Support for barbican_endpoint in kms_keymaster
This patch adds support for specifying barbican_endpoint, which is mandatory if doing a multi-region deployment with kms_keymaster. Indeed, without it, Castellan may use the wrong endpoint of the wrong cluster. Depends-On: Ib7f4219ef5fdef65e9cfd5701e28b5288741783e Change-Id: If62756770b1a3cdb4215b59aee5f368f54986706
This commit is contained in:
parent
7f1a945550
commit
3d72d3b0ea
@ -40,6 +40,13 @@
|
|||||||
# auth_url may be set according to the value of auth_uri in
|
# auth_url may be set according to the value of auth_uri in
|
||||||
# [filter:authtoken] in proxy-server.conf.
|
# [filter:authtoken] in proxy-server.conf.
|
||||||
#
|
#
|
||||||
|
# [*barbican_endpoint*]
|
||||||
|
# (Optional) String. Endpoint of the barbican service. This is useful in
|
||||||
|
# a multi-region cluster, where Castellan otherwise doesn't know in what
|
||||||
|
# region is the key. If there is only a single region in the deployment,
|
||||||
|
# this value can be set to default.
|
||||||
|
# Defaults to $facts['os_service_default'].
|
||||||
|
#
|
||||||
# [*project_domain_name*]
|
# [*project_domain_name*]
|
||||||
# (Optional) String. The project domain name may optionally be specified.
|
# (Optional) String. The project domain name may optionally be specified.
|
||||||
#
|
#
|
||||||
@ -76,6 +83,7 @@ class swift::keymaster(
|
|||||||
$project_name = 'services',
|
$project_name = 'services',
|
||||||
$project_id = $facts['os_service_default'],
|
$project_id = $facts['os_service_default'],
|
||||||
$auth_endpoint = $facts['os_service_default'],
|
$auth_endpoint = $facts['os_service_default'],
|
||||||
|
$barbican_endpoint = $facts['os_service_default'],
|
||||||
$project_domain_name = $facts['os_service_default'],
|
$project_domain_name = $facts['os_service_default'],
|
||||||
$user_domain_name = $facts['os_service_default'],
|
$user_domain_name = $facts['os_service_default'],
|
||||||
$project_domain_id = 'default',
|
$project_domain_id = 'default',
|
||||||
@ -93,6 +101,7 @@ class swift::keymaster(
|
|||||||
'kms_keymaster/project_name': value => $project_name;
|
'kms_keymaster/project_name': value => $project_name;
|
||||||
'kms_keymaster/project_id': value => $project_id;
|
'kms_keymaster/project_id': value => $project_id;
|
||||||
'kms_keymaster/auth_endpoint': value => $auth_endpoint;
|
'kms_keymaster/auth_endpoint': value => $auth_endpoint;
|
||||||
|
'kms_keymaster/barbican_endpoint': value => $barbican_endpoint;
|
||||||
'kms_keymaster/project_domain_name': value => $project_domain_name;
|
'kms_keymaster/project_domain_name': value => $project_domain_name;
|
||||||
'kms_keymaster/user_domain_name': value => $user_domain_name;
|
'kms_keymaster/user_domain_name': value => $user_domain_name;
|
||||||
'kms_keymaster/project_domain_id': value => $project_domain_id;
|
'kms_keymaster/project_domain_id': value => $project_domain_id;
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
A new parameter `barbican_endpoint` has been added to the class
|
||||||
|
`swift::keymaster`, that makes it possible to specify the
|
||||||
|
Barbican endpoint, which is needed in a multi-region deployment.
|
@ -17,6 +17,7 @@ describe 'swift::keymaster' do
|
|||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_id').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_id').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('<SERVICE DEFAULT>')
|
||||||
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/barbican_endpoint').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_name').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_name').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_name').with_value('<SERVICE DEFAULT>')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_name').with_value('<SERVICE DEFAULT>')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default')
|
||||||
@ -31,6 +32,7 @@ describe 'swift::keymaster' do
|
|||||||
:api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
|
:api_class => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
|
||||||
:key_id => 'dummy_key_id',
|
:key_id => 'dummy_key_id',
|
||||||
:auth_endpoint => 'http://127.0.0.1:5000',
|
:auth_endpoint => 'http://127.0.0.1:5000',
|
||||||
|
:barbican_endpoint => 'https://barbican.example.com/keymaster',
|
||||||
:project_name => 'barbican_swift_service',
|
:project_name => 'barbican_swift_service',
|
||||||
:project_domain_name => 'Default',
|
:project_domain_name => 'Default',
|
||||||
:user_domain_name => 'Default',
|
:user_domain_name => 'Default',
|
||||||
@ -43,6 +45,7 @@ describe 'swift::keymaster' do
|
|||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/key_id').with_value('dummy_key_id')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/key_id').with_value('dummy_key_id')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000')
|
||||||
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/barbican_endpoint').with_value('https://barbican.example.com/keymaster')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_name').with_value('Default')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_name').with_value('Default')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_name').with_value('Default')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_name').with_value('Default')
|
||||||
is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('3')
|
is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('3')
|
||||||
|
Loading…
Reference in New Issue
Block a user