Add multiple backends for barbican

Depends-On: I8cb8d3cd745fbf7ddba1ce8e5347b38342afd58d
Change-Id: I07e52897897f453382f74aa4fdaa98c37e6eca30

manifests/profile/base/barbican/api.pp

@@ -134,8 +134,8 @@ class tripleo::profile::base::barbican::api (
 
     $oslomsg_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_use_ssl)))
     class { '::barbican::api':
-      sync_db                     => $sync_db,
+      sync_db                        => $sync_db,
-      default_transport_url       => os_transport_url({
+      default_transport_url          => os_transport_url({
         'transport' => $oslomsg_rpc_proto,
         'hosts'     => $oslomsg_rpc_hosts,
         'port'      => $oslomsg_rpc_port,
@@ -143,7 +143,7 @@ class tripleo::profile::base::barbican::api (
         'password'  => $oslomsg_rpc_password,
         'ssl'       => $oslomsg_use_ssl_real,
       }),
-      notification_transport_url  => os_transport_url({
+      notification_transport_url     => os_transport_url({
         'transport' => $oslomsg_notify_proto,
         'hosts'     => $oslomsg_notify_hosts,
         'port'      => $oslomsg_notify_port,
@@ -151,8 +151,8 @@ class tripleo::profile::base::barbican::api (
         'password'  => $oslomsg_notify_password,
         'ssl'       => $oslomsg_use_ssl_real,
       }),
-      enabled_crypto_plugins      => $::tripleo::profile::base::barbican::backends::enabled_crypto_plugins,
+      multiple_secret_stores_enabled => true,
-      enabled_secretstore_plugins => $::tripleo::profile::base::barbican::backends::enabled_secretstore_plugins
+      enabled_secret_stores          => $::tripleo::profile::base::barbican::backends::enabled_secret_stores,
     }
     include ::barbican::keystone::authtoken
     include ::barbican::api::logging

manifests/profile/base/barbican/backends.pp

@@ -14,7 +14,7 @@
 #
 # == Class: tripleo::profile::base::barbican::backends
 #
-# Barbican's simple crypto plugin profile for tripleo
+# Barbican's secret store plugin profile for tripleo
 #
 # === Parameters
 #
@@ -32,17 +32,55 @@
 #   dynamically set via t-h-t.
 #   Defaults to hiera('barbican_backend_simple_crypto_enabled', false)
 #
+# [*dogtag_backend_enabled*]
+#   (Optional) Whether the Dogtag backend is enabled or not. This is
+#   dynamically set via t-h-t.
+#   Defaults to hiera('barbican_backend_dogtag_enabled', false)
+#
+# [*p11_crypto_backend_enabled*]
+#   (Optional) Whether the pkcs11 crypto backend is enabled or not. This is
+#   dynamically set via t-h-t.
+#   Defaults to hiera('barbican_backend_pkcs11_crypto_enabled', false)
+#
+# [*kmip_backend_enabled*]
+#   (Optional) Whether the KMIP backend is enabled or not. This is
+#   dynamically set via t-h-t.
+#   Defaults to hiera('barbican_backend_kmip_enabled', false)
+#
 class tripleo::profile::base::barbican::backends (
-  $simple_crypto_backend_enabled = hiera('barbican_backend_simple_crypto_enabled', false)
+  $simple_crypto_backend_enabled = hiera('barbican_backend_simple_crypto_enabled', false),
+  $dogtag_backend_enabled        = hiera('barbican_backend_dogtag_enabled', false),
+  $p11_crypto_backend_enabled    = hiera('barbican_backend_pkcs11_crypto_enabled', false),
+  $kmip_backend_enabled          = hiera('barbican_backend_kmip_enabled', false),
 ) {
   if $simple_crypto_backend_enabled {
     include ::barbican::plugins::simple_crypto
-    # Note that once we start adding more backends, this will be refactored to
+    $backend1 = 'simple_crypto'
-    # create a proper lits from all the enabled plugins.
-    $enabled_secretstore_plugins = 'store_crypto'
-    $enabled_crypto_plugins = 'simple_crypto'
   } else {
-    $enabled_secretstore_plugins = ''
+    $backend1 = undef
-    $enabled_crypto_plugins = ''
   }
+
+  if $dogtag_backend_enabled {
+    include ::barbican::plugins::dogtag
+    $backend2 = 'dogtag'
+  } else {
+    $backend2 = undef
+  }
+
+  if $p11_crypto_backend_enabled {
+    include ::barbican::plugins::p11_crypto
+    $backend3 = 'pkcs11'
+  } else {
+    $backend3 = undef
+  }
+
+  if $kmip_backend_enabled {
+    include ::barbican::plugins::kmip
+    $backend4 = 'kmip'
+  } else {
+    $backend4 = undef
+  }
+
+  $enabled_backends_list = [$backend1, $backend2, $backend3, $backend4].filter |$items| { $items != undef }
+  $enabled_secret_stores = join($enabled_backends_list, ',')
 }

releasenotes/notes/add-barbican-backends-2412df7eef07038e.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - Added code to select plugin configuration based on tripleo heat
+    template dynamic variables for each backend, depending on if the
+    backend is enabled.  Multiple backends can now be configured.

spec/classes/tripleo_profile_base_barbican_backends_spec.rb

@@ -0,0 +1,95 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::barbican::backends' do
+  shared_examples_for 'tripleo::profile::base::barbican::backends' do
+    context 'with simple_crypto plugin only enabled' do
+      let(:params) { { :simple_crypto_backend_enabled => true } }
+      it 'should configure simple_crypto' do
+        is_expected.to contain_class('barbican::plugins::simple_crypto')
+        expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('simple_crypto')
+      end
+    end
+
+    context 'with dogtag plugin only enabled' do
+      let(:params) { { :dogtag_backend_enabled => true } }
+      it 'should configure dogtag backend' do
+        is_expected.to contain_class('barbican::plugins::dogtag')
+        expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('dogtag')
+      end
+    end
+
+    context 'with p11_crypto plugin only enabled' do
+      let(:params) { { :p11_crypto_backend_enabled => true } }
+      it 'should configure p11_crypto' do
+        is_expected.to contain_class('barbican::plugins::p11_crypto')
+        expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('pkcs11')
+      end
+    end
+
+    context 'with kmip plugin only enabled' do
+      let(:params) { { :kmip_backend_enabled => true } }
+      it 'should configure kmip' do
+        is_expected.to contain_class('barbican::plugins::kmip')
+        expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('kmip')
+      end
+    end
+
+    context 'with simple_crypto and dogtag enabled' do
+      let(:params) { {
+        :simple_crypto_backend_enabled => true,
+        :dogtag_backend_enabled => true,
+      } }
+      it 'should configure simple_crypto and dogtag' do
+        is_expected.to contain_class('barbican::plugins::simple_crypto')
+        is_expected.to contain_class('barbican::plugins::dogtag')
+        expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('simple_crypto,dogtag')
+      end
+    end
+
+    context 'with simple_crypto plugin and p11_crypto enabled' do
+      let(:params) { {
+        :simple_crypto_backend_enabled => true,
+        :p11_crypto_backend_enabled => true,
+      } }
+      it 'should configure simple_crypto and p11_crypto' do
+        is_expected.to contain_class('barbican::plugins::simple_crypto')
+        is_expected.to contain_class('barbican::plugins::p11_crypto')
+        expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('simple_crypto,pkcs11')
+      end
+    end
+
+    context 'with all plugins enabled' do
+      let(:params) { {
+        :simple_crypto_backend_enabled => true,
+        :p11_crypto_backend_enabled => true,
+        :dogtag_backend_enabled => true,
+        :kmip_backend_enabled => true,
+      } }
+      it 'should configure all plugins' do
+        is_expected.to contain_class('barbican::plugins::simple_crypto')
+        is_expected.to contain_class('barbican::plugins::p11_crypto')
+        is_expected.to contain_class('barbican::plugins::dogtag')
+        is_expected.to contain_class('barbican::plugins::kmip')
+        expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be(
+         'simple_crypto,dogtag,pkcs11,kmip')
+      end
+    end
+
+  end
+end