Set simple crypto plugin as global default for Barbican

This is needed for multiple config configuration. Also, renamed the parameters in the backend to be more consistent. Change-Id: I8cb8d3cd745fbf7ddba1ce8e5347b38342afd58d
2017-12-05 01:52:33 -05:00 · 2017-12-05 01:52:33 -05:00 · 18282387c0
parent f253c0d08d
commit 18282387c0
3 changed files with 13 additions and 5 deletions
--- a/ci/environments/scenario002-multinode-containers.yaml
+++ b/ci/environments/scenario002-multinode-containers.yaml
@ -93,4 +93,5 @@ parameter_defaults:
  ZaqarManagementStore: 'sqlalchemy'
  SwiftCeilometerPipelineEnabled: false
  # For now, we hardcode it but soon it'll be generated in tripleo-common
-  SimpleCryptoKek: dGhpcnR5X3R3b19ieXRlX2tleWJsYWhibGFoYmxhaGg=
+  BarbicanSimpleCryptoKek: dGhpcnR5X3R3b19ieXRlX2tleWJsYWhibGFoYmxhaGg=
+  BarbicanSimpleCryptoGlobalDefault: true
--- a/environments/barbican-backend-simple-crypto.yaml
+++ b/environments/barbican-backend-simple-crypto.yaml
@ -5,7 +5,10 @@ parameter_defaults:
  # provide an appropriate KEK that barbican will use to encrypt secrets
  # in the database.
  #
-  # SimpleCryptoKek: The Key-Encryption-Key goes here.
+  # BarbicanSimpleCryptoKek: The Key-Encryption-Key goes here.
+  # BarbicanSimpleCryptoGlobalDefault : whether this plugin is the global default
+  #     -- defaults to false
+

 resource_registry:
  OS::TripleO::Services::BarbicanBackendSimpleCrypto: ../puppet/services/barbican-backend-simple-crypto.yaml
--- a/puppet/services/barbican-backend-simple-crypto.yaml
+++ b/puppet/services/barbican-backend-simple-crypto.yaml
@ -31,10 +31,14 @@ parameters:
    description: Mapping of service endpoint -> protocol. Typically set
                 via parameter_defaults in the resource registry.
    type: json
-  SimpleCryptoKek:
+  BarbicanSimpleCryptoKek:
    description: KEK used to encrypt secrets
    type: string
    hidden: true
+  BarbicanSimpleCryptoGlobalDefault:
+    description: Whether this plugin is the global default plugin
+    type: boolean
+    default: false

 outputs:
  role_data:
@ -42,5 +46,5 @@ outputs:
    value:
      service_name: barbican_backend_simple_crypto
      config_settings:
-        tripleo::profile::base::barbican::backends::simple_crypto_backend_enabled: true
-        barbican::plugins::simple_crypto::simple_crypto_plugin_kek: {get_param: SimpleCryptoKek}
+        barbican::plugins::simple_crypto::simple_crypto_plugin_kek: {get_param: BarbicanSimpleCryptoKek}
+        barbican::plugins::simple_crypto::global_default: {get_param: BarbicanSimpleCryptoGlobalDefault}