openstack/puppet-nova
Code Issues Proposed changes

Fix missing session options for Barbican key manager

Browse Source 
Depends-on: https://review.opendev.org/960389
Change-Id: I13f86c0210ed5af39804bb5a4016f27c396ac53d
Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
This commit is contained in:
Takashi Kajinami
2025-09-18 00:52:18 +09:00
parent 5f745d39e3
commit 950dbd08d3
3 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
manifests/key_manager/barbican.pp
View File

@@ -37,6 +37,29 @@
# (Optional) The service uses service token feature when this is set as true. # (Optional) The service uses service token feature when this is set as true.
# Defaults to $facts['os_service_default'] # Defaults to $facts['os_service_default']
# #
# [*insecure*]
# (Optional) If true, explicitly allow TLS without checking server cert
# against any certificate authorities. WARNING: not recommended. Use with
# caution.
# Defaults to $facts['os_service_default']
#
# [*cafile*]
# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs
# connections.
# Defaults to $facts['os_service_default'].
#
# [*certfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $facts['os_service_default'].
#
# [*keyfile*]
# (Optional) Required if identity server requires client certificate
# Defaults to $facts['os_service_default'].
#
# [*timeout*]
# (Optional) Timeout value for connecting to barbican in seconds.
# Defaults to $facts['os_service_default']
#
class nova::key_manager::barbican ( class nova::key_manager::barbican (
$barbican_endpoint = $facts['os_service_default'], $barbican_endpoint = $facts['os_service_default'],
$barbican_api_version = $facts['os_service_default'], $barbican_api_version = $facts['os_service_default'],
@@ -46,6 +69,11 @@ class nova::key_manager::barbican (
$barbican_endpoint_type = $facts['os_service_default'], $barbican_endpoint_type = $facts['os_service_default'],
$barbican_region_name = $facts['os_service_default'], $barbican_region_name = $facts['os_service_default'],
$send_service_user_token = $facts['os_service_default'], $send_service_user_token = $facts['os_service_default'],
$insecure = $facts['os_service_default'],
$cafile = $facts['os_service_default'],
$certfile = $facts['os_service_default'],
$keyfile = $facts['os_service_default'],
$timeout = $facts['os_service_default'],
) { ) {
include nova::deps include nova::deps
@@ -64,5 +92,10 @@ class nova::key_manager::barbican (
barbican_endpoint_type => $barbican_endpoint_type, barbican_endpoint_type => $barbican_endpoint_type,
barbican_region_name => $barbican_region_name, barbican_region_name => $barbican_region_name,
send_service_user_token => $send_service_user_token, send_service_user_token => $send_service_user_token,
insecure => $insecure,
cafile => $cafile,
certfile => $certfile,
keyfile => $keyfile,
timeout => $timeout,
} }
} }

15
releasenotes/notes/key-manager-session-options-a3cf6f292d5d0879.yaml Normal file
View File

@@ -0,0 +1,15 @@
---
features:
- |
The following parameters have been added to
the ``nova::key_manager::barbican`` class.
- ``insecure``
- ``cafile``
- ``certfile``
- ``keyfile``
- ``timeout``
- |
The new ``nova::key_manager::barbican::service_user::timeout`` parameter
has been added.

15
spec/classes/nova_key_manager_barbican_spec.rb
View File

@@ -13,6 +13,11 @@ describe 'nova::key_manager::barbican' do
:barbican_endpoint_type => '<SERVICE DEFAULT>', :barbican_endpoint_type => '<SERVICE DEFAULT>',
:barbican_region_name => '<SERVICE DEFAULT>', :barbican_region_name => '<SERVICE DEFAULT>',
:send_service_user_token => '<SERVICE DEFAULT>', :send_service_user_token => '<SERVICE DEFAULT>',
:insecure => '<SERVICE DEFAULT>',
:cafile => '<SERVICE DEFAULT>',
:certfile => '<SERVICE DEFAULT>',
:keyfile => '<SERVICE DEFAULT>',
:timeout => '<SERVICE DEFAULT>',
) )
is_expected.to contain_package('cryptsetup').with( is_expected.to contain_package('cryptsetup').with(
@@ -33,6 +38,11 @@ describe 'nova::key_manager::barbican' do
:barbican_endpoint_type => 'public', :barbican_endpoint_type => 'public',
:barbican_region_name => 'regionOne', :barbican_region_name => 'regionOne',
:send_service_user_token => true, :send_service_user_token => true,
:insecure => false,
:cafile => 'cafile.pem',
:certfile => 'certfile.crt',
:keyfile => 'somekey.key',
:timeout => 60,
} }
end end
@@ -46,6 +56,11 @@ describe 'nova::key_manager::barbican' do
:barbican_endpoint_type => 'public', :barbican_endpoint_type => 'public',
:barbican_region_name => 'regionOne', :barbican_region_name => 'regionOne',
:send_service_user_token => true, :send_service_user_token => true,
:insecure => false,
:cafile => 'cafile.pem',
:certfile => 'certfile.crt',
:keyfile => 'somekey.key',
:timeout => 60,
) )
is_expected.to contain_package('cryptsetup').with( is_expected.to contain_package('cryptsetup').with(