From 103462e4536377258c4fc99bd99ff92551e31f82 Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Date: Thu, 2 Nov 2017 15:44:26 +0200
Subject: [PATCH] Add capability to configure simple-crypto backend for
 barbican

This introduces the ability to configure the simple crypto backend
through a general backends manifest. This manifest will gather all the
backends and enable the relevant configurations depending on whether
they're enabled via t-h-t or not.

Change-Id: I44391b91b01bc03c9773410152e117ec6bbba491
---
 manifests/profile/base/barbican/api.pp      | 10 +++--
 manifests/profile/base/barbican/backends.pp | 48 +++++++++++++++++++++
 2 files changed, 55 insertions(+), 3 deletions(-)
 create mode 100644 manifests/profile/base/barbican/backends.pp

diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp
index 48bf4b8ae..6e9c78f07 100644
--- a/manifests/profile/base/barbican/api.pp
+++ b/manifests/profile/base/barbican/api.pp
@@ -130,10 +130,12 @@ class tripleo::profile::base::barbican::api (
   include ::tripleo::profile::base::barbican
 
   if $step >= 4 or ( $step >= 3 and $sync_db ) {
+    include ::tripleo::profile::base::barbican::backends
+
     $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
     class { '::barbican::api':
-      sync_db                    => $sync_db,
-      default_transport_url      => os_transport_url({
+      sync_db                     => $sync_db,
+      default_transport_url       => os_transport_url({
         'transport' => $oslomsg_rpc_proto,
         'hosts'     => $oslomsg_rpc_hosts,
         'port'      => $oslomsg_rpc_port,
@@ -141,7 +143,7 @@ class tripleo::profile::base::barbican::api (
         'password'  => $oslomsg_rpc_password,
         'ssl'       => $oslomsg_use_ssl_real,
       }),
-      notification_transport_url => os_transport_url({
+      notification_transport_url  => os_transport_url({
         'transport' => $oslomsg_notify_proto,
         'hosts'     => $oslomsg_notify_hosts,
         'port'      => $oslomsg_notify_port,
@@ -149,6 +151,8 @@ class tripleo::profile::base::barbican::api (
         'password'  => $oslomsg_notify_password,
         'ssl'       => $oslomsg_use_ssl_real,
       }),
+      enabled_crypto_plugins      => $::tripleo::profile::base::barbican::backends::enabled_crypto_plugins,
+      enabled_secretstore_plugins => $::tripleo::profile::base::barbican::backends::enabled_secretstore_plugins
     }
     include ::barbican::keystone::authtoken
     include ::barbican::api::logging
diff --git a/manifests/profile/base/barbican/backends.pp b/manifests/profile/base/barbican/backends.pp
new file mode 100644
index 000000000..beb465c73
--- /dev/null
+++ b/manifests/profile/base/barbican/backends.pp
@@ -0,0 +1,48 @@
+# Copyright 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::barbican::backends
+#
+# Barbican's simple crypto plugin profile for tripleo
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+#   (Optional) The hostname of the node responsible for bootstrapping tasks
+#   Defaults to hiera('bootstrap_nodeid')
+#
+# [*step*]
+#   (Optional) The current step in deployment. See tripleo-heat-templates
+#   for more details.
+#   Defaults to hiera('step')
+#
+# [*simple_crypto_backend_enabled*]
+#   (Optional) Whether the simple crypto backend is enabled or not. This is
+#   dynamically set via t-h-t.
+#   Defaults to hiera('barbican_backend_simple_crypto_enabled', false)
+#
+class tripleo::profile::base::barbican::backends (
+  $simple_crypto_backend_enabled = hiera('barbican_backend_simple_crypto_enabled', false)
+) {
+  if $simple_crypto_backend_enabled {
+    include ::barbican::plugins::simple_crypto
+    # Note that once we start adding more backends, this will be refactored to
+    # create a proper lits from all the enabled plugins.
+    $enabled_secretstore_plugins = 'store_crypto'
+    $enabled_crypto_plugins = 'simple_crypto'
+  } else {
+    $enabled_secretstore_plugins = ''
+    $enabled_crypto_plugins = ''
+  }
+}