openstack/puppet-barbican
Code Issues Proposed changes
fc7aa2fa56
puppet-barbican/manifests/plugins/kmip.pp
Takashi Kajinami 729f5d286c Replace legacy facts and use fact hash 
... because the latest lint no longer allows usage of legacy facts and
top scope fact.

Change-Id: I6e76d095bb0f78ef4962f1150da94e4d4153a374
2023-03-01 16:51:25 +09:00

86 lines
2.7 KiB
Puppet
Raw Blame History

# == Class: barbican::plugins::kmip
#
# Sets up Barbican API kmip secret_store plugin
#
# === Parameters
#
# [*kmip_plugin_host*]
# (required) username for KMIP device
#
# [*kmip_plugin_port*]
# (required) port for KMIP device
#
# [*kmip_plugin_username*]
# (optional) username for KMIP device
# Defaults to $facts['os_service_default']
#
# [*kmip_plugin_password*]
# (optional) password for KMIP device. This parameter is required
# when the kmip_plugin_username parameter is set.
# Defaults to $facts['os_service_default']
#
# [*kmip_plugin_keyfile*]
# (optional) key file for KMIP device. This parameter is required when
# the kmip_plugin_username parameter is not set.
# Defaults to $facts['os_service_default']
#
# [*kmip_plugin_certfile*]
# (optional) cert file for KMIP device. This parameter is required when
# the kmip_plugin_username parameter is not set.
# Defaults to $facts['os_service_default']
#
# [*kmip_plugin_ca_certs*]
# (optional) ca certs file for KMIP device. This parameter is required when
# the kmip_plugin_username parameter is not set.
# Defaults to $facts['os_service_default']
#
# [*global_default*]
# (optional) set plugin as global default
# Defaults to false
#
class barbican::plugins::kmip (
$kmip_plugin_host,
$kmip_plugin_port,
$kmip_plugin_username = $facts['os_service_default'],
$kmip_plugin_password = $facts['os_service_default'],
$kmip_plugin_keyfile = $facts['os_service_default'],
$kmip_plugin_certfile = $facts['os_service_default'],
$kmip_plugin_ca_certs = $facts['os_service_default'],
$global_default = false,
) {
include barbican::deps
if !is_service_default($kmip_plugin_username) {
if is_service_default($kmip_plugin_password) {
fail('kmip_plugin_password must be defined if kmip_plugin_username is defined')
}
} else {
if is_service_default($kmip_plugin_certfile) {
fail('kmip_plugin_certfile must be defined')
}
if is_service_default($kmip_plugin_keyfile) {
fail('kmip_plugin_keyfile must be defined')
}
if is_service_default($kmip_plugin_ca_certs) {
fail('kmip_plugin_ca_certs must be defined')
}
}
barbican_config {
'kmip_plugin/username': value => $kmip_plugin_username;
'kmip_plugin/password': value => $kmip_plugin_password, secret => true;
'kmip_plugin/keyfile': value => $kmip_plugin_keyfile;
'kmip_plugin/certfile': value => $kmip_plugin_certfile;
'kmip_plugin/ca_certs': value => $kmip_plugin_ca_certs;
'kmip_plugin/host': value => $kmip_plugin_host;
'kmip_plugin/port': value => $kmip_plugin_port;
}
barbican_config {
'secretstore:kmip/secret_store_plugin': value => 'kmip_plugin';
'secretstore:kmip/global_default': value => $global_default;
}
}
View Git Blame Copy Permalink