Browse Source

Add parameters for Barbican for image signing

Change-Id: I9e87e7b927fa595d05e1ac872fa1aa1cbe40e5eb
tags/12.2.0^0
Ade Lee 1 year ago
parent
commit
9d5c6a43ee

+ 26
- 0
manifests/api.pp View File

@@ -275,6 +275,21 @@
275 275
 #   (optional) Maximum number of results that could be returned by a request
276 276
 #   Default: $::os_service_default.
277 277
 #
278
+# [*keymgr_backend*]
279
+#   (optional) Key Manager service class.
280
+#   Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
281
+#   Defaults to undef.
282
+#
283
+# [*keymgr_encryption_api_url*]
284
+#   (optional) Key Manager service URL
285
+#   Example of valid value: https://localhost:9311/v1
286
+#   Defaults to undef
287
+#
288
+# [*keymgr_encryption_auth_url*]
289
+#   (optional) Auth URL for keymgr authentication. Should be in format
290
+#   http://auth_url:5000/v3
291
+#   Defaults to undef
292
+#
278 293
 #  === deprecated parameters:
279 294
 #
280 295
 # [*known_stores*]
@@ -344,6 +359,9 @@ class glance::api(
344 359
   $validation_options                   = {},
345 360
   $limit_param_default                  = $::os_service_default,
346 361
   $api_limit_max                        = $::os_service_default,
362
+  $keymgr_backend                       = undef,
363
+  $keymgr_encryption_api_url            = undef,
364
+  $keymgr_encryption_auth_url           = undef,
347 365
   # DEPRECATED PARAMETERS
348 366
   $known_stores                         = false,
349 367
 ) inherits glance {
@@ -502,6 +520,14 @@ class glance::api(
502 520
     'DEFAULT/registry_client_key_file':  value => $registry_client_key_file;
503 521
   }
504 522
 
523
+  if $keymgr_backend {
524
+    glance_api_config {
525
+      'key_manager/backend':        value => $keymgr_backend;
526
+      'barbican/barbican_endpoint': value => $keymgr_encryption_api_url;
527
+      'barbican/auth_endpoint':     value => $keymgr_encryption_auth_url;
528
+    }
529
+  }
530
+
505 531
   if $manage_service {
506 532
     if $enabled {
507 533
       $service_ensure = 'running'

+ 5
- 0
releasenotes/notes/add-barbican-params-236b21da099104b1.yaml View File

@@ -0,0 +1,5 @@
1
+---
2
+features:
3
+  - Add new options glance::api::keymgr_* to allow
4
+    glance-api to interact with Barbican to store and
5
+    retrieve secrets for features like image signing.

+ 15
- 0
spec/classes/glance_api_spec.rb View File

@@ -387,6 +387,21 @@ describe 'glance::api' do
387 387
       )}
388 388
 
389 389
     end
390
+
391
+    describe 'with barbican parameters' do
392
+      let :params do
393
+        default_params.merge!({
394
+          :keymgr_backend             => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
395
+          :keymgr_encryption_api_url  => 'https://localhost:9311/v1',
396
+          :keymgr_encryption_auth_url => 'https://localhost:5000/v3',
397
+        })
398
+      end
399
+      it 'should set keymgr parameters' do
400
+        is_expected.to contain_glance_api_config('key_manager/backend').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
401
+        is_expected.to contain_glance_api_config('barbican/barbican_endpoint').with_value('https://localhost:9311/v1')
402
+        is_expected.to contain_glance_api_config('barbican/auth_endpoint').with_value('https://localhost:5000/v3')
403
+      end
404
+    end
390 405
   end
391 406
 
392 407
   shared_examples_for 'glance::api Debian' do

Loading…
Cancel
Save