Support for barbican_endpoint in kms_keymaster

This patch adds support for specifying barbican_endpoint, which is mandatory if doing a multi-region deployment with kms_keymaster. Indeed, without it, Castellan may use the wrong endpoint of the wrong cluster. Depends-On: Ib7f4219ef5fdef65e9cfd5701e28b5288741783e Change-Id: If62756770b1a3cdb4215b59aee5f368f54986706
2024-06-13 11:58:18 +02:00 · 2024-06-13 11:58:18 +02:00 · 3d72d3b0ea
commit 3d72d3b0ea
parent 7f1a945550
3 changed files with 18 additions and 0 deletions
--- a/manifests/keymaster.pp
+++ b/manifests/keymaster.pp
@ -40,6 +40,13 @@
 #   auth_url may be set according to the value of auth_uri in
 #   [filter:authtoken] in proxy-server.conf.
 #
+# [*barbican_endpoint*]
+#   (Optional) String. Endpoint of the barbican service. This is useful in
+#   a multi-region cluster, where Castellan otherwise doesn't know in what
+#   region is the key. If there is only a single region in the deployment,
+#   this value can be set to default.
+#   Defaults to $facts['os_service_default'].
+#
 # [*project_domain_name*]
 #   (Optional) String. The project domain name may optionally be specified.
 #
@ -76,6 +83,7 @@ class swift::keymaster(
  $project_name          = 'services',
  $project_id            = $facts['os_service_default'],
  $auth_endpoint         = $facts['os_service_default'],
+  $barbican_endpoint     = $facts['os_service_default'],
  $project_domain_name   = $facts['os_service_default'],
  $user_domain_name      = $facts['os_service_default'],
  $project_domain_id     = 'default',
@ -93,6 +101,7 @@ class swift::keymaster(
    'kms_keymaster/project_name':          value => $project_name;
    'kms_keymaster/project_id':            value => $project_id;
    'kms_keymaster/auth_endpoint':         value => $auth_endpoint;
+    'kms_keymaster/barbican_endpoint':     value => $barbican_endpoint;
    'kms_keymaster/project_domain_name':   value => $project_domain_name;
    'kms_keymaster/user_domain_name':      value => $user_domain_name;
    'kms_keymaster/project_domain_id':     value => $project_domain_id;
--- a/releasenotes/notes/barbican-endpoint-in-keymaster-ef3fe756cbd0a735.yaml
+++ b/releasenotes/notes/barbican-endpoint-in-keymaster-ef3fe756cbd0a735.yaml
@ -0,0 +1,6 @@
+---
+features:
+  - |
+    A new parameter `barbican_endpoint` has been added to the class
+    `swift::keymaster`, that makes it possible to specify the
+    Barbican endpoint, which is needed in a multi-region deployment.
--- a/spec/classes/swift_keymaster_spec.rb
+++ b/spec/classes/swift_keymaster_spec.rb
@ -17,6 +17,7 @@ describe 'swift::keymaster' do
        is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('services')
        is_expected.to contain_swift_keymaster_config('kms_keymaster/project_id').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('<SERVICE DEFAULT>')
+        is_expected.to contain_swift_keymaster_config('kms_keymaster/barbican_endpoint').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_name').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_name').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_id').with_value('default')
@ -31,6 +32,7 @@ describe 'swift::keymaster' do
          :api_class             => 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager',
          :key_id                => 'dummy_key_id',
          :auth_endpoint         => 'http://127.0.0.1:5000',
+          :barbican_endpoint     => 'https://barbican.example.com/keymaster',
          :project_name          => 'barbican_swift_service',
          :project_domain_name   => 'Default',
          :user_domain_name      => 'Default',
@ -43,6 +45,7 @@ describe 'swift::keymaster' do
        is_expected.to contain_swift_keymaster_config('kms_keymaster/key_id').with_value('dummy_key_id')
        is_expected.to contain_swift_keymaster_config('kms_keymaster/project_name').with_value('barbican_swift_service')
        is_expected.to contain_swift_keymaster_config('kms_keymaster/auth_endpoint').with_value('http://127.0.0.1:5000')
+        is_expected.to contain_swift_keymaster_config('kms_keymaster/barbican_endpoint').with_value('https://barbican.example.com/keymaster')
        is_expected.to contain_swift_keymaster_config('kms_keymaster/project_domain_name').with_value('Default')
        is_expected.to contain_swift_keymaster_config('kms_keymaster/user_domain_name').with_value('Default')
        is_expected.to contain_swift_keymaster_config('kms_keymaster/meta_version_to_write').with_value('3')