4 Commits

Author SHA1 Message Date
Douglas Mendizábal
3b4d488a6a Add new options for Barbican PKCS#11 backend
This patch adds two new parameters for deploying Barbican with the
PCKS#11 backend `BarbicanPkcs11CryptoTokenLabels` and
`BarbicanPkcs11CryptoOsLockingOk`.

The patch also deprecates `BarbicanPkcs11CryptoTokenLabel` in favor of
the new option that can be set to more than one label.

Depends-On: Iba7013dd6e1b1e4650b25cd4dd8dc1f355ceb538
Change-Id: I1c5059799f613a62a13379eb82ba516a8ed3a15a
2021-04-12 08:04:18 -05:00
Douglas Mendizábal
04b4ec3866 Identify HSMs using labels instead of Slot ID
This patch adds support for two new options in barbican.conf for the
PKCS#11 backend plugin:  [p11_crypto]token_label and
[p11_crypto]token_serial_number by adding two new parameters
to the Barbican deployment BarbicanPkcs11CryptoTokenSerialNumber
and BarbicanPkcs11CryptoTokenLabel.

This patch also simplifies the use of barbican-manage to generate
the MKEK and PKEK in the HSM backend by using the values provided
in barbican.conf instead of duplicating them on the command line.

For the Thales Luna Network device, this patch uses the label
parameters to identify the partition to be used.  Because we are
using labels we no longer need to write the runtime generated
Slot ID of the HA group into hieradata.

Depends-On: I4e86e73bbdef0e16d3699cec1cc8f7e17dfb643b
Change-Id: Id05acb6516daa62279c9aade41256bcec7c5fce7
2020-11-30 14:11:10 +00:00
Douglas Mendizábal
ead85251e9 Add new Luna HSM parameter for Barbican
This patch adds a new parameter for deploying Barbican with
a Thales Luna Network HSM (LunasaClientIPNetwork).

LunasaClientIPNetwork can be used to register controller nodes
with the HSM using the controller's IP address on the given
network instead of its fqdn.

Co-Authored-By: Ade Lee <alee@redhat.com>
Depends-On: If0eb393ca970206cc95c7453641f33781eb698b2
Change-Id: I02d577939b0002b0e605ac0cbbda54e05e0b206f
2020-07-31 15:50:28 +00:00
Ade Lee
1472d971af Add support for lunasa hsm in barbican
Change-Id: Ib3e82d641d0fa9e688a8a2c3b72c1ea28a21bf88
2020-05-01 14:17:17 -04:00