Add parameters for Barbican for image signing
Change-Id: I9e87e7b927fa595d05e1ac872fa1aa1cbe40e5eb
This commit is contained in:
parent
26c38c1bd2
commit
9d5c6a43ee
|
@ -275,6 +275,21 @@
|
||||||
# (optional) Maximum number of results that could be returned by a request
|
# (optional) Maximum number of results that could be returned by a request
|
||||||
# Default: $::os_service_default.
|
# Default: $::os_service_default.
|
||||||
#
|
#
|
||||||
|
# [*keymgr_backend*]
|
||||||
|
# (optional) Key Manager service class.
|
||||||
|
# Example of valid value: castellan.key_manager.barbican_key_manager.BarbicanKeyManager
|
||||||
|
# Defaults to undef.
|
||||||
|
#
|
||||||
|
# [*keymgr_encryption_api_url*]
|
||||||
|
# (optional) Key Manager service URL
|
||||||
|
# Example of valid value: https://localhost:9311/v1
|
||||||
|
# Defaults to undef
|
||||||
|
#
|
||||||
|
# [*keymgr_encryption_auth_url*]
|
||||||
|
# (optional) Auth URL for keymgr authentication. Should be in format
|
||||||
|
# http://auth_url:5000/v3
|
||||||
|
# Defaults to undef
|
||||||
|
#
|
||||||
# === deprecated parameters:
|
# === deprecated parameters:
|
||||||
#
|
#
|
||||||
# [*known_stores*]
|
# [*known_stores*]
|
||||||
|
@ -344,6 +359,9 @@ class glance::api(
|
||||||
$validation_options = {},
|
$validation_options = {},
|
||||||
$limit_param_default = $::os_service_default,
|
$limit_param_default = $::os_service_default,
|
||||||
$api_limit_max = $::os_service_default,
|
$api_limit_max = $::os_service_default,
|
||||||
|
$keymgr_backend = undef,
|
||||||
|
$keymgr_encryption_api_url = undef,
|
||||||
|
$keymgr_encryption_auth_url = undef,
|
||||||
# DEPRECATED PARAMETERS
|
# DEPRECATED PARAMETERS
|
||||||
$known_stores = false,
|
$known_stores = false,
|
||||||
) inherits glance {
|
) inherits glance {
|
||||||
|
@ -502,6 +520,14 @@ class glance::api(
|
||||||
'DEFAULT/registry_client_key_file': value => $registry_client_key_file;
|
'DEFAULT/registry_client_key_file': value => $registry_client_key_file;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if $keymgr_backend {
|
||||||
|
glance_api_config {
|
||||||
|
'key_manager/backend': value => $keymgr_backend;
|
||||||
|
'barbican/barbican_endpoint': value => $keymgr_encryption_api_url;
|
||||||
|
'barbican/auth_endpoint': value => $keymgr_encryption_auth_url;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if $manage_service {
|
if $manage_service {
|
||||||
if $enabled {
|
if $enabled {
|
||||||
$service_ensure = 'running'
|
$service_ensure = 'running'
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- Add new options glance::api::keymgr_* to allow
|
||||||
|
glance-api to interact with Barbican to store and
|
||||||
|
retrieve secrets for features like image signing.
|
|
@ -387,6 +387,21 @@ describe 'glance::api' do
|
||||||
)}
|
)}
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'with barbican parameters' do
|
||||||
|
let :params do
|
||||||
|
default_params.merge!({
|
||||||
|
:keymgr_backend => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
|
||||||
|
:keymgr_encryption_api_url => 'https://localhost:9311/v1',
|
||||||
|
:keymgr_encryption_auth_url => 'https://localhost:5000/v3',
|
||||||
|
})
|
||||||
|
end
|
||||||
|
it 'should set keymgr parameters' do
|
||||||
|
is_expected.to contain_glance_api_config('key_manager/backend').with_value('castellan.key_manager.barbican_key_manager.BarbicanKeyManager')
|
||||||
|
is_expected.to contain_glance_api_config('barbican/barbican_endpoint').with_value('https://localhost:9311/v1')
|
||||||
|
is_expected.to contain_glance_api_config('barbican/auth_endpoint').with_value('https://localhost:5000/v3')
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
shared_examples_for 'glance::api Debian' do
|
shared_examples_for 'glance::api Debian' do
|
||||||
|
|
Loading…
Reference in New Issue