Add multiple backends for barbican
Depends-On: I8cb8d3cd745fbf7ddba1ce8e5347b38342afd58d Change-Id: I07e52897897f453382f74aa4fdaa98c37e6eca30
This commit is contained in:
parent
ce3432da8c
commit
37d64357d6
@ -151,8 +151,8 @@ class tripleo::profile::base::barbican::api (
|
||||
'password' => $oslomsg_notify_password,
|
||||
'ssl' => $oslomsg_use_ssl_real,
|
||||
}),
|
||||
enabled_crypto_plugins => $::tripleo::profile::base::barbican::backends::enabled_crypto_plugins,
|
||||
enabled_secretstore_plugins => $::tripleo::profile::base::barbican::backends::enabled_secretstore_plugins
|
||||
multiple_secret_stores_enabled => true,
|
||||
enabled_secret_stores => $::tripleo::profile::base::barbican::backends::enabled_secret_stores,
|
||||
}
|
||||
include ::barbican::keystone::authtoken
|
||||
include ::barbican::api::logging
|
||||
|
@ -14,7 +14,7 @@
|
||||
#
|
||||
# == Class: tripleo::profile::base::barbican::backends
|
||||
#
|
||||
# Barbican's simple crypto plugin profile for tripleo
|
||||
# Barbican's secret store plugin profile for tripleo
|
||||
#
|
||||
# === Parameters
|
||||
#
|
||||
@ -32,17 +32,55 @@
|
||||
# dynamically set via t-h-t.
|
||||
# Defaults to hiera('barbican_backend_simple_crypto_enabled', false)
|
||||
#
|
||||
# [*dogtag_backend_enabled*]
|
||||
# (Optional) Whether the Dogtag backend is enabled or not. This is
|
||||
# dynamically set via t-h-t.
|
||||
# Defaults to hiera('barbican_backend_dogtag_enabled', false)
|
||||
#
|
||||
# [*p11_crypto_backend_enabled*]
|
||||
# (Optional) Whether the pkcs11 crypto backend is enabled or not. This is
|
||||
# dynamically set via t-h-t.
|
||||
# Defaults to hiera('barbican_backend_pkcs11_crypto_enabled', false)
|
||||
#
|
||||
# [*kmip_backend_enabled*]
|
||||
# (Optional) Whether the KMIP backend is enabled or not. This is
|
||||
# dynamically set via t-h-t.
|
||||
# Defaults to hiera('barbican_backend_kmip_enabled', false)
|
||||
#
|
||||
class tripleo::profile::base::barbican::backends (
|
||||
$simple_crypto_backend_enabled = hiera('barbican_backend_simple_crypto_enabled', false)
|
||||
$simple_crypto_backend_enabled = hiera('barbican_backend_simple_crypto_enabled', false),
|
||||
$dogtag_backend_enabled = hiera('barbican_backend_dogtag_enabled', false),
|
||||
$p11_crypto_backend_enabled = hiera('barbican_backend_pkcs11_crypto_enabled', false),
|
||||
$kmip_backend_enabled = hiera('barbican_backend_kmip_enabled', false),
|
||||
) {
|
||||
if $simple_crypto_backend_enabled {
|
||||
include ::barbican::plugins::simple_crypto
|
||||
# Note that once we start adding more backends, this will be refactored to
|
||||
# create a proper lits from all the enabled plugins.
|
||||
$enabled_secretstore_plugins = 'store_crypto'
|
||||
$enabled_crypto_plugins = 'simple_crypto'
|
||||
$backend1 = 'simple_crypto'
|
||||
} else {
|
||||
$enabled_secretstore_plugins = ''
|
||||
$enabled_crypto_plugins = ''
|
||||
$backend1 = undef
|
||||
}
|
||||
|
||||
if $dogtag_backend_enabled {
|
||||
include ::barbican::plugins::dogtag
|
||||
$backend2 = 'dogtag'
|
||||
} else {
|
||||
$backend2 = undef
|
||||
}
|
||||
|
||||
if $p11_crypto_backend_enabled {
|
||||
include ::barbican::plugins::p11_crypto
|
||||
$backend3 = 'pkcs11'
|
||||
} else {
|
||||
$backend3 = undef
|
||||
}
|
||||
|
||||
if $kmip_backend_enabled {
|
||||
include ::barbican::plugins::kmip
|
||||
$backend4 = 'kmip'
|
||||
} else {
|
||||
$backend4 = undef
|
||||
}
|
||||
|
||||
$enabled_backends_list = [$backend1, $backend2, $backend3, $backend4].filter |$items| { $items != undef }
|
||||
$enabled_secret_stores = join($enabled_backends_list, ',')
|
||||
}
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- Added code to select plugin configuration based on tripleo heat
|
||||
template dynamic variables for each backend, depending on if the
|
||||
backend is enabled. Multiple backends can now be configured.
|
95
spec/classes/tripleo_profile_base_barbican_backends_spec.rb
Normal file
95
spec/classes/tripleo_profile_base_barbican_backends_spec.rb
Normal file
@ -0,0 +1,95 @@
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
|
||||
require 'spec_helper'
|
||||
|
||||
describe 'tripleo::profile::base::barbican::backends' do
|
||||
shared_examples_for 'tripleo::profile::base::barbican::backends' do
|
||||
context 'with simple_crypto plugin only enabled' do
|
||||
let(:params) { { :simple_crypto_backend_enabled => true } }
|
||||
it 'should configure simple_crypto' do
|
||||
is_expected.to contain_class('barbican::plugins::simple_crypto')
|
||||
expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('simple_crypto')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with dogtag plugin only enabled' do
|
||||
let(:params) { { :dogtag_backend_enabled => true } }
|
||||
it 'should configure dogtag backend' do
|
||||
is_expected.to contain_class('barbican::plugins::dogtag')
|
||||
expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('dogtag')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with p11_crypto plugin only enabled' do
|
||||
let(:params) { { :p11_crypto_backend_enabled => true } }
|
||||
it 'should configure p11_crypto' do
|
||||
is_expected.to contain_class('barbican::plugins::p11_crypto')
|
||||
expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('pkcs11')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with kmip plugin only enabled' do
|
||||
let(:params) { { :kmip_backend_enabled => true } }
|
||||
it 'should configure kmip' do
|
||||
is_expected.to contain_class('barbican::plugins::kmip')
|
||||
expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('kmip')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with simple_crypto and dogtag enabled' do
|
||||
let(:params) { {
|
||||
:simple_crypto_backend_enabled => true,
|
||||
:dogtag_backend_enabled => true,
|
||||
} }
|
||||
it 'should configure simple_crypto and dogtag' do
|
||||
is_expected.to contain_class('barbican::plugins::simple_crypto')
|
||||
is_expected.to contain_class('barbican::plugins::dogtag')
|
||||
expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('simple_crypto,dogtag')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with simple_crypto plugin and p11_crypto enabled' do
|
||||
let(:params) { {
|
||||
:simple_crypto_backend_enabled => true,
|
||||
:p11_crypto_backend_enabled => true,
|
||||
} }
|
||||
it 'should configure simple_crypto and p11_crypto' do
|
||||
is_expected.to contain_class('barbican::plugins::simple_crypto')
|
||||
is_expected.to contain_class('barbican::plugins::p11_crypto')
|
||||
expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('simple_crypto,pkcs11')
|
||||
end
|
||||
end
|
||||
|
||||
context 'with all plugins enabled' do
|
||||
let(:params) { {
|
||||
:simple_crypto_backend_enabled => true,
|
||||
:p11_crypto_backend_enabled => true,
|
||||
:dogtag_backend_enabled => true,
|
||||
:kmip_backend_enabled => true,
|
||||
} }
|
||||
it 'should configure all plugins' do
|
||||
is_expected.to contain_class('barbican::plugins::simple_crypto')
|
||||
is_expected.to contain_class('barbican::plugins::p11_crypto')
|
||||
is_expected.to contain_class('barbican::plugins::dogtag')
|
||||
is_expected.to contain_class('barbican::plugins::kmip')
|
||||
expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be(
|
||||
'simple_crypto,dogtag,pkcs11,kmip')
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
Loading…
x
Reference in New Issue
Block a user