rgw: Support Barbican integration settings

Change-Id: I8fef857c55610f33b33a3423a8ec8cebbdde078b

manifests/rgw/barbican.pp

@@ -0,0 +1,66 @@
+#
+#  Copyright (C) 2022 Red Hat
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# Author: Takashi Kajinami <tkajinam@redhat.com>
+#
+# == Define: ceph::rgw::barbican
+#
+# Configures Barbican integration of the ceph radosgw
+#
+### == Name
+# # The RGW id. An alphanumeric string uniquely identifying the RGW.
+# ( example: radosgw.gateway )
+#
+### == Parameters
+#
+# [*rgw_keystone_barbican_domain*]
+#   (Required) The name of the OpenStack domain associated with the Barbican
+#   user when using OpenStack Identity API v3.
+#
+# [*rgw_keystone_barbican_project*]
+#   (Required) The name of the OpenStack tenant associated with the Barbican
+#   user when using OpenStack Identity API v3
+#
+# [*rgw_keystone_barbican_user*]
+#   (Required) The name of the OpenStack user with access to the Barbican
+#   secrets used for Encryption.
+#
+# [*rgw_keystone_barbican_password*]
+#   (Required) The password associated with the Barbican user.
+#
+# [*rgw_barbican_url*]
+#   (Optional) URL for the Barbican server.
+#   Defaults to 'http://127.0.0.1:9311'.
+#
+define ceph::rgw::barbican (
+  $rgw_keystone_barbican_domain,
+  $rgw_keystone_barbican_project,
+  $rgw_keystone_barbican_user,
+  $rgw_keystone_barbican_password,
+  $rgw_barbican_url               = 'http://127.0.0.1:9311',
+) {
+
+  unless $name =~ /^radosgw\..+/ {
+    fail("Define name must be started with 'radosgw.'")
+  }
+
+  ceph_config {
+    "client.${name}/rgw_keystone_barbican_domain":   value => $rgw_keystone_barbican_domain;
+    "client.${name}/rgw_keystone_barbican_project":  value => $rgw_keystone_barbican_project;
+    "client.${name}/rgw_keystone_barbican_user":     value => $rgw_keystone_barbican_user;
+    "client.${name}/rgw_keystone_barbican_password": value => $rgw_keystone_barbican_password, secret => true;
+    "client.${name}/rgw_barbican_url":               value => $rgw_barbican_url;
+  }
+}

manifests/rgw/keystone.pp

@@ -15,6 +15,8 @@
 #
 # Author: Ricardo Rocha <ricardo@catalyst.net.nz>
 #
+# == Define: ceph::rgw::keystone
+#
 # Configures keystone auth/authz for the ceph radosgw.
 #
 ### == Name

releasenotes/notes/rgw-barbican-5007bb33d9b0df6a.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    The new ``ceph::rgw::barbican`` defined resource type has been added. This
+    allows managing settings for Barbican integration of Ceph Object Gateway.

spec/defines/ceph_rgw_barbican_spec.rb

@@ -0,0 +1,91 @@
+#
+# Copyright (C) 2022 Red Hat
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# Author: Takashi Kajinami <tkajinam@redhat.com>
+#
+
+require 'spec_helper'
+
+describe 'ceph::rgw::barbican' do
+  shared_examples 'ceph::rgw::barbican' do
+    context 'create with default params' do
+      let :pre_condition do
+        "include ceph::params
+         class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' }
+         class { 'ceph::repo': }
+         include ceph
+         ceph::rgw { 'radosgw.gateway': }"
+      end
+
+      let :title do
+        'radosgw.gateway'
+      end
+
+      let :params do
+        {
+          :rgw_keystone_barbican_domain   => 'default',
+          :rgw_keystone_barbican_project  => 'openstack',
+          :rgw_keystone_barbican_user     => 'rgwuser',
+          :rgw_keystone_barbican_password => '123456',
+        }
+      end
+
+      it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_barbican_domain').with_value('default') }
+      it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_barbican_project').with_value('openstack') }
+      it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_barbican_user').with_value('rgwuser') }
+      it { should contain_ceph_config('client.radosgw.gateway/rgw_keystone_barbican_password').with_value('123456').with_secret(true) }
+      it { should contain_ceph_config('client.radosgw.gateway/rgw_barbican_url').with_value('http://127.0.0.1:9311') }
+    end
+
+    context 'create with custom params' do
+      let :pre_condition do
+        "include ceph::params
+         class { 'ceph': fsid => 'd5252e7d-75bc-4083-85ed-fe51fa83f62b' }
+         class { 'ceph::repo': }
+         ceph::rgw { 'radosgw.custom': }"
+      end
+
+      let :title do
+        'radosgw.custom'
+      end
+
+      let :params do
+        {
+          :rgw_keystone_barbican_domain   => 'default',
+          :rgw_keystone_barbican_project  => 'openstack',
+          :rgw_keystone_barbican_user     => 'rgwuser',
+          :rgw_keystone_barbican_password => '123456',
+          :rgw_barbican_url               => 'http://barbican.custom:9311',
+        }
+      end
+
+      it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_barbican_domain').with_value('default') }
+      it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_barbican_project').with_value('openstack') }
+      it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_barbican_user').with_value('rgwuser') }
+      it { should contain_ceph_config('client.radosgw.custom/rgw_keystone_barbican_password').with_value('123456').with_secret(true) }
+      it { should contain_ceph_config('client.radosgw.custom/rgw_barbican_url').with_value('http://barbican.custom:9311') }
+    end
+  end
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let (:facts) do
+        facts.merge!(OSDefaults.get_facts())
+      end
+
+      it_behaves_like 'ceph::rgw::barbican'
+    end
+  end
+end