Support audit middleware options

Barbican provides the optional pipeline with audit middleware enabled. Add the new class to manage audit middleware options so that users can manage the required options with the middleware enabled. Depends-on: https://review.opendev.org/957837 Change-Id: If4d6e25349dfc07a8e7207f909df5f7ee319fb76 Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
2025-08-19 15:47:17 +09:00
parent 0e63555bd2
commit f24356b230
3 changed files with 80 additions and 0 deletions
--- a/manifests/audit.pp
+++ b/manifests/audit.pp
@@ -0,0 +1,27 @@
+# == Class: barbican::audit
+#
+# Configure audit middleware options
+#
+# == Params
+#
+# [*audit_map_file*]
+#   (Optional) Path to audit map file.
+#   Defaults to $facts['os_service_default']
+#
+# [*ignore_req_list*]
+#   (Optional) List of REST API HTTP methods to be ignored during audit
+#   logging.
+#   Defaults to $facts['os_service_default']
+#
+class barbican::audit (
+  $audit_map_file  = $facts['os_service_default'],
+  $ignore_req_list = $facts['os_service_default'],
+) {
+
+  include barbican::deps
+
+  oslo::audit { 'barbican_config':
+    audit_map_file  => $audit_map_file,
+    ignore_req_list => $ignore_req_list,
+  }
+}
--- a/releasenotes/notes/audit-9145ddba16d96c5d.yaml
+++ b/releasenotes/notes/audit-9145ddba16d96c5d.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    The new ``barbican::audit`` class has been added.
--- a/spec/classes/barbican_audit_spec.rb
+++ b/spec/classes/barbican_audit_spec.rb
@@ -0,0 +1,49 @@
+require 'spec_helper'
+
+describe 'barbican::audit' do
+
+  shared_examples_for 'barbican::audit' do
+
+    context 'with default parameters' do
+      let :params do
+        {}
+      end
+
+      it 'configures default values' do
+        is_expected.to contain_oslo__audit('barbican_config').with(
+          :audit_map_file  => '<SERVICE DEFAULT>',
+          :ignore_req_list => '<SERVICE DEFAULT>',
+        )
+      end
+    end
+
+    context 'with specific parameters' do
+      let :params do
+        {
+          :audit_map_file  => '/etc/barbican/api_audit_map.conf',
+          :ignore_req_list => ['GET', 'POST'],
+        }
+      end
+
+      it 'configures specified values' do
+        is_expected.to contain_oslo__audit('barbican_config').with(
+          :audit_map_file  => '/etc/barbican/api_audit_map.conf',
+          :ignore_req_list => ['GET', 'POST'],
+        )
+      end
+    end
+  end
+
+  on_supported_os({
+    :supported_os   => OSDefaults.get_supported_os
+  }).each do |os,facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_configures 'barbican::audit'
+    end
+  end
+
+end