From 0f1e78d7391f7da86919aa44a0065cb631faf8c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Douglas=20Mendiz=C3=A1bal?= <dmendiza@redhat.com>
Date: Fri, 6 Nov 2020 10:54:06 -0600
Subject: [PATCH] Remove Luna HSM clients on scaledown

This patch adds a scaledown task to remove the HSM
client when a Controller node is being removed.

Depends-On: I87f7cb2435f77814169fbad3bd0814d370a546a1
Change-Id: Ia8698702c9494d4303ede4fd2955c5975ab07af9
(cherry picked from commit 144eb67ca5590c842a687285b278d1a892e9fe69)
---
 .../barbican-api-container-puppet.yaml        | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/deployment/barbican/barbican-api-container-puppet.yaml b/deployment/barbican/barbican-api-container-puppet.yaml
index e4626b9bb7..81d7ed1c4b 100644
--- a/deployment/barbican/barbican-api-container-puppet.yaml
+++ b/deployment/barbican/barbican-api-container-puppet.yaml
@@ -815,5 +815,24 @@ outputs:
                 name: virt_sandbox_use_netlink
                 persistent: yes
                 state: yes
+      scale_tasks:
+        if:
+        - lunasa_hsm_enabled
+        -
+          - name: Remove HSM clients
+            when: step|int == 1
+            tags: down
+            block:
+              - name: Remove client from HSM
+                import_role:
+                  name: lunasa_hsm
+                  tasks_from: unregister_client
+                delegate_to: undercloud
+                vars:
+                  - map_merge:
+                    - {get_param: LunasaVars}
+                    - lunasa_client_pin: {get_param: BarbicanPkcs11CryptoLogin}
+                    - client_name: "{{ fqdn_canonical }}"
+        - null
       metadata_settings:
         get_attr: [ApacheServiceBase, role_data, metadata_settings]