Maximum request size against the barbican API.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*default_transport_url*]
# (optional) Connection url for oslo messaging backend. An example rabbit url
# would be, rabbit://user:pass@host:port/virtual_host
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rpc_response_timeout*]
# (Optional) Seconds to wait for a response from a call.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*control_exchange*]
# (Optional) The default exchange under which topics are scoped. May be
# overridden by an exchange name specified in the transport_url
# option.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*notification_transport_url*]
# (optional) Connection url for oslo messaging notifications backend. An
# example rabbit url would be, rabbit://user:pass@host:port/virtual_host
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*notification_driver*]
# (optional) Driver to use for oslo messaging notifications backend.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*notification_topics*]
# (optional) Topics to use for oslo messaging notifications backend.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rabbit_use_ssl*]
# (optional) Connect over SSL for RabbitMQ
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rabbit_ha_queues*]
# (optional) Use HA queues in RabbitMQ.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rabbit_heartbeat_timeout_threshold*]
# (optional) Number of seconds after which the RabbitMQ broker is considered
@ -72,14 +72,14 @@
# Heartbeating helps to ensure the TCP connection to RabbitMQ isn't silently
# closed, resulting in missed or lost messages from the queue.
# (Requires kombu >= 3.0.7 and amqp >= 1.4.0)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rabbit_heartbeat_rate*]
# (optional) How often during the rabbit_heartbeat_timeout_threshold period to
# check the heartbeat on RabbitMQ connection. (i.e. rabbit_heartbeat_rate=2
# when rabbit_heartbeat_timeout_threshold=60, the heartbeat will be checked
# every 30 seconds.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*rabbit_heartbeat_in_pthread*]
# (Optional) EXPERIMENTAL: Run the health check heartbeat thread
@ -89,43 +89,43 @@
# example if the parent process have monkey patched the
# stdlib by using eventlet/greenlet then the heartbeat
# will be run through a green thread.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*amqp_durable_queues*]
# (optional) Define queues as "durable" to rabbitmq.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*enable_queue*]
# (optional) Enable asynchronous queuing
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*queue_namespace*]
# (optional) Namespace for the queue
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*queue_topic*]
# (optional) Topic for the queue
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*queue_version*]
# (optional) Version for the task API
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*queue_server_name*]
# (optional) Server name for RPC service
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*enabled_secretstore_plugins*]
# (optional) Enabled secretstore plugins. Multiple plugins
# are defined in a list eg. ['store_crypto', dogtag_crypto']
# Used when multiple_secret_stores_enabled is not set to true.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*enabled_crypto_plugins*]
# (optional) Enabled crypto_plugins. Multiple plugins
# are defined in a list eg. ['simple_crypto','p11_crypto']
# Used when multiple_secret_stores_enabled is not set to true.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*enabled_secret_stores*]
# (optional) Enabled secretstores. This is the configuration
@ -142,46 +142,46 @@
# [*enabled_certificate_plugins*]
# (optional) Enabled certificate plugins as a list.
# e.g. ['snakeoil_ca', 'dogtag']
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*enabled_certificate_event_plugins*]
# (optional) Enabled certificate event plugins as a list
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_ca_certs*]
# (optional) SSL certification authority file (valid only if SSL enabled).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_certfile*]
# (optional) SSL cert file (valid only if SSL enabled).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_keyfile*]
# (optional) SSL key file (valid only if SSL enabled).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_ssl_version*]
# (optional) SSL version to use (valid only if SSL enabled).
# Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
# available on some distributions.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_reconnect_delay*]
# (optional) How long to wait before reconnecting in response to an AMQP
# consumer cancel notification.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_failover_strategy*]
# (Optional) Determines how the next RabbitMQ node is chosen in case the one
# we are currently connected to becomes unavailable. Takes effect only if
# more than one RabbitMQ node is provided in config. (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kombu_compression*]
# (optional) Possible values are: gzip, bz2. If not set compression will not
# be used. This option may notbe available in future versions. EXPERIMENTAL.
# (string value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*auth_strategy*]
# (optional) authentication type
@ -202,7 +202,7 @@
# [*db_auto_create*]
# (optional) Barbican API server option to create the database
# automatically when the server starts.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*service_name*]
# (optional) Name of the service that will be providing the
@ -216,67 +216,67 @@
# [*enable_proxy_headers_parsing*]
# (Optional) Enable paste middleware to handle SSL requests through
# HTTPProxyToWSGI middleware.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*max_request_body_size*]
# (Optional) Set max request body size
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*max_limit_paging*]
# (Optional) Maximum page size for the 'limit' paging URL parameter.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*default_limit_paging*]
# (Optional) Default page size for the 'limit' paging URL parameter.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
class barbican::api (
$package_ensure = 'present',
$bind_host = '0.0.0.0',
$bind_port = '9311',
$host_href = undef,
$max_allowed_secret_in_bytes = $::os_service_default,
$max_allowed_request_size_in_bytes = $::os_service_default,
$default_transport_url = $::os_service_default,
$rpc_response_timeout = $::os_service_default,
$control_exchange = $::os_service_default,
$notification_transport_url = $::os_service_default,
$notification_driver = $::os_service_default,
$notification_topics = $::os_service_default,
$rabbit_use_ssl = $::os_service_default,
$rabbit_heartbeat_timeout_threshold = $::os_service_default,
$rabbit_heartbeat_rate = $::os_service_default,
$rabbit_heartbeat_in_pthread = $::os_service_default,
$rabbit_ha_queues = $::os_service_default,
$amqp_durable_queues = $::os_service_default,
$enable_queue = $::os_service_default,
$queue_namespace = $::os_service_default,
$queue_topic = $::os_service_default,
$queue_version = $::os_service_default,
$queue_server_name = $::os_service_default,
$enabled_secretstore_plugins = $::os_service_default,
$enabled_crypto_plugins = $::os_service_default,
$max_allowed_secret_in_bytes = $facts['os_service_default'],
$max_allowed_request_size_in_bytes = $facts['os_service_default'],
$default_transport_url = $facts['os_service_default'],
$rpc_response_timeout = $facts['os_service_default'],
$control_exchange = $facts['os_service_default'],
$notification_transport_url = $facts['os_service_default'],
$notification_driver = $facts['os_service_default'],
$notification_topics = $facts['os_service_default'],
$rabbit_use_ssl = $facts['os_service_default'],
$rabbit_heartbeat_timeout_threshold = $facts['os_service_default'],
$rabbit_heartbeat_rate = $facts['os_service_default'],
$rabbit_heartbeat_in_pthread = $facts['os_service_default'],
$rabbit_ha_queues = $facts['os_service_default'],
$amqp_durable_queues = $facts['os_service_default'],
$enable_queue = $facts['os_service_default'],
$queue_namespace = $facts['os_service_default'],
$queue_topic = $facts['os_service_default'],
$queue_version = $facts['os_service_default'],
$queue_server_name = $facts['os_service_default'],
$enabled_secretstore_plugins = $facts['os_service_default'],
$enabled_crypto_plugins = $facts['os_service_default'],
$enabled_secret_stores = 'simple_crypto',
$multiple_secret_stores_enabled = false,
$enabled_certificate_plugins = $::os_service_default,
$enabled_certificate_event_plugins = $::os_service_default,
$kombu_ssl_ca_certs = $::os_service_default,
$kombu_ssl_certfile = $::os_service_default,
$kombu_ssl_keyfile = $::os_service_default,
$kombu_ssl_version = $::os_service_default,
$kombu_reconnect_delay = $::os_service_default,
$kombu_failover_strategy = $::os_service_default,
$kombu_compression = $::os_service_default,
$enabled_certificate_plugins = $facts['os_service_default'],
$enabled_certificate_event_plugins = $facts['os_service_default'],
$kombu_ssl_ca_certs = $facts['os_service_default'],
$kombu_ssl_certfile = $facts['os_service_default'],
$kombu_ssl_keyfile = $facts['os_service_default'],
$kombu_ssl_version = $facts['os_service_default'],
$kombu_reconnect_delay = $facts['os_service_default'],
$kombu_failover_strategy = $facts['os_service_default'],
$kombu_compression = $facts['os_service_default'],
$auth_strategy = 'keystone',
$manage_service = true,
$enabled = true,
$sync_db = true,
$db_auto_create = $::os_service_default,
$db_auto_create = $facts['os_service_default'],
$service_name = $::barbican::params::api_service_name,
$enable_proxy_headers_parsing = $::os_service_default,
$max_request_body_size = $::os_service_default,
$max_limit_paging = $::os_service_default,
$default_limit_paging = $::os_service_default,
$enable_proxy_headers_parsing = $facts['os_service_default'],
$max_request_body_size = $facts['os_service_default'],
$max_limit_paging = $facts['os_service_default'],
$default_limit_paging = $facts['os_service_default'],
) inherits barbican::params {
include barbican::deps
@ -292,7 +292,7 @@ class barbican::api (
# basic service config
if $host_href == undef {
$host_href_real = "http://${::fqdn}:${bind_port}"
$host_href_real = "http://${facts['networking']['fqdn']}:${bind_port}"
} else {
$host_href_real = $host_href
}
@ -399,7 +399,7 @@ class barbican::api (
if $service_name == $::barbican::params::api_service_name {
if $::operatingsystem == 'Ubuntu' {
if $facts['os']['name'] == 'Ubuntu' {
fail('With Ubuntu packages the service_name must be set to httpd as there is no eventlet init script.')
}
@ -413,7 +413,7 @@ class barbican::api (
}
# Debian is using UWSGI, not gunicorn
if $::operatingsystem != 'Debian' {
if $facts['os']['name'] != 'Debian' {
file_line { 'Modify bind_port in gunicorn-config.py':
path => '/etc/barbican/gunicorn-config.py',
line => "bind = '${bind_host}:${bind_port}'",
@ -424,7 +424,7 @@ class barbican::api (
} elsif $service_name == 'httpd' {
# Ubuntu packages does not have a barbican-api service
if $::operatingsystem != 'Ubuntu' {
if $facts['os']['name'] != 'Ubuntu' {
service { 'barbican-api':
ensure => 'stopped',
name => $::barbican::params::api_service_name,

78
manifests/api/logging.pp
View File

@ -6,72 +6,72 @@
#
# [*debug*]
# (Optional) Should the daemons log debug messages
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*use_syslog*]
# (Optional) Use syslog for logging.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*use_json*]
# (Optional) Use json for logging.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*use_journal*]
# (Optional) Use journal for logging.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*use_stderr*]
# (Optional) Use stderr for logging
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*log_facility*]
# (Optional) Syslog facility to receive log lines.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*log_dir*]
# (Optional) Directory where logs should be stored.
# If set to $::os_service_default, it will not log to any directory.
# If set to $facts['os_service_default'], it will not log to any directory.
# Defaults to '/var/log/barbican'
#
# [*log_file*]
# (Optional) File where logs should be stored.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*watch_log_file*]
# (Optional) Uses logging handler designed to watch file system (boolean value).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
#
# [*logging_context_format_string*]
# (Optional) Format string to use for log messages with context.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
# [%(request_id)s %(user_identity)s] %(instance)s%(message)s'
#
# [*logging_default_format_string*]
# (Optional) Format string to use for log messages without context.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\
# [-] %(instance)s%(message)s'
#
# [*logging_debug_format_suffix*]
# (Optional) Formatted data to append to log format when level is DEBUG.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
# Example: '%(funcName)s %(pathname)s:%(lineno)d'
#
# [*logging_exception_prefix*]
# (Optional) Prefix each line of exception output with this format.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s'
#
# [*log_config_append*]
# (Optional) The name of an additional logging configuration file.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
# See https://docs.python.org/2/howto/logging.html
#
# [*default_log_levels*]
# (Optional) Hash of logger (keys) and level (values) pairs.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
# Example:
# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN',
# 'sqlalchemy' => 'WARN', 'suds' => 'INFO',
@ -83,50 +83,50 @@
#
# [*publish_errors*]
# (Optional) Publish error events (boolean value).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*fatal_deprecations*]
# (Optional) Make deprecations fatal (boolean value)
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*instance_format*]
# (Optional) If an instance is passed with the log message, format it
# like this (string value).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
# Example: '[instance: %(uuid)s] '
#
# [*instance_uuid_format*]
# (Optional) If an instance UUID is passed with the log message, format
# it like this (string value).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
# Example: instance_uuid_format='[instance: %(uuid)s] '
#
# [*log_date_format*]
# (Optional) Format string for %%(asctime)s in log records.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
# Example: 'Y-%m-%d %H:%M:%S'
#
class barbican::api::logging(
$use_syslog = $::os_service_default,
$use_json = $::os_service_default,
$use_journal = $::os_service_default,
$use_stderr = $::os_service_default,
$log_facility = $::os_service_default,
$use_syslog = $facts['os_service_default'],
$use_json = $facts['os_service_default'],
$use_journal = $facts['os_service_default'],
$use_stderr = $facts['os_service_default'],
$log_facility = $facts['os_service_default'],
$log_dir = '/var/log/barbican',
$log_file = $::os_service_default,
$watch_log_file = $::os_service_default,
$debug = $::os_service_default,
$logging_context_format_string = $::os_service_default,
$logging_default_format_string = $::os_service_default,
$logging_debug_format_suffix = $::os_service_default,
$logging_exception_prefix = $::os_service_default,
$log_config_append = $::os_service_default,
$default_log_levels = $::os_service_default,
$publish_errors = $::os_service_default,
$fatal_deprecations = $::os_service_default,
$instance_format = $::os_service_default,
$instance_uuid_format = $::os_service_default,
$log_date_format = $::os_service_default,
$log_file = $facts['os_service_default'],
$watch_log_file = $facts['os_service_default'],
$debug = $facts['os_service_default'],
$logging_context_format_string = $facts['os_service_default'],
$logging_default_format_string = $facts['os_service_default'],
$logging_debug_format_suffix = $facts['os_service_default'],
$logging_exception_prefix = $facts['os_service_default'],
$log_config_append = $facts['os_service_default'],
$default_log_levels = $facts['os_service_default'],
$publish_errors = $facts['os_service_default'],
$fatal_deprecations = $facts['os_service_default'],
$instance_format = $facts['os_service_default'],
$instance_uuid_format = $facts['os_service_default'],
$log_date_format = $facts['os_service_default'],
) {
include barbican::deps

24
manifests/cors.pp
View File

@ -8,41 +8,41 @@
# (Optional) Indicate whether this resource may be shared with the domain
# received in the requests "origin" header.
# (string value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*allow_credentials*]
# (Optional) Indicate that the actual request can include user credentials.
# (boolean value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*expose_headers*]
# (Optional) Indicate which headers are safe to expose to the API.
# (list value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*max_age*]
# (Optional) Maximum cache age of CORS preflight requests.
# (integer value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*allow_methods*]
# (Optional) Indicate which methods can be used during the actual request.
# (list value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*allow_headers*]
# (Optional) Indicate which header field names may be used during the actual
# request.
# (list value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
class barbican::cors (
$allowed_origin = $::os_service_default,
$allow_credentials = $::os_service_default,
$expose_headers = $::os_service_default,
$max_age = $::os_service_default,
$allow_methods = $::os_service_default,
$allow_headers = $::os_service_default,
$allowed_origin = $facts['os_service_default'],
$allow_credentials = $facts['os_service_default'],
$expose_headers = $facts['os_service_default'],
$max_age = $facts['os_service_default'],
$allow_methods = $facts['os_service_default'],
$allow_headers = $facts['os_service_default'],
) {
include barbican::deps

36
manifests/db.pp
View File

@ -10,59 +10,59 @@
#
# [*database_connection_recycle_time*]
# Timeout when db connections should be reaped.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_max_retries*]
# Maximum number of database connection retries during startup.
# Setting -1 implies an infinite retry count.
# NOTE: This is currently NOT used until barbican correctly leverages oslo.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_retry_interval*]
# Interval between retries of opening a database connection.
# NOTE: This is currently NOT used until barbican correctly leverages oslo.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_max_pool_size*]
# Maximum number of SQL connections to keep open in a pool.
# NOTE: This is currently NOT used until barbican correctly leverages oslo.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_max_overflow*]
# If set, use this value for max_overflow with sqlalchemy.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_pool_size*]
# Number of SQL connections to keep open in a pool.
# NOTE: This is currently used until barbican correctly leverages oslo and
# will be removed during a later release.
# (Optional) Defaults to $::os_service_default
# (Optional) Defaults to $facts['os_service_default']
#
# [*database_db_max_retries*]
# (Optional) Maximum retries in case of connection error or deadlock error
# before error is raised. Set to -1 to specify an infinite retry count.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*database_pool_timeout*]
# (Optional) If set, use this value for pool_timeout with SQLAlchemy.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*mysql_enable_ndb*]
# (Optional) If True, transparently enables support for handling MySQL
# Cluster (NDB).
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
class barbican::db (
$database_connection = 'sqlite:////var/lib/barbican/barbican.sqlite',
$database_connection_recycle_time = $::os_service_default,
$database_max_pool_size = $::os_service_default,
$database_max_retries = $::os_service_default,
$database_retry_interval = $::os_service_default,
$database_max_overflow = $::os_service_default,
$database_pool_size = $::os_service_default,
$database_db_max_retries = $::os_service_default,
$database_pool_timeout = $::os_service_default,
$mysql_enable_ndb = $::os_service_default,
$database_connection_recycle_time = $facts['os_service_default'],
$database_max_pool_size = $facts['os_service_default'],
$database_max_retries = $facts['os_service_default'],
$database_retry_interval = $facts['os_service_default'],
$database_max_overflow = $facts['os_service_default'],
$database_pool_size = $facts['os_service_default'],
$database_db_max_retries = $facts['os_service_default'],
$database_pool_timeout = $facts['os_service_default'],
$mysql_enable_ndb = $facts['os_service_default'],
) {
include barbican::deps

16
manifests/healthcheck.pp
View File

@ -6,28 +6,28 @@
#
# [*detailed*]
# (Optional) Show more detailed information as part of the response.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*backends*]
# (Optional) Additional backends that can perform health checks and report
# that information back as part of a request.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*disable_by_file_path*]
# (Optional) Check the presence of a file to determine if an application
# is running on a port.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*disable_by_file_paths*]
# (Optional) Check the presence of a file to determine if an application
# is running on a port. Expects a "port:path" list of strings.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
class barbican::healthcheck (
$detailed = $::os_service_default,
$backends = $::os_service_default,
$disable_by_file_path = $::os_service_default,
$disable_by_file_paths = $::os_service_default,
$detailed = $facts['os_service_default'],
$backends = $facts['os_service_default'],
$disable_by_file_path = $facts['os_service_default'],
$disable_by_file_paths = $facts['os_service_default'],
) {
include barbican::deps

116
manifests/keystone/authtoken.pp
View File

@ -10,7 +10,7 @@
#
# [*password*]
# (Optional) Password to create for the service user
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*auth_url*]
# (Optional) The URL to use for authentication.
@ -30,17 +30,17 @@
#
# [*system_scope*]
# (Optional) Scope for system operations
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*insecure*]
# (Optional) If true, explicitly allow TLS without checking server cert
# against any certificate authorities. WARNING: not recommended. Use with
# caution.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*auth_section*]
# (Optional) Config Section from which to load plugin specific options
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*auth_type*]
# (Optional) Authentication type to load
@ -52,26 +52,26 @@
#
# [*auth_version*]
# (Optional) API version of the admin Identity API endpoint.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*cache*]
# (Optional) Env key for the swift cache.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*cafile*]
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
# connections.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*certfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*delay_auth_decision*]
# (Optional) Do not handle authorization requests within the middleware, but
# delegate the authorization decision to downstream WSGI components. Boolean
# value
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*enforce_token_bind*]
# (Optional) Used to control the use and type of token binding. Can be set
@ -81,57 +81,57 @@
# type is unknown the token will be rejected. "required" any form of token
# binding is needed to be allowed. Finally the name of a binding method that
# must be present in tokens. String value.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*http_connect_timeout*]
# (Optional) Request timeout value for communicating with Identity API
# server.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*http_request_max_retries*]
# (Optional) How many times are we trying to reconnect when communicating
# with Identity API Server. Integer value
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*include_service_catalog*]
# (Optional) Indicate whether to set the X-Service-Catalog header. If False,
# middleware will not ask for service catalog on token validation and will
# not set the X-Service-Catalog header. Boolean value.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*keyfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*memcache_pool_conn_get_timeout*]
# (Optional) Number of seconds that an operation will wait to get a memcached
# client connection from the pool. Integer value
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*memcache_pool_dead_retry*]
# (Optional) Number of seconds memcached server is considered dead before it
# is tried again. Integer value
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*memcache_pool_maxsize*]
# (Optional) Maximum total number of open connections to every memcached
# server. Integer value
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*memcache_pool_socket_timeout*]
# (Optional) Number of seconds a connection to memcached is held unused in
# the pool before it is closed. Integer value
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*memcache_pool_unused_timeout*]
# (Optional) Number of seconds a connection to memcached is held unused in
# the pool before it is closed. Integer value
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*memcache_secret_key*]
# (Optional, mandatory if memcache_security_strategy is defined) This string
# is used for key derivation.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*memcache_security_strategy*]
# (Optional) If defined, indicate whether token data should be authenticated
@ -139,17 +139,17 @@
# HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the
# cache. If the value is not one of these options or empty, auth_token will
# raise an exception on initialization.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*memcache_use_advanced_pool*]
# (Optional) Use the advanced (eventlet safe) memcached client pool. The
# advanced pool will only work under python 2.x Boolean value
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*memcached_servers*]
# (Optional) Optionally specify a list of memcached server(s) to use for
# caching. If left undefined, tokens will instead be cached in-process.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*manage_memcache_package*]
# (Optional) Whether to install the python-memcache package.
@ -157,13 +157,13 @@
#
# [*region_name*]
# (Optional) The region in which the identity server can be found.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*token_cache_time*]
# (Optional) In order to prevent excessive effort spent validating tokens,
# the middleware caches previously-seen tokens for a configurable duration
# (in seconds). Set to -1 to disable caching completely. Integer value
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*service_token_roles*]
# (Optional) A choice of roles that must be present in a service token.
@ -173,66 +173,66 @@
# here are applied as an ANY check so any role in this list
# must be present. For backwards compatibility reasons this
# currently only affects the allow_expired check. (list value)
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*service_token_roles_required*]
# (optional) backwards compatibility to ensure that the service tokens are
# compared against a list of possible roles for validity
# true/false
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*service_type*]
# (Optional) The name or type of the service as it appears in the service
# catalog. This is used to validate tokens that have restricted access rules.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*interface*]
# (Optional) Interface to use for the Identity API endpoint. Valid values are
# "public", "internal" or "admin".
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*params*]
# (Optional) Hash of additional parameters to pass through to the keystone
# authtoken class. Values set here override the individual parameters above.
#
class barbican::keystone::authtoken(
$password = $::os_service_default,
$password = $facts['os_service_default'],
$username = 'barbican',
$auth_url = 'http://localhost:5000',
$project_name = 'services',
$user_domain_name = 'Default',
$project_domain_name = 'Default',
$system_scope = $::os_service_default,
$insecure = $::os_service_default,
$auth_section = $::os_service_default,
$system_scope = $facts['os_service_default'],
$insecure = $facts['os_service_default'],
$auth_section = $facts['os_service_default'],
$auth_type = 'password',
$www_authenticate_uri = 'http://localhost:5000',
$auth_version = $::os_service_default,
$cache = $::os_service_default,
$cafile = $::os_service_default,
$certfile = $::os_service_default,
$delay_auth_decision = $::os_service_default,
$enforce_token_bind = $::os_service_default,
$http_connect_timeout = $::os_service_default,
$http_request_max_retries = $::os_service_default,
$include_service_catalog = $::os_service_default,
$keyfile = $::os_service_default,
$memcache_pool_conn_get_timeout = $::os_service_default,
$memcache_pool_dead_retry = $::os_service_default,
$memcache_pool_maxsize = $::os_service_default,
$memcache_pool_socket_timeout = $::os_service_default,
$memcache_pool_unused_timeout = $::os_service_default,
$memcache_secret_key = $::os_service_default,
$memcache_security_strategy = $::os_service_default,
$memcache_use_advanced_pool = $::os_service_default,
$memcached_servers = $::os_service_default,
$auth_version = $facts['os_service_default'],
$cache = $facts['os_service_default'],
$cafile = $facts['os_service_default'],
$certfile = $facts['os_service_default'],
$delay_auth_decision = $facts['os_service_default'],
$enforce_token_bind = $facts['os_service_default'],
$http_connect_timeout = $facts['os_service_default'],
$http_request_max_retries = $facts['os_service_default'],
$include_service_catalog = $facts['os_service_default'],
$keyfile = $facts['os_service_default'],
$memcache_pool_conn_get_timeout = $facts['os_service_default'],
$memcache_pool_dead_retry = $facts['os_service_default'],
$memcache_pool_maxsize = $facts['os_service_default'],
$memcache_pool_socket_timeout = $facts['os_service_default'],
$memcache_pool_unused_timeout = $facts['os_service_default'],
$memcache_secret_key = $facts['os_service_default'],
$memcache_security_strategy = $facts['os_service_default'],
$memcache_use_advanced_pool = $facts['os_service_default'],
$memcached_servers = $facts['os_service_default'],
$manage_memcache_package = false,
$region_name = $::os_service_default,
$token_cache_time = $::os_service_default,
$service_token_roles = $::os_service_default,
$service_token_roles_required = $::os_service_default,
$service_type = $::os_service_default,
$interface = $::os_service_default,
$region_name = $facts['os_service_default'],
$token_cache_time = $facts['os_service_default'],
$service_token_roles = $facts['os_service_default'],
$service_token_roles_required = $facts['os_service_default'],
$service_type = $facts['os_service_default'],
$interface = $facts['os_service_default'],
$params = {},
) {

20
manifests/keystone/notification.pp
View File

@ -6,23 +6,23 @@
#
# [*enable_keystone_notification*]
# (optional) Enable keystone notification listener functionality
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*keystone_notification_control_exchange*]
# (optional) The default exchange under which topics are scoped.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*keystone_notification_topic*]
# (optional) Keystone notification queue topic name.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*keystone_notification_allow_requeue*]
# (optional) Requeues notification in case of notification processing error.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*keystone_notification_thread_pool_size*]
# (optional) max threads to be used for notification server
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*package_ensure*]
# (Optional) The state of the barbican-keystone-listener package.
@ -33,11 +33,11 @@
# Defaults to true
#
class barbican::keystone::notification (
$enable_keystone_notification = $::os_service_default,
$keystone_notification_control_exchange = $::os_service_default,
$keystone_notification_topic = $::os_service_default,
$keystone_notification_allow_requeue = $::os_service_default,
$keystone_notification_thread_pool_size = $::os_service_default,
$enable_keystone_notification = $facts['os_service_default'],
$keystone_notification_control_exchange = $facts['os_service_default'],
$keystone_notification_topic = $facts['os_service_default'],
$keystone_notification_allow_requeue = $facts['os_service_default'],
$keystone_notification_thread_pool_size = $facts['os_service_default'],
$package_ensure = 'present',
$manage_service = true,
) {

7
manifests/params.pp
View File

@ -10,7 +10,7 @@ class barbican::params {
$group = 'barbican'
$dogtag_client_package = 'pki-base'
case $::osfamily {
case $facts['os']['family'] {
'RedHat': {
$common_package_name = 'openstack-barbican-common'
$api_package_name = 'openstack-barbican-api'
@ -38,8 +38,7 @@ class barbican::params {
$barbican_wsgi_script_source = '/usr/bin/barbican-wsgi-api'
}
default: {
fail("Unsupported osfamily: ${::osfamily} operating system")
fail("Unsupported osfamily: ${facts['os']['family']}")
}
} # Case $::osfamily
}
}

28
manifests/plugins/dogtag.pp
View File

@ -13,31 +13,31 @@
#
# [*dogtag_plugin_pem_path*]
# (optional) Path to KRA agent PEM file
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*dogtag_plugin_dogtag_host*]
# (optional) Host for the Dogtag server
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*dogtag_plugin_dogtag_port*]
# (optional) Host for the Dogtag server
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*dogtag_plugin_nss_db_path*]
# (optional) Path to plugin NSS DB
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*dogtag_plugin_simple_cmc_profile*]
# (optional) Profile for simple CMC enrollment.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*dogtag_plugin_ca_expiration_time*]
# (optional) Expiration time for the Dogtag CA entry in days
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*dogtag_plugin_plugin_working_dir*]
# (optional) Working directory for Dogtag plugin
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*global_default*]
# (optional) set plugin as global default
@ -46,13 +46,13 @@
class barbican::plugins::dogtag (
$dogtag_plugin_nss_password,
$dogtag_plugin_ensure_package = 'present',
$dogtag_plugin_pem_path = $::os_service_default,
$dogtag_plugin_dogtag_host = $::os_service_default,
$dogtag_plugin_dogtag_port = $::os_service_default,
$dogtag_plugin_nss_db_path = $::os_service_default,
$dogtag_plugin_simple_cmc_profile = $::os_service_default,
$dogtag_plugin_ca_expiration_time = $::os_service_default,
$dogtag_plugin_plugin_working_dir = $::os_service_default,
$dogtag_plugin_pem_path = $facts['os_service_default'],
$dogtag_plugin_dogtag_host = $facts['os_service_default'],
$dogtag_plugin_dogtag_port = $facts['os_service_default'],
$dogtag_plugin_nss_db_path = $facts['os_service_default'],
$dogtag_plugin_simple_cmc_profile = $facts['os_service_default'],
$dogtag_plugin_ca_expiration_time = $facts['os_service_default'],
$dogtag_plugin_plugin_working_dir = $facts['os_service_default'],
$global_default = false,
) {

20
manifests/plugins/kmip.pp
View File

@ -12,27 +12,27 @@
#
# [*kmip_plugin_username*]
# (optional) username for KMIP device
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kmip_plugin_password*]
# (optional) password for KMIP device. This parameter is required
# when the kmip_plugin_username parameter is set.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kmip_plugin_keyfile*]
# (optional) key file for KMIP device. This parameter is required when
# the kmip_plugin_username parameter is not set.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kmip_plugin_certfile*]
# (optional) cert file for KMIP device. This parameter is required when
# the kmip_plugin_username parameter is not set.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kmip_plugin_ca_certs*]
# (optional) ca certs file for KMIP device. This parameter is required when
# the kmip_plugin_username parameter is not set.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*global_default*]
# (optional) set plugin as global default
@ -41,11 +41,11 @@
class barbican::plugins::kmip (
$kmip_plugin_host,
$kmip_plugin_port,
$kmip_plugin_username = $::os_service_default,
$kmip_plugin_password = $::os_service_default,
$kmip_plugin_keyfile = $::os_service_default,
$kmip_plugin_certfile = $::os_service_default,
$kmip_plugin_ca_certs = $::os_service_default,
$kmip_plugin_username = $facts['os_service_default'],
$kmip_plugin_password = $facts['os_service_default'],
$kmip_plugin_keyfile = $facts['os_service_default'],
$kmip_plugin_certfile = $facts['os_service_default'],
$kmip_plugin_ca_certs = $facts['os_service_default'],
$global_default = false,
) {

36
manifests/plugins/p11_crypto.pp
View File

@ -21,46 +21,46 @@
#
# [*p11_crypto_plugin_token_serial_number*]
# (optional) Serial number to identify PKCS#11 token
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*p11_crypto_plugin_token_labels*]
# (optional) List of comma-separated labels to identify
# PKCS#11 tokens to be used.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*p11_crypto_plugin_slot_id*]
# (optional) HSM Slot id
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*p11_crypto_plugin_encryption_mechanism*]
# (optional) PKCS#11 Mechanism used for encryption
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*p11_crypto_plugin_hmac_key_type*]
# (optional) PKCS#11 Key Type for key used in HMAC
# operations.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*p11_crypto_plugin_hmac_keygen_mechanism*]
# (optional) PKCS#11 Mechanism used to generate HMAC Key
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*p11_crypto_plugin_aes_gcm_generate_iv*]
# (optional) When using the CKM_AES_GCM mechanism, this option
# specifies whether the IV should be generated by Barbican.
# Setting this to false will defer IV generation to the HSM
# which is not standard but is required for some HSMs.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*p11_crypto_plugin_os_locking_ok*]
# (optional) Enable CKF_OS_LOCKING_OK flag when initializing
# the PKCS#11 client library.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*p11_crypto_plugin_always_set_cka_sensitive*]
# (optional) Always set CKA_SENSITIVE when generating keys.
# In some HSMs extractable keys cannot be marked sensitive.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*global_default*]
# (optional) set plugin as global default
@ -72,15 +72,15 @@ class barbican::plugins::p11_crypto (
$p11_crypto_plugin_mkek_label,
$p11_crypto_plugin_mkek_length,
$p11_crypto_plugin_hmac_label,
$p11_crypto_plugin_token_serial_number = $::os_service_default,
$p11_crypto_plugin_token_labels = $::os_service_default,
$p11_crypto_plugin_slot_id = $::os_service_default,
$p11_crypto_plugin_encryption_mechanism = $::os_service_default,
$p11_crypto_plugin_hmac_key_type = $::os_service_default,
$p11_crypto_plugin_hmac_keygen_mechanism = $::os_service_default,
$p11_crypto_plugin_aes_gcm_generate_iv = $::os_service_default,
$p11_crypto_plugin_os_locking_ok = $::os_service_default,
$p11_crypto_plugin_always_set_cka_sensitive = $::os_service_default,
$p11_crypto_plugin_token_serial_number = $facts['os_service_default'],
$p11_crypto_plugin_token_labels = $facts['os_service_default'],
$p11_crypto_plugin_slot_id = $facts['os_service_default'],
$p11_crypto_plugin_encryption_mechanism = $facts['os_service_default'],
$p11_crypto_plugin_hmac_key_type = $facts['os_service_default'],
$p11_crypto_plugin_hmac_keygen_mechanism = $facts['os_service_default'],
$p11_crypto_plugin_aes_gcm_generate_iv = $facts['os_service_default'],
$p11_crypto_plugin_os_locking_ok = $facts['os_service_default'],
$p11_crypto_plugin_always_set_cka_sensitive = $facts['os_service_default'],
$global_default = false,
) {

4
manifests/plugins/simple_crypto.pp
View File

@ -6,14 +6,14 @@
#
# [*simple_crypto_plugin_kek*]
# (optional) Key encryption key to be used by Simple Crypto Plugin.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*global_default*]
# (optional) set plugin as global default
# Defaults to false
#
class barbican::plugins::simple_crypto (
$simple_crypto_plugin_kek = $::os_service_default,
$simple_crypto_plugin_kek = $facts['os_service_default'],
$global_default = false,
) {

24
manifests/plugins/vault.pp
View File

@ -6,23 +6,23 @@
#
# [*vault_url*]
# (optional) The Vault URL.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*root_token_id*]
# (optional) Vault Root Token ID.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*approle_role_id*]
# (optional) Set the approle role ID.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*approle_secret_id*]
# (optional) Set the approle secret ID.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*kv_mountpoint*]
# (optional) Set the mountpoint of the KV.
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*use_ssl*]
# (optional) Enable or disable SSL
@ -30,20 +30,20 @@
#
# [*ssl_ca_crt_file*]
# (optional) Set the ssl CA cert file
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*global_default*]
# (optional) set plugin as global default
# Defaults to false
#
class barbican::plugins::vault (
$vault_url = $::os_service_default,
$root_token_id = $::os_service_default,
$approle_role_id = $::os_service_default,
$approle_secret_id = $::os_service_default,
$kv_mountpoint = $::os_service_default,
$vault_url = $facts['os_service_default'],
$root_token_id = $facts['os_service_default'],
$approle_role_id = $facts['os_service_default'],
$approle_secret_id = $facts['os_service_default'],
$kv_mountpoint = $facts['os_service_default'],
$use_ssl = false,
$ssl_ca_crt_file = $::os_service_default,
$ssl_ca_crt_file = $facts['os_service_default'],
$global_default = false,
) {

16
manifests/policy.pp
View File

@ -6,12 +6,12 @@
#
# [*enforce_scope*]
# (Optional) Whether or not to enforce scope when evaluating policies.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*enforce_new_defaults*]
# (Optional) Whether or not to use old deprecated defaults when evaluating
# policies.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*policies*]
# (Optional) Set of policies to configure for barbican
@ -34,11 +34,11 @@
#
# [*policy_default_rule*]
# (Optional) Default rule. Enforced when a requested rule is not found.
# Defaults to $::os_service_default.
# Defaults to $facts['os_service_default'].
#
# [*policy_dirs*]
# (Optional) Path to the barbican policy folder
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*purge_config*]
# (optional) Whether to set only the specified policy rules in the policy
@ -46,12 +46,12 @@
# Defaults to false.
#
class barbican::policy (
$enforce_scope = $::os_service_default,
$enforce_new_defaults = $::os_service_default,
$enforce_scope = $facts['os_service_default'],
$enforce_new_defaults = $facts['os_service_default'],
$policies = {},
$policy_path = '/etc/barbican/policy.yaml',
$policy_default_rule = $::os_service_default,
$policy_dirs = $::os_service_default,
$policy_default_rule = $facts['os_service_default'],
$policy_dirs = $facts['os_service_default'],
$purge_config = false,
) {

20
manifests/quota.pp
View File

@ -6,30 +6,30 @@
#
# [*quota_secrets*]
# (optional) default number of secrets allowed per project
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*quota_orders*]
# (optional) default number of orders allowed per project
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*quota_containers*]
# (optional) default number of containers allowed per project
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*quota_consumers*]
# (optional) default number of consumers allowed per project
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*quota_cas*]
# (optional) default number of CAs allowed per project
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
class barbican::quota (
$quota_secrets = $::os_service_default,
$quota_orders = $::os_service_default,
$quota_containers = $::os_service_default,
$quota_consumers = $::os_service_default,
$quota_cas = $::os_service_default,
$quota_secrets = $facts['os_service_default'],
$quota_orders = $facts['os_service_default'],
$quota_containers = $facts['os_service_default'],
$quota_consumers = $facts['os_service_default'],
$quota_cas = $facts['os_service_default'],
) {
include barbican::deps

10
manifests/retry_scheduler.pp
View File

@ -18,18 +18,18 @@
#
# [*initial_delay_seconds*]
# (optional) Seconds (float) to wait before starting retry scheduler
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
# [*periodic_interval_max_seconds*]
# (optional) Seconds (float) to wait between starting retry scheduler
# Defaults to $::os_service_default
# Defaults to $facts['os_service_default']
#
class barbican::retry_scheduler (
$package_ensure = 'present',
$manage_service = true,
$enabled = true,
$initial_delay_seconds = $::os_service_default,
$periodic_interval_max_seconds = $::os_service_default,
$initial_delay_seconds = $facts['os_service_default'],
$periodic_interval_max_seconds = $facts['os_service_default'],
){
include barbican::deps
@ -40,7 +40,7 @@ class barbican::retry_scheduler (
'retry_scheduler/periodic_interval_max_seconds': value => $periodic_interval_max_seconds;
}
case $::osfamily {
case $facts['os']['family'] {
'RedHat': {
package { 'barbican-retry':
ensure => $package_ensure,

8
manifests/wsgi/apache.pp
View File

@ -11,7 +11,7 @@
#
# [*servername*]
# (Optional) The servername for the virtualhost.
# Defaults to $::fqdn
# Defaults to $facts['networking']['fqdn']
#
# [*port*]
# (Optional) The port.
@ -31,7 +31,7 @@
#
# [*workers*]
# (Optional) Number of WSGI workers to spawn.
# Defaults to $::os_workers
# Defaults to $facts['os_workers']
#
# [*priority*]
# (Optional) The priority for the vhost.
@ -115,12 +115,12 @@
# Copyright 2015 Red Hat Inc. <licensing@redhat.com>
#
class barbican::wsgi::apache (
$servername = $::fqdn,
$servername = $facts['networking']['fqdn'],
$port = 9311,
$bind_host = undef,
$path = '/',
$ssl = false,
$workers = $::os_workers,
$workers = $facts['os_workers'],
$ssl_cert = undef,
$ssl_key = undef,
$ssl_chain = undef,

6
manifests/wsgi/uwsgi.pp
View File

@ -11,7 +11,7 @@
#
# [*processes*]
# (Optional) Number of processes.
# Defaults to $::os_workers.
# Defaults to $facts['os_workers'].
#
# [*threads*]
# (Optional) Number of threads.
@ -22,14 +22,14 @@
# Defaults to 100
#
class barbican::wsgi::uwsgi (
$processes = $::os_workers,
$processes = $facts['os_workers'],
$threads = 32,
$listen_queue_size = 100,
){
include barbican::deps
if $::operatingsystem != 'Debian'{
if $facts['os']['name'] != 'Debian'{
warning('This class is only valid for Debian, as other operating systems are not using uwsgi by default.')
}

6
spec/classes/barbican_api_logging_spec.rb
View File

@ -146,11 +146,7 @@ describe 'barbican::api::logging' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
facts.merge(OSDefaults.get_facts())
end
it_configures 'barbican-api-logging'

12
spec/classes/barbican_api_spec.rb
View File

@ -129,10 +129,6 @@ describe 'barbican::api' do
default_params.merge(param_set)
end
let :host_ref do
"http://${::fqdn}:$param_hash[:bind_port]"
end
it { is_expected.to contain_class('barbican::deps') }
it { is_expected.to contain_class('barbican::db') }
it { is_expected.to contain_class('barbican::policy') }
@ -295,14 +291,10 @@ describe 'barbican::api' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 7,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
facts.merge(OSDefaults.get_facts())
end
case facts[:osfamily]
case facts[:os]['family']
when 'RedHat'
let (:platform_params) do
{ :service_name => 'openstack-barbican-api' }

6
spec/classes/barbican_client_spec.rb
View File

@ -53,13 +53,11 @@ describe 'barbican::client' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:fqdn => 'some.host.tld',
}))
facts.merge(OSDefaults.get_facts())
end
let(:platform_params) do
case facts[:osfamily]
case facts[:os]['family']
when 'Debian'
{ :client_package_name => 'python3-barbicanclient' }
when 'RedHat'

6
spec/classes/barbican_db_mysql_spec.rb
View File

@ -81,11 +81,7 @@ describe 'barbican::db::mysql' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
facts.merge(OSDefaults.get_facts())
end
it_configures 'barbican db mysql'

6
spec/classes/barbican_db_spec.rb
View File

@ -74,11 +74,7 @@ describe 'barbican::db' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
facts.merge(OSDefaults.get_facts())
end
it_behaves_like 'barbican::db'

5
spec/classes/barbican_db_sync_spec.rb
View File

@ -89,10 +89,7 @@ describe 'barbican::db::sync' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:os_workers => 8,
:concat_basedir => '/var/lib/puppet/concat'
}))
facts.merge(OSDefaults.get_facts())
end
it_configures 'barbican-dbsync'

2
spec/classes/barbican_init_spec.rb
View File

@ -36,7 +36,7 @@ describe 'barbican' do
end
let(:platform_params) do
case facts[:osfamily]
case facts[:os]['family']
when 'Debian'
{ :barbican_common_package => 'barbican-common' }
when 'RedHat'

2
spec/classes/barbican_keystone_notification_spec.rb
View File

@ -108,7 +108,7 @@ describe 'barbican::keystone::notification' do
end
let (:platform_params) do
case facts[:osfamily]
case facts[:os]['family']
when 'RedHat'
{
:keystone_listener_package_name => 'openstack-barbican-keystone-listener',

2
spec/classes/barbican_plugins_dogtag_spec.rb
View File

@ -86,7 +86,7 @@ describe 'barbican::plugins::dogtag' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts( :os_workers => '7' ))
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'barbican::plugins::dogtag'

6
spec/classes/barbican_plugins_kmip_spec.rb
View File

@ -99,11 +99,7 @@ describe 'barbican::plugins::kmip' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
facts.merge(OSDefaults.get_facts())
end
it_configures 'barbican plugins kmip'

6
spec/classes/barbican_plugins_p11_crypto_spec.rb
View File

@ -101,11 +101,7 @@ describe 'barbican::plugins::p11_crypto' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
facts.merge(OSDefaults.get_facts())
end
it_configures 'barbican plugins p11_crypto'

6
spec/classes/barbican_plugins_simple_crypto_spec.rb
View File

@ -73,11 +73,7 @@ describe 'barbican::plugins::simple_crypto' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
facts.merge(OSDefaults.get_facts())
end
it_configures 'barbican plugins simple_crypto'

6
spec/classes/barbican_plugins_vault_spec.rb
View File

@ -109,11 +109,7 @@ describe 'barbican::plugins::vault' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
facts.merge(OSDefaults.get_facts())
end
it_configures 'barbican plugins vault'

26
spec/classes/barbican_quota_spec.rb
View File

@ -24,21 +24,21 @@ describe 'barbican::quota' do
shared_examples_for 'barbican quota' do
let :default_params do
{
:quota_secrets => '<SERVICE DEFAULT>',
:quota_orders => '<SERVICE DEFAULT>',
:quota_containers => '<SERVICE DEFAULT>',
:quota_consumers => '<SERVICE DEFAULT>',
:quota_cas => '<SERVICE DEFAULT>',
:quota_secrets => '<SERVICE DEFAULT>',
:quota_orders => '<SERVICE DEFAULT>',
:quota_containers => '<SERVICE DEFAULT>',
:quota_consumers => '<SERVICE DEFAULT>',
:quota_cas => '<SERVICE DEFAULT>',
}
end
[{},
{
:quota_secrets => 100,
:quota_orders => 100,
:quota_containers => 100,
:quota_consumers => 100,
:quota_cas => 10,
:quota_secrets => 100,
:quota_orders => 100,
:quota_containers => 100,
:quota_consumers => 100,
:quota_cas => 10,
}
].each do |param_set|
@ -72,11 +72,7 @@ describe 'barbican::quota' do
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge(OSDefaults.get_facts({
:processorcount => 8,
:fqdn => 'some.host.tld',
:concat_basedir => '/var/lib/puppet/concat',
}))
facts.merge(OSDefaults.get_facts())
end
it_configures 'barbican quota'

4
spec/classes/barbican_retry_scheduler_spec.rb
View File

@ -61,7 +61,7 @@ describe 'barbican::retry_scheduler' do
end
let(:platform_params) do
case facts[:osfamily]
case facts[:os]['family']
when 'Debian'
{}
when 'RedHat'
@ -73,7 +73,7 @@ describe 'barbican::retry_scheduler' do
end
it_behaves_like 'barbican::retry_scheduler'
if facts[:osfamily] == 'RedHat'
if facts[:os]['family'] == 'RedHat'
it_behaves_like 'barbican::retry_scheduler in RedHat'
end
end

2
spec/classes/barbican_worker_spec.rb
View File

@ -76,7 +76,7 @@ describe 'barbican::worker' do
facts.merge(OSDefaults.get_facts())
end
case facts[:osfamily]
case facts[:os]['family']
when 'RedHat'
let (:platform_params) do
{

8
spec/classes/barbican_wsgi_apache_spec.rb
View File

@ -29,7 +29,7 @@ describe 'barbican::wsgi::apache' do
:group => 'barbican',
:path => '/',
:priority => 10,
:servername => facts[:fqdn],
:servername => 'foo.example.com',
:ssl => false,
:threads => 1,
:user => 'barbican',
@ -165,14 +165,12 @@ describe 'barbican::wsgi::apache' do
}).each do |os,facts|
let (:facts) do
facts.merge!(OSDefaults.get_facts({
:os_workers => 8,
:concat_basedir => '/var/lib/puppet/concat',
:fqdn => 'some.host.tld'
:os_workers => 8,
}))
end
let(:platform_params) do
case facts[:osfamily]
case facts[:os]['family']
when 'Debian'
{
:wsgi_script_path => '/usr/lib/cgi-bin/barbican',