openstack/tripleo-heat-templates
Code Issues Proposed changes

Merge "Set simple crypto plugin as global default for Barbican"

Browse Source
This commit is contained in:
Zuul 2017-12-07 22:58:06 +00:00 committed by Gerrit Code Review
commit bc84846239
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ci/environments/scenario002-multinode-containers.yaml
View File

@ -93,4 +93,5 @@ parameter_defaults:
ZaqarManagementStore: 'sqlalchemy' ZaqarManagementStore: 'sqlalchemy'
SwiftCeilometerPipelineEnabled: false SwiftCeilometerPipelineEnabled: false
# For now, we hardcode it but soon it'll be generated in tripleo-common # For now, we hardcode it but soon it'll be generated in tripleo-common
SimpleCryptoKek: dGhpcnR5X3R3b19ieXRlX2tleWJsYWhibGFoYmxhaGg= BarbicanSimpleCryptoKek: dGhpcnR5X3R3b19ieXRlX2tleWJsYWhibGFoYmxhaGg=
BarbicanSimpleCryptoGlobalDefault: true

5
environments/barbican-backend-simple-crypto.yaml
View File

@ -5,7 +5,10 @@ parameter_defaults:
# provide an appropriate KEK that barbican will use to encrypt secrets # provide an appropriate KEK that barbican will use to encrypt secrets
# in the database. # in the database.
# #
# SimpleCryptoKek: The Key-Encryption-Key goes here. # BarbicanSimpleCryptoKek: The Key-Encryption-Key goes here.
# BarbicanSimpleCryptoGlobalDefault : whether this plugin is the global default
# -- defaults to false
resource_registry: resource_registry:
OS::TripleO::Services::BarbicanBackendSimpleCrypto: ../puppet/services/barbican-backend-simple-crypto.yaml OS::TripleO::Services::BarbicanBackendSimpleCrypto: ../puppet/services/barbican-backend-simple-crypto.yaml

10
puppet/services/barbican-backend-simple-crypto.yaml
View File

@ -31,10 +31,14 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry. via parameter_defaults in the resource registry.
type: json type: json
SimpleCryptoKek: BarbicanSimpleCryptoKek:
description: KEK used to encrypt secrets description: KEK used to encrypt secrets
type: string type: string
hidden: true hidden: true
BarbicanSimpleCryptoGlobalDefault:
description: Whether this plugin is the global default plugin
type: boolean
default: false
outputs: outputs:
role_data: role_data:
@ -42,5 +46,5 @@ outputs:
value: value:
service_name: barbican_backend_simple_crypto service_name: barbican_backend_simple_crypto
config_settings: config_settings:
tripleo::profile::base::barbican::backends::simple_crypto_backend_enabled: true barbican::plugins::simple_crypto::simple_crypto_plugin_kek: {get_param: BarbicanSimpleCryptoKek}
barbican::plugins::simple_crypto::simple_crypto_plugin_kek: {get_param: SimpleCryptoKek} barbican::plugins::simple_crypto::global_default: {get_param: BarbicanSimpleCryptoGlobalDefault}