Add capability to configure simple-crypto backend for barbican

This introduces the ability to configure the simple crypto backend
through a general backends manifest. This manifest will gather all the
backends and enable the relevant configurations depending on whether
they're enabled via t-h-t or not.

Change-Id: I44391b91b01bc03c9773410152e117ec6bbba491
This commit is contained in:
Juan Antonio Osorio Robles 2017-11-02 15:44:26 +02:00
parent df2d147401
commit 103462e453
2 changed files with 55 additions and 3 deletions

View File

@ -130,10 +130,12 @@ class tripleo::profile::base::barbican::api (
include ::tripleo::profile::base::barbican
if $step >= 4 or ( $step >= 3 and $sync_db ) {
include ::tripleo::profile::base::barbican::backends
$oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
class { '::barbican::api':
sync_db => $sync_db,
default_transport_url => os_transport_url({
sync_db => $sync_db,
default_transport_url => os_transport_url({
'transport' => $oslomsg_rpc_proto,
'hosts' => $oslomsg_rpc_hosts,
'port' => $oslomsg_rpc_port,
@ -141,7 +143,7 @@ class tripleo::profile::base::barbican::api (
'password' => $oslomsg_rpc_password,
'ssl' => $oslomsg_use_ssl_real,
}),
notification_transport_url => os_transport_url({
notification_transport_url => os_transport_url({
'transport' => $oslomsg_notify_proto,
'hosts' => $oslomsg_notify_hosts,
'port' => $oslomsg_notify_port,
@ -149,6 +151,8 @@ class tripleo::profile::base::barbican::api (
'password' => $oslomsg_notify_password,
'ssl' => $oslomsg_use_ssl_real,
}),
enabled_crypto_plugins => $::tripleo::profile::base::barbican::backends::enabled_crypto_plugins,
enabled_secretstore_plugins => $::tripleo::profile::base::barbican::backends::enabled_secretstore_plugins
}
include ::barbican::keystone::authtoken
include ::barbican::api::logging

View File

@ -0,0 +1,48 @@
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: tripleo::profile::base::barbican::backends
#
# Barbican's simple crypto plugin profile for tripleo
#
# === Parameters
#
# [*bootstrap_node*]
# (Optional) The hostname of the node responsible for bootstrapping tasks
# Defaults to hiera('bootstrap_nodeid')
#
# [*step*]
# (Optional) The current step in deployment. See tripleo-heat-templates
# for more details.
# Defaults to hiera('step')
#
# [*simple_crypto_backend_enabled*]
# (Optional) Whether the simple crypto backend is enabled or not. This is
# dynamically set via t-h-t.
# Defaults to hiera('barbican_backend_simple_crypto_enabled', false)
#
class tripleo::profile::base::barbican::backends (
$simple_crypto_backend_enabled = hiera('barbican_backend_simple_crypto_enabled', false)
) {
if $simple_crypto_backend_enabled {
include ::barbican::plugins::simple_crypto
# Note that once we start adding more backends, this will be refactored to
# create a proper lits from all the enabled plugins.
$enabled_secretstore_plugins = 'store_crypto'
$enabled_crypto_plugins = 'simple_crypto'
} else {
$enabled_secretstore_plugins = ''
$enabled_crypto_plugins = ''
}
}