Add capability to configure simple-crypto backend for barbican
This introduces the ability to configure the simple crypto backend through a general backends manifest. This manifest will gather all the backends and enable the relevant configurations depending on whether they're enabled via t-h-t or not. Change-Id: I44391b91b01bc03c9773410152e117ec6bbba491
This commit is contained in:
parent
df2d147401
commit
103462e453
@ -130,10 +130,12 @@ class tripleo::profile::base::barbican::api (
|
||||
include ::tripleo::profile::base::barbican
|
||||
|
||||
if $step >= 4 or ( $step >= 3 and $sync_db ) {
|
||||
include ::tripleo::profile::base::barbican::backends
|
||||
|
||||
$oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
|
||||
class { '::barbican::api':
|
||||
sync_db => $sync_db,
|
||||
default_transport_url => os_transport_url({
|
||||
sync_db => $sync_db,
|
||||
default_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_rpc_proto,
|
||||
'hosts' => $oslomsg_rpc_hosts,
|
||||
'port' => $oslomsg_rpc_port,
|
||||
@ -141,7 +143,7 @@ class tripleo::profile::base::barbican::api (
|
||||
'password' => $oslomsg_rpc_password,
|
||||
'ssl' => $oslomsg_use_ssl_real,
|
||||
}),
|
||||
notification_transport_url => os_transport_url({
|
||||
notification_transport_url => os_transport_url({
|
||||
'transport' => $oslomsg_notify_proto,
|
||||
'hosts' => $oslomsg_notify_hosts,
|
||||
'port' => $oslomsg_notify_port,
|
||||
@ -149,6 +151,8 @@ class tripleo::profile::base::barbican::api (
|
||||
'password' => $oslomsg_notify_password,
|
||||
'ssl' => $oslomsg_use_ssl_real,
|
||||
}),
|
||||
enabled_crypto_plugins => $::tripleo::profile::base::barbican::backends::enabled_crypto_plugins,
|
||||
enabled_secretstore_plugins => $::tripleo::profile::base::barbican::backends::enabled_secretstore_plugins
|
||||
}
|
||||
include ::barbican::keystone::authtoken
|
||||
include ::barbican::api::logging
|
||||
|
48
manifests/profile/base/barbican/backends.pp
Normal file
48
manifests/profile/base/barbican/backends.pp
Normal file
@ -0,0 +1,48 @@
|
||||
# Copyright 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# == Class: tripleo::profile::base::barbican::backends
|
||||
#
|
||||
# Barbican's simple crypto plugin profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
# [*bootstrap_node*]
|
||||
# (Optional) The hostname of the node responsible for bootstrapping tasks
|
||||
# Defaults to hiera('bootstrap_nodeid')
|
||||
#
|
||||
# [*step*]
|
||||
# (Optional) The current step in deployment. See tripleo-heat-templates
|
||||
# for more details.
|
||||
# Defaults to hiera('step')
|
||||
#
|
||||
# [*simple_crypto_backend_enabled*]
|
||||
# (Optional) Whether the simple crypto backend is enabled or not. This is
|
||||
# dynamically set via t-h-t.
|
||||
# Defaults to hiera('barbican_backend_simple_crypto_enabled', false)
|
||||
#
|
||||
class tripleo::profile::base::barbican::backends (
|
||||
$simple_crypto_backend_enabled = hiera('barbican_backend_simple_crypto_enabled', false)
|
||||
) {
|
||||
if $simple_crypto_backend_enabled {
|
||||
include ::barbican::plugins::simple_crypto
|
||||
# Note that once we start adding more backends, this will be refactored to
|
||||
# create a proper lits from all the enabled plugins.
|
||||
$enabled_secretstore_plugins = 'store_crypto'
|
||||
$enabled_crypto_plugins = 'simple_crypto'
|
||||
} else {
|
||||
$enabled_secretstore_plugins = ''
|
||||
$enabled_crypto_plugins = ''
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user