Support for barbican_endpoint in kms_keymaster

This patch adds support for specifying barbican_endpoint, which is
mandatory if doing a multi-region deployment with kms_keymaster.
Indeed, without it, Castellan may use the wrong endpoint of the
wrong cluster.

Depends-On: Ib7f4219ef5fdef65e9cfd5701e28b5288741783e
Change-Id: If62756770b1a3cdb4215b59aee5f368f54986706
This commit is contained in:
Thomas Goirand 2024-06-13 11:58:18 +02:00 committed by Takashi Kajinami
parent 7f1a945550
commit 3d72d3b0ea
3 changed files with 18 additions and 0 deletions

View File

@ -40,6 +40,13 @@
# auth_url may be set according to the value of auth_uri in # auth_url may be set according to the value of auth_uri in
# [filter:authtoken] in proxy-server.conf. # [filter:authtoken] in proxy-server.conf.
# #
# [*barbican_endpoint*]
# (Optional) String. Endpoint of the barbican service. This is useful in
# a multi-region cluster, where Castellan otherwise doesn't know in what
# region is the key. If there is only a single region in the deployment,
# this value can be set to default.
# Defaults to $facts['os_service_default'].
#
# [*project_domain_name*] # [*project_domain_name*]
# (Optional) String. The project domain name may optionally be specified. # (Optional) String. The project domain name may optionally be specified.
# #
@ -76,6 +83,7 @@ class swift::keymaster(
$project_name = 'services', $project_name = 'services',
$project_id = $facts['os_service_default'], $project_id = $facts['os_service_default'],
$auth_endpoint = $facts['os_service_default'], $auth_endpoint = $facts['os_service_default'],
$barbican_endpoint = $facts['os_service_default'],
$project_domain_name = $facts['os_service_default'], $project_domain_name = $facts['os_service_default'],
$user_domain_name = $facts['os_service_default'], $user_domain_name = $facts['os_service_default'],
$project_domain_id = 'default', $project_domain_id = 'default',
@ -93,6 +101,7 @@ class swift::keymaster(
'kms_keymaster/project_name': value => $project_name; 'kms_keymaster/project_name': value => $project_name;
'kms_keymaster/project_id': value => $project_id; 'kms_keymaster/project_id': value => $project_id;
'kms_keymaster/auth_endpoint': value => $auth_endpoint; 'kms_keymaster/auth_endpoint': value => $auth_endpoint;
'kms_keymaster/barbican_endpoint': value => $barbican_endpoint;
'kms_keymaster/project_domain_name': value => $project_domain_name; 'kms_keymaster/project_domain_name': value => $project_domain_name;
'kms_keymaster/user_domain_name': value => $user_domain_name; 'kms_keymaster/user_domain_name': value => $user_domain_name;
'kms_keymaster/project_domain_id': value => $project_domain_id; 'kms_keymaster/project_domain_id': value => $project_domain_id;

View File

@ -0,0 +1,6 @@
---
features:
- |
A new parameter `barbican_endpoint` has been added to the class
`swift::keymaster`, that makes it possible to specify the
Barbican endpoint, which is needed in a multi-region deployment.

View File

@ -17,6 +17,7 @@ describe 'swift::keymaster' do
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services') is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services')
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_id').with_value('<SERVICE DEFAULT>') is_expected.to contain_swift_keymaster_config('kms_keymaster/project_id').with_value('<SERVICE DEFAULT>')
is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('<SERVICE DEFAULT>') is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('<SERVICE DEFAULT>')
is_expected.to contain_swift_keymaster_config('kms_keymaster/barbican_endpoint').with_value('<SERVICE DEFAULT>')
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_name').with_value('<SERVICE DEFAULT>') is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_name').with_value('<SERVICE DEFAULT>')
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default') is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default')
@ -31,6 +32,7 @@ describe 'swift::keymaster' do
:api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager', :api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
:key_id => 'dummy_key_id', :key_id => 'dummy_key_id',
:auth_endpoint => 'http://127.0.0.1:5000', :auth_endpoint => 'http://127.0.0.1:5000',
:barbican_endpoint => 'https://barbican.example.com/keymaster',
:project_name => 'barbican_swift_service', :project_name => 'barbican_swift_service',
:project_domain_name => 'Default', :project_domain_name => 'Default',
:user_domain_name => 'Default', :user_domain_name => 'Default',
@ -43,6 +45,7 @@ describe 'swift::keymaster' do
is_expected.to contain_swift_keymaster_config('kms_keymaster/key_id').with_value('dummy_key_id') is_expected.to contain_swift_keymaster_config('kms_keymaster/key_id').with_value('dummy_key_id')
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service') is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service')
is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000') is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000')
is_expected.to contain_swift_keymaster_config('kms_keymaster/barbican_endpoint').with_value('https://barbican.example.com/keymaster')
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_name').with_value('Default') is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_name').with_value('Default')
is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_name').with_value('Default') is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_name').with_value('Default')
is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('3') is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('3')